Someone, perhaps the Chinese government itself, has been trying not only to read e-mail accounts on Google's Gmail but steal the company's corporate secrets through sophisticated online techniques.
Major corporations are confronting a new era of cybercrime, as The Christian Science Monitor's exclusive story on electronic spying in the oil and gas industry vividly shows. Yet many don't realize the full extent of the threat they face. Worldwide, $1 trillion in intellectual property was stolen online in 2008, according to one study.
The new cyberspies are among the elite of cybercrime, on the prowl for trade secrets and technical know-how. The identities of the attackers can be hard to trace, but many are likely to be governments or their surrogates. (The Chinese government strongly denies any involvement with the Google espionage.) The human spy on the scene is being replaced by cybersleuths at a computer terminal.
The oil and gas industry has seen "real, targeted attacks on our C-level [most senior] executives,” says one oil company official. “Industrial espionage has moved from the real world to the cyberworld,” says Greg Garcia, a cybersecurity expert in the Bush administration. “Any country that wants to support and develop an indigenous industry may very well use cyberespionage to help do that.”
Organized cybercriminals are beginning to operate much in the fashion of drug cartels, with elaborate international ties. One common attack is to send e-mails or instant messages that appear to be from a colleague to key personnel, such as technical managers, asking them to click on a link. Once that's done, the criminals exploit a flaw in the browser that lets them take over that computer and poke around the company's network for valuable information.
Another ploy involves scattering pocket USB sticks with the company logo in the parking lot of a corporation. Employees place them in their computers to see what's on them and inadvertently load hidden spy viruses, which spread elsewhere.
Corporations need to more fully acknowledge the threat and step up their defenses. And President Obama's new "cyber czar," Howard Schmidt, tasked with strengthening the nation's online security, now has fresh reasons to place industrial espionage high on his agenda, too.
As US Secretary of State Hillary Rodham Clinton said in a speech on Internet freedom Jan. 21, "Countries or individuals that engage in cyberattacks should face consequences and international condemnation."