‘There are three certainties in life, there’s death, there’s taxes and there’s a foreign intelligence service on your system.’ These are the words of MI5 taken from 'Espionage', the first of a three episodes series. Just days before the PRISM story broke, BBC Radio 4 sheds light on the hidden affairs of the cyber world.
The first episode has brought some interesting insights from GSHQ and the NSA. Both agencies admitted to constant and sophisticated attacks at a highly industrial scale. Naturally part of their jobs is to keep a close eye on this activity, however despite knowing who’s behind the attacks, GCHQ refused to reveal more than, in many cases, the assaults are “state sponsored”.
The U.S.A have publicly named China as the main culprit for the attacks on the country. In reference to the NSA and GCHQ Michael Hayden admits in his interview that “we steal data too…but we steal only those secrets that will keep Americans or British subjects safe and free. We don’t steal stuff to make American’s rich. The Chinese do.”This program highlights this as the main criticism made towards how China conducts itself in cyber space. Interviewees make claims that the Chinese Government are attacking private industry to advance economic growth, and that this is simply an unfair fight in terms of intelligence and budget.
The BBC balances this argument by including interviews with representative from the Chinese Foreign Ministry who deny the accusations of states sponsored attacks on private industry and Dr Huang Huikang, states that in fact “China is one of those countries suffering most from hacker attacks.” Claims are made that America is using China as a smoke screen, trying to distract attention from its own offensive cyber strategy and that the USA has a dangerous amount of control over cyber space.Away from the heavy politics, interesting insights into how private companies are being affected proves that cyber-attacks are clearly no longer confined to the Defence sector. Iain Lobban, director of GCHQ, talks about how many private organisations do not even know that they have been breached until GCHQ tells them. This is worrying when you consider the damage that can be done. Case studies from Nortel and Art Coviello, at RSA, put into perspective the damage that these attacks can cause to a business.
RSA provide a device which allows employees to log onto their work computers remotely. Hackers looked at the weakest link in the supply chain, and sent legitimate looking emails, from legitimate looking people within the supplier organisation. Inside there was malware that fanned out across the entire network. This has caused a slow-down of about 6 to 9 months and the corporate parent took a charge of $66 mil in the second quarter.
In the case of Canadian Telecoms giant Nortel, the company filed for bankruptcy and though this can’t be blamed entirely on the cyber-attacks, the persistent extraction of sensitive competitor information over a 4 year period, described by a former technical security adviser for the company Brian Shields, would have definitely had an impact. This level of insight offered by Art and Brian is unusual but welcome considering most companies only volunteer vague information, fearing the risks of damage to their reputation.
Other highlights include an interview with William Hague and insights into the working hours of hackers. The next episode will be called 'Sabotage and Supervision'.