By Richard Beales
NEW YORK Feb 5 (Reuters Breakingviews) - The hacks have
been hacked. The New York Times (NYT.N), the Wall Street Journal
and other media outlets have revealed network intrusions –
seemingly from China. They think the hacking is related to their
investigations of the Beijing regime. But news paranoia is only
a small part of a big story.
Defenses are necessary because electronic spying is
everywhere. The United States government does it for
geopolitical reasons and there’s plenty of evidence pointing to
industrial espionage by entities linked to the Chinese
government. Other governments, unscrupulous rivals and criminals
all see electronic opportunities.
The recent media hacking episodes have been publicized, but
Mandiant, the expert consultancy that the Times brought in, said
in a report last year that often-undisclosed attacks occurred in
industries from aerospace to energy and technology and beyond.
Mandiant also said that in 94 percent of the incidents it
studied the victim learned of the hacking from an external
source – for example a government agency.
Another finding shows that data security requires much more
than password protection. In 100 percent of the attacks Mandiant
investigated, the perpetrators used legitimate credentials. Big
defense contractors are grasping the need to detect odd activity
inside their systems, not just to prevent unauthorized access,
but other industries – even Internet-based ones – still have a
lot to learn.
The recent Chinese interest in Western media does not seem
to be financial, but online criminals are always looking for
weak links. Eugene Kaspersky, founder of the eponymous Russian
internet-security company, told Reuters in November that
cybercrime could earn crooks $50 billion or maybe $100 billion
annually. No solid numbers are available, since companies
usually prefer to hide these losses.
That may be changing. The EU may require companies to report
cybersecurity disruptions to authorities, the Journal reported
on Tuesday. And last June – appropriately writing in the Times –
Preet Bharara, the U.S. attorney for the Southern District of
New York, said that businesses "are not doing nearly enough to
protect themselves, their customers and their shareholders."
That sounds a bit like a threat. If economic and
intellectual-property losses don’t make companies read between
the lines and get a grip on hacking, legal risks might just do
SIGN UP FOR BREAKINGVIEWS EMAIL ALERTS:
- The New York Times and the Wall Street Journal are among
news outlets that have revealed in recent days that their
computer networks have been penetrated, potentially by
- In an op-ed on June 3, 2012, Preet Bharara, the U.S.
attorney for the Southern District of New York, raised concerns
about "the gathering cyberthreat" and the lack of action taken
to counter it by some U.S. companies.
- New York Times story: link.reuters.com/hyc75t
- Bharara op-ed, June 2012: link.reuters.com/jyc75t
Big hack attack [ID:nL2E8HS3U3]
(The author is a Reuters Breakingviews columnist. The
opinions expressed are his own.)
- For previous columns by the author, Reuters customers can
click on [BEALES/]
(Editing by Edward Hadas and Martin Langfield)
Keywords: BREAKINGVIEWS HACKING/
(C) Reuters 2012. All rights reserved. Republication or redistribution of
Reuters content, including by caching, framing, or similar means, is
expressly prohibited without the prior written consent of Reuters. Reuters
and the Reuters sphere logo are registered trademarks and trademarks of
the Reuters group of companies around the world.