SYDNEY, June 25 Hackers steal $160 billion worth
of intellectual property from Western companies every year,
according to cyber-security experts. The damage, they say, is
incalculable and Western governments have made it a priority to
protect their nations' commercial assets.
But try telling that to Donald McGurk, chief executive of
Australian communications, metal detection and mining technology
firm Codan, who has watched sales and prices of his
firm's metal detectors collapse since Chinese hackers stole its
designs three years ago to sell cheap imitations into Africa.
With the Australian government wary of rocking the boat
ahead of this month's historic signing of a free trade deal,
McGurk says he was forced to hire a private investigative firm
in China to stage a series of raids on counterfeit factories.
"They said you're on your own," McGurk told Reuters,
referring to the Australian government officials he lobbied to
help with his problem. The Australian government did not
immediately respond to queries about Codan.
Codan's experience provides a rare look at the longer-term
impacts of hacking on companies, as most keep the extent of an
incident under wraps. In fact, experts say many firms continue
to turn a blind eye to cybersecurity even as hackers become
increasingly sophisticated.
A PriceWaterhouseCoopers report found the average
information security budget dropped 4 percent to $4.1 million
last year, reversing a three-year trend of rising funds to
tackle cybercrime. That was even as the total number of detected
security incidents jumped 48 percent to 42.8 million globally,
PWC said.
Bryce Boland, chief technology officer for Asia at
cyber-security firm FireEye Inc, said many companies
are too focused on the reverse engineering capabilities of
Chinese companies, which allow them to copy products within
weeks of their public launch.
"They may be good at reverse engineering but they're much
better at just getting the plans during the development phase
(via hacking) and leveraging those immediately," Boland said by
telephone from Singapore.
COUNTERFEIT GOLD RUSH
Codan began to realise it had a problem when it started
receiving faulty metal detectors back into its services centre
in 2011. Those products, stamped with the Codan logo, had
unrecognizable, inferior parts.
Then the Australian Security Intelligence Organisation
(ASIO) came knocking: a Codan employee's laptop had been hacked
into when he logged on using hotel wifi during a business trip
to China. With an African gold rush underpinning demand for the
metal detectors, Codan's blueprints had been filched by a
Chinese manufacturing chain.
McGurk asked the Australian government for help, requesting
they speak to Chinese authorities, but discovered his company
was on its own. McGurk believes a landmark free trade deal with
China, recently signed after more than a decade of negotiations,
was responsible.
"No one wants to muddy the waters by putting in play
something that's negative," he said.
The company instead spent "significant sums" on private
investigators, who worked with China police to track the supply
chain of the counterfeit metal detectors.
They discovered it led to Dubai, where police raids found
"significant" numbers of counterfeit gold detectors in storage,
en route to Sudan, Guinea and Niger.
China meted out jail terms of up to two years for the
principals of three first-tier manufacturing companies in the
supply chain, while Dubai fined several players around A$5,000
($3,859.50) each, McGurk said.
Codan, meanwhile, was forced to slash the price of its gold
detectors from around A$4,000-A$5,000 to around A$2,500 to
compete with the counterfeiters.
The company's net profit fell to A$9.2 million in the year
to June 30, 2014, from A$45 million a year earlier as a result.
CORPORATE RAIDERS
China's infiltration of private online business has returned
to the spotlight this month after United States officials blamed
Chinese hackers for compromising the records of up to four
million current and former government employees.
China has called the U.S. comments irresponsible, while
President Barack Obama vowed that the U.S. would aggressively
bolster its cyber defences.
Behind these public state-level spats, many companies are
fighting a quieter battle where the front keeps changing.
FireEye said it uncovered a hacking campaign in June by a
China-based group it calls APT3, targeting organizations in the
aerospace and defense, construction and engineering, high tech,
telecommunications and transportation industries.
FireEye says APT3 engages in "phishing", a technique of
sending company employees innocuous emails containing website
addresses which trick them into downloading programs that
automatically lead to protected information. It says APT3 is
especially sophisticated because it constantly changes online
identities, making it difficult to track.
Codan is ramping up its defences. The Adelaide-based company
is introducing encrypted products, employs three or four people
to work full-time on preventing hacking-led counterfeiting and
has an Australian lawyer whose sole role is to coordinate those
efforts.
"I don't think you could ever presume it's behind you, but
now we're in a position to understand what's happened," McGurk
said. "It's like playing Whack-A-Mole. They just pop up
somewhere else."
