By Richard Beales
NEW YORK Feb 5 (Reuters Breakingviews) - The hacks have been hacked. The New York Times (NYT.N), the Wall Street Journal and other media outlets have revealed network intrusions – seemingly from China. They think the hacking is related to their investigations of the Beijing regime. But news paranoia is only a small part of a big story.
Defenses are necessary because electronic spying is everywhere. The United States government does it for geopolitical reasons and there’s plenty of evidence pointing to industrial espionage by entities linked to the Chinese government. Other governments, unscrupulous rivals and criminals all see electronic opportunities.
The recent media hacking episodes have been publicized, but Mandiant, the expert consultancy that the Times brought in, said in a report last year that often-undisclosed attacks occurred in industries from aerospace to energy and technology and beyond. Mandiant also said that in 94 percent of the incidents it studied the victim learned of the hacking from an external source – for example a government agency.
Another finding shows that data security requires much more than password protection. In 100 percent of the attacks Mandiant investigated, the perpetrators used legitimate credentials. Big defense contractors are grasping the need to detect odd activity inside their systems, not just to prevent unauthorized access, but other industries – even Internet-based ones – still have a lot to learn.
The recent Chinese interest in Western media does not seem to be financial, but online criminals are always looking for weak links. Eugene Kaspersky, founder of the eponymous Russian internet-security company, told Reuters in November that cybercrime could earn crooks $50 billion or maybe $100 billion annually. No solid numbers are available, since companies usually prefer to hide these losses.
That may be changing. The EU may require companies to report cybersecurity disruptions to authorities, the Journal reported on Tuesday. And last June – appropriately writing in the Times – Preet Bharara, the U.S. attorney for the Southern District of New York, said that businesses "are not doing nearly enough to protect themselves, their customers and their shareholders." That sounds a bit like a threat. If economic and intellectual-property losses don’t make companies read between the lines and get a grip on hacking, legal risks might just do so.
SIGN UP FOR BREAKINGVIEWS EMAIL ALERTS: www.breakingviews.com/TOPNewsSubscription
- The New York Times and the Wall Street Journal are among news outlets that have revealed in recent days that their computer networks have been penetrated, potentially by China-based hackers.
- In an op-ed on June 3, 2012, Preet Bharara, the U.S. attorney for the Southern District of New York, raised concerns about "the gathering cyberthreat" and the lack of action taken to counter it by some U.S. companies.
- New York Times story: link.reuters.com/hyc75t
- Bharara op-ed, June 2012: link.reuters.com/jyc75t
Big hack attack [ID:nL2E8HS3U3]
(The author is a Reuters Breakingviews columnist. The opinions expressed are his own.)
- For previous columns by the author, Reuters customers can click on [BEALES/]
(Editing by Edward Hadas and Martin Langfield)
((firstname.lastname@example.org)(Reuters messaging email@example.com)) Keywords: BREAKINGVIEWS HACKING/
(C) Reuters 2012. All rights reserved. Republication or redistribution of Reuters content, including by caching, framing, or similar means, is expressly prohibited without the prior written consent of Reuters. Reuters and the Reuters sphere logo are registered trademarks and trademarks of the Reuters group of companies around the world.