Archives For china

dollardataCredit Card Data Is A Commodity…It’s The Company Secrets That Profit

How Secure Is Your Data – What About China?

The big companies have had their share of horror stories with credit card theft this year, but are you and your customers watching the trends in Espionage?  Earlier this month I interviewed a couple of former NSA agents to give technology providers some insights into cybercrime trends and a war we are all involved in.  Summer Worden, one of my guests on the SVLC Insider’s Circle Program talked about Russian and China, revealing some of the hidden agendas and what to expect in the future.  Much of this is driven by Economics according to Worden.  China’s economy needs more innovation, and what better way to get it than to take it from the United States?

Espionage Is Hitting Businesses Right Now

This week in the Wall Street Journal, FRANK J. CILLUFFO AND SHARON L. CARDASH gave us more on this. Here’s a sound bite that should shock us; “The FBI reports a significant spike in its number of economic espionage cases: a 53% increase just this past year.”  Where is this coming from and what’s driving it?

According to the article, “Randall Coleman, the head of the FBI’s counterintelligence division, told the Wall Street Journal in July that much of the suspicious activity is performed by Chinese companies against U.S. firms and that the Chinese government plays “a significant role” in the attempted theft of trade secrets.”  Espionage, as pictured in movies is generally dealing with government data – like the recent OPM hack I wrote on a few weeks ago.  But this is about business. These are companies, targeting companies that have new ideas, strategies, and innovations that the competition in China will benefit from.

In Kevin Mitnick’s book, The Art of Deception, he shares the tale of a businessman entering a small business responsible for developing high tech manufacturing equipment. The man approaches the front desk asking to see the president of the company. The receptionist informs him that the president is out of the country and unavailable. At that point the businessman begins to fumble through his planner, double checking his meeting.  He’s flown in from out of town, and is supposed to be meeting the president to discuss a joint venture. There must be a mistake!

In a last ditch effort, he asks if the development team is in – perhaps he can take them out to lunch to review the plan he and the president have come up with.  They agree, and into the development area he goes. They spend several hours discussing the latest drawings and plans – the company’s latest top secret innovations. The businessman takes a few pictures, and heads out, promising to reconnect next week when the president returns.

You probably guessed – but when the president returns, and the team reviews their recent meeting, the president has no idea who they are talking about. This is a case of economic espionage, and chances are the business guy is now back in his own lab building a “Copy-Cat” product with only a few months of R&D vs. the decade the first company spent developing these ideas.

No Need to Go Onsite

Like your evolving managed services program (if you are an MSP), you no longer have to go onsite to do your work…the same is true when it comes to stealing company secrets. As the WSJ article states, “If you place yourself in the shoes of those playing economic catch-up, why invest millions in R&D if you can simply steal it at a fraction of the cost, especially with just a few clicks of a mouse?”. Now that everything is connected and online, stealing information is simple.

Cilluffo and Cardash rightly point at that,  “The theft of intellectual property and trade secrets destroys jobs in this country, and undermines the nation’s economic competitiveness by striking at the heart of U.S. innovation.” And in this case, nation states are behind these acts of war!  Years ago I read in another WSJ article, “This is a slow sifting of the American Economy,…and because it lacks the alarming explosions and bodybags, no one is really paying attention.”  At some point we will find our bank accounts empty, and our businesses collapsed.

No One Is Claiming Responsibility, But Who’s Investigating This?

Terrorists claim responsibility when they blow things up. They want us to be afraid. In a war, the opposing country generally announces their demands and threats of invasion. In this case, the thief is not interested in being known – they have no demands. They are looking for a competitive advantage. It’s to their benefit that no one know what they are up to. If they can silently get away with strategic information, they can recreate a product in their own lab, with a fraction of the required investments in time and money. With their copy-cat product in hand, they are now able to sell it at a fraction of the cost. Recovering their investment is easy – they didn’t spend their own money on this invention.

What to Do About It

In the WSJ Article, the writers tell us, “Recent reporting suggests that the Administration is striving to craft an innovative and calibrated response to the OPM hack in light of its scale. This is a significant development in the ongoing match of Spy vs. Spy on steroids. An equally compelling answer is needed to China’s economic espionage against the United States. Time is money in this context — but more importantly, it is national security.”

It’s true, our government needs to get on this. In a recent Presidential speech I heard Obama say that our greatest threat right now is environmental…I have to respectfully disagree.  Without a doubt, I believe it’s cybercrime – Hacktivists, Nation States, and Cybercriminals.  All three are attacking everything from your personal data, to company innovation, to our nation’s intelligence.  As a technology provider I want to encourage you to start educating your clients – everything must be secure, and it can’t wait for the next budget cycle or a government mandate.  Like a doctor sharing the diagnosis of cancer with a patient, it’s up to us to convince them to begin treatment. This is not about insurance, it’s about preservation.

“Those who say they have it covered are either ignorant or lying to you.” – A quote from my most recent book, The House & The Cloud 2nd Edition.

HC Image

© 2015, David Stelzl

P.S. If you want more on how to convince your customers they need better security, this book explains how to do it…(click to see it on Amazon.com).

Advertisements

U.S. Eyes Pushback On China Hacking

Reads the headline in today’s tech section of the Wall Street Journal.  Over the past several months there have been numerous articles published in the Journal – some saying this is real, others denying it…I appreciate one article stating that these attacks are small enough for our government to ignore, so that there is no one single incident demanding a response, but big enough to threaten the long term viability of some of the major companies in the US.  In another Journal article I read, “All major US companies have been successfully compromised…”  Where is this all headed?

Companies who insist “They’ve got it covered…” are in trouble in my opinion.  No company is really impenetrable.  In fact, the idea of using a pen-test to show your clients that their data is safe is a false sense of security.  A failure to break in simply shows the incompetence of the pen-testing team.  It certainly doesn’t mean the company is well secured.

In today’s article the Journal reports – “The Obama administration is considering a raft of options to more aggressively confront China over cyberspying,…, a potentially rapid escalation of a conflict the White House has only recently acknowledged.”  The key phrase here is, “Only recently.”  Why have government officials denied this for so long?  Perhaps for political and economic reasons. The Journal states it like this, “Before now, U.S. government officials and corporate executives had been reluctant to publicly confront China out of fear that stoking tension would harm U.S. national-security or business interests.”

Why are the Chinese on the attack?  “China is stealing trade secrets as part of plans to bolster its industry.”  It’s simple, the US has a greater capacity for innovation.  By invading company’s intellectual capital, other nations can cut thousands of man-days out of the R&D process.  Google, EMC, RSA New York Times, Wall Street Journal, and many other well-known companies, along with many federal organizations including the Pentagon, have reported problems traced back to China in recent years.  However, things like “dependency on China to underwrite U.S. debt and to provide a market for U.S. businesses,” have allowed these nation-state sponsored attacks to go unchallenged.

Recently our government officials have come out saying, “Cybersecurity threats are the greatest threat to our security—economic security, political security, diplomatic security, military security.”  No matter how big your customers are, cybersecurity is something you want to understand and engage them in.  We’ll be covering more on this threat in the coming weeks as we approach the May, Making Money w/ Security workshop.  I’m looking forward to seeing you there.

© 2013, David Stelzl

Photo Taken By Hannah Stelzl

Don’t forget to sign up for tomorrow’s webinar – Leveraging the Discovery Process! See yesterday’s post for the link to sign up.

We’re back from a week in Nashville – all 9 of us attended this years Nashville Home school conference where I presented two sessions, one on building an entrepreneurial mindset and a second on starting businesses (topics I also recently presented at a Dallas Texas Home School Conference)…Some highlights from my time in TN:

1. I had an enlightening conversation with a family from China.  The father’s perspectives on innovation, the US economy, and future business developments in China were very interesting and insightful.

2. I also spoke with another person responsible for the development of China’s junior achievement program and instrumental in introducing Peter Senge, author of the Fifth Discipline, to many businesses in his country.

3. One session I attended provided excellent steps on avoiding procrastination – something everyone needs to take to heart if they want their business to grow.

4. Another session focused on building systems.  He talked about the importance of systematizing every aspect of our business and building disciplines around productivity, finances, and even interpersonal relationships.

5. Finally, I enjoyed visiting the pool each night with my children – along with many other families attending the conference.

© 2011, David Stelzl

More on Cloud Computing and Google in today’s WSJ:  These sound bites are relevant when selling against cloud computing giants that threaten to take over your business:

1. Google apps = Cloud computing.  Let’s not mix words here…this is cloud computing. This is not about Google – it’s about any major online target that causes someone outside the company to want or need something inside.

2. China is not happy with Google – this could be anyone not happy with a company you are dealing with such as customer dissatisfaction issues.

3.”gained access to computer code for the software that authenticates users of Google’s email, calendar and other online programs,…”  Simply put, online programs means Google applications that may contain personal or business related content.  Google hosts email for businesses and individuals, as well as a number of online apps that are used in both cases.

4. Hundreds of companies…it’s spreading:  Quote from the Journal…

“But some security experts suspect a group of attackers that has penetrated hundreds more companies since Google went public with its attacks in January. “The exact same group has been exceptionally active,” said one person familiar with the attacks Google announced.

The group, which is believed to be Chinese and has been identified by investigators by its attack methods, has broadened its victims to include law firms and utility companies, this person said. It’s been penetrating companies at a rate of at least 20-50 new companies a week, this person added.”

Also note my video comments following a recent talk I did on protecting assets to Tampa based business leaders: https://davidstelzl.com/2010/03/30/tampa-event-post-interview-part-ii-cloud-computing/

© David Stelzl, 2010

New York Times posted  this recently – And thanks to Fred at HP for sending this.  Yahoo email hacked!  Again, China is mentioned as the hacker’s origination.  For those of you fighting against people moving to the cloud – keep these articles in front of your clients!  I spoke about this in an interview a few posts down…creating large targets like Google and Yahoo, with all of our data, just doesn’t seem prudent to me.  Read more here: http://www.nytimes.com/2010/04/01/world/asia/01china.html

In the second half of this interview Nate and Kelly ask the killer question…”what about cloud computing?”  Listen in and see what I say about it.

IT almost always has it covered, yet the Pentagon’s systems have been successfully penetrated mulitple times over the past three years.  Don’t take, “We’ve got it covered”, as the final answer when talking to companies about security.

This time it’s the F35, a plane in testing and preparing for battle.  My favorite quote from this article is, “Northrop referred questions to Lockheed”.  A common problem…remember the data is not really in the data center, so where is it?  It’s on contractors unsecured networks, laptops, and home networks.  Northrop Grumman is working under Lockheed on this one, so they refer questions back to the prime contractor…pointing fingers will not solve this problem.

The important facts from this article are these:

  • 18,050 government-focused cyber attacks were reported over the year 2008. I read this as people who got in. (remember the pentagon is hit millions of times every day).
  • Computer spies have broken into the Pentagon’s $300 billion Joint Strike Fighter project
  • The Air Force’s air-traffic-control system has also been breached in recent months – the article alludes to the idea that fighter pilots could be compromised, not being able to trust their radar systems. That can’t be good.
  • This is one of multiple breaches against this particular project – the F35 Joint Strike Fighter.
  • China is named as the likely intruder – but that can’t be because China doesn’t allow this sort of activity.

Remember, when someone says they have security covered, especially those working in small and medium sized companies, companies that don’t staff high-end security personnel, they just don’t understand security.  It’s an opportunity to find the asset owner and show them the truth.

The details follow from the WSJ: http://online.wsj.com/article/SB124027491029837401.html#mod=whats_news_free?mod=igoogle_wsj_gadgv1