The Global IP Threat Landscape
The most widely known cybercrimes have to do with the theft of customer information and credit card fraud. But the cost of lost customer information could pale in comparison to the long-term damage done when a hacker targets a company's critical IP, says Borg.
According to the 2006 Computer Crime and Security Survey by the FBI and the Computer Security Institute, theft of proprietary data and unauthorized access to information are among the four most common sources of loss due to cybercrime (along with viruses and hardware theft). Although the survey did not report any increase in losses due to IP theft, the authors note such costs are hard to measure accurately. Security experts assume, however, that the losses are significant.
"We've seen a big shift in the last two years to more sophisticated, stealthy attacks," says Gartner VP and Security Research Fellow John Pescatore. Sometimes, he says, the aim is purely financial — hijack some data and get the company to pay you to return it; or steal a customer database and sell the personal identification to whoever will pay for it. "Other times, it's industrial espionage. And as people started to look at where those targeted attacks were coming from, they found they were coming from all over the world." Experts point to China, Russia, France and Israel as big players in this black market.
CIOs may be less aware of the threat to IP than to their systems, and therefore less prepared to protect the former. "Companies are thinking about worms and viruses, things that will not have very bad consequences and have always been wildly exaggerated," says Borg. "Or they're thinking about ID theft, which attracts a lot of attention, even though the number of cases is remarkably low."
There's a difference, too, in the systems an intruder looking for corporate secrets may target. IP thieves "won't necessarily look at obvious financially sensitive areas", says Borg, thereby escaping detection. "They may be looking at technical data, controls systems, automation software." And the results of IP theft can be hard to see — a slow degradation of one's competitive position in the market may easily be attributed to other, noncriminal factors.
Until recently, the most conclusive public evidence that sustained industrial espionage has taken place in cyberspace has come from the military. Titan Rain was "the most systematic and high-quality attack we have seen", says Ira Winkler, author of, most recently, Zen and the Art of Information Security. Chinese hackers successfully breached hundreds of unclassified networks within the US Department of Defence, its contractors and several other federal agencies. One Air Force general admitted at an IT conference last year that China had downloaded 10 to 20 terabytes of data from US DoD networks.