beyondzerosum

McAfee Vice President of Threat Reseach Dmitri Alperovitch

While we spend billions on new fighter jets, refueling tankers, drones and other robotic fighting machines, there is another war going on that is invisible to all of us.  Dmitri Alperovitch, VP of Threat Research at McAfee Security (not exactly some independent hack blogger) has just posted a spine chilling report about a long-term concerted, concentrated (and apparently, successful) effort to steal vital corporate and government secrets:

“I am convinced that every company in every conceivable industry with significant size and valuable intellectual property and trade secrets has been compromised (or will be shortly), with the great majority of the victims rarely discovering the intrusion or its impact. In fact, I divide the entire set of Fortune Global 2000 firms into two categories: those that know they’ve been compromised and those that don’t yet know.”

He goes on to say:

“the majority of the recent disclosures in the last six months have, in fact, been a result of relatively unsophisticated and opportunistic exploitations for the sake of notoriety by loosely organized political hacktivist groups such as Anonymous and Lulzsec. On the other hand, the targeted compromises — known as ‘Advanced Persistent Threats (APTs)’ …[that] we are focused on are much more insidious and occur largely without public disclosures. [Emphasis added] They present a far greater threat to companies and governments, as the adversary is tenaciously persistent in achieving their objectives. The key to these intrusions is that the adversary is motivated by a massive hunger for secrets and intellectual property; this is different from the immediate financial gratification that drives much of cybercrime, another serious but more manageable threat.

And perhaps most disturbing:

What we have witnessed over the past five to six years has been nothing short of a historically unprecedented transfer of wealth — closely guarded national secrets (including from classified government networks), source code, bug databases, email archives, negotiation plans and exploration details for new oil and gas field auctions, document stores, legal contracts, SCADA configurations, design schematics and much more has “fallen off the truck” of numerous, mostly Western companies and disappeared in the ever-growing electronic archives of dogged adversaries. 

Unfortunately, the way our Military-Industrial-Governmental complex works, it will be very difficult to get adequate funding to counter these threats.  And it goes beyond the very real budget issues the US faces.  Frankly, cyber war is invisible.  And that ain’t good.  The M-I-G depends on blowing things up.  Why? 

1. Citizens need to be able to see and feel the threat;
2. They need to see the results of our troops (or at least, our really cool technologic equipment [drones, robots, etc.]) in action (remember, “Shock & Awe” – better than a Navy Pier fireworks show, eh?); and
3. Most importantly, when things get ‘blowed up’, they have to be replaced – which means the military has to buy more stuff.  For example, a single cruise missile costs approximately $1.2 million dollars.  It is reported that on the first night of the Libyan action, approximately 80 missiles were launched at Tripoli.  80 missiles doesn’t sound like much – but in about 8 hours, our government spent $100 million dollars.  [Come on Tea Partiers – where is your outrage?]

This is a serious stuff…

Related articles

• McAfee Warns of Massive 5-Year Hacking Plot (pcworld.com)
• McAfee: Hackers Compromised 72 Organizations Since 2006 (pcworld.com)
• Security Firm Identifies Global Cyber Spying (nytimes.com)