Google Hack Lesson: Hackers More Sophisticated, Better Funded Than Ever
The lessons learned from Google's troubles with security in China: if your company is important enough, you've probably been hacked already with an attack so sophisticated and untraceable that you won't find out until the damage has been done. If your company does work in China, you can comfortably delete "probably" from that last sentence.
That disconcerting appraisal comes from computer security firm Mandiant as found at Wired's Threat Level blog. According to the company's CEO, attacks on computer networks have changed from showy affirmations of skill to stealthy espionage, using a technique called Advanced Persistent Threats (APT) to exploit holes in security with quiet infiltration, patient sleeper cells, and almost undetectable slow leaks of information out of the network.
The information that escapes inevitably ends up in China, according to Mandiant CEO Kevin Mandia. If your company is based in China, there's almost no chance you haven't been hacked already and your information compromised. Mandia suggests the attacks aren't exactly criminal in nature, leaving the door open for other instigating agents like governments.
While the attacks may not be entirely preventable, they can be lessened by training your employees to not open suspicious or unexpected attachments or Web links as part of a comprehensive security policy.
Google is not named directly in the report, but the details of the report and the Google case are so similar that it is understandable that Google would seek assistance from the US National Security Agency to secure its systems.
Image courtesy Flickr user morgan.davis