Texas Miracles, Shady Rats and Campaign Liabilities
The September issue of Vanity Fair magazine has an interesting piece about the growing problem of Chinese hacking. In "Enter the Cyber Dragon," author Michael Joseph Gross chronicles China's extensive campaign of cyber-espionage, the most recent iteration of which has been dubbed Operation Shady RAT, in a reference to the hackers' use of a remote access tool to penetrate corporate computer systems to steal data.
Dmitri Alperovitch, the executive at security firm McAfee who first revealed the operation (without naming China) in a blog post earlier this month, says, "I am convinced that every company in every conceivable industry with significant size and valuable intellectual property and trade secrets has been compromised (or will be shortly), with the great majority of the victims rarely discovering the intrusion or its impact. In fact, I divide the entire set of Fortune Global 2000 firms into two categories: those that know they've been compromised and those that don't yet know.
Somebody might want to tell Texas Gov. Rick Perry. The Washington Post has a story today about a Chinese telecommunications firm Perry courted (and landed) under what he refers to as the "Texas miracle" of economic growth. But besides bringing hundreds of new jobs to Texas, administration officials believe Huawei Technologies poses a serious cyber risk to the military and U.S. businesses, the Post reported.
Three times in the last three years, government agencies have blocked Huawei from acquiring or partnering with U.S. companies, and in August 2010, eight Republican senators urged the Obama administration to investigate the company's effort to sell equipment to upgrade Sprint Nextel's mobile network.
As James Andrew Lewis writes in the Aug. 15 issue of Government Executive, "Trying to manipulate the IT supply chain can be difficult and costly, but it is not impossible. Our opponents are not inept and will not sell obviously flawed products; the most likely scenario is that they will sell "clean" products and then exploit the access they gain to collect information and create a capability for disruption. The best target for a supply chain attack is telecommunications."