Critical.
Authoritative.
Strategic.
Subscribe to CIO Magazine »

Your World. . . Hacked

As your business becomes more collaborative and global, the risks to your company’s trade secrets rise proportionally. Fortunately, there are new strategies to protect the data that allows you to compete
Page:

Reader ROI

  • Why online IP theft is a growing global threat
  • Strategies for protecting crucial corporate data
  • How to craft an incident response plan

The call to Bob Bailey, an IT executive with a major US government contractor, came on an otherwise ordinary day in October 2003. "Why are you attacking us?" demanded the caller, an IT leader with a Silicon Valley manufacturer. He wanted to know why Bailey's company had launched a denial-of-service attack against his network.

Bailey (not his real name), deputy CIO in charge of IT operations, was thrown. He spent the next several hours reviewing logs and profiling systems. He discovered that someone had taken over one of the company's servers and was using it to launch attacks against other companies in the valley.

After conducting a forensic review of the drives, Bailey learned that intruders had been lurking on two of his company's servers for almost a year. These hackers, who were traced to a university in Beijing, had entered the company's extranet through an unpatched vulnerability in the Solaris operating system. As far as Bailey could tell, they hadn't accessed any classified information. But they were able to view mountains of intellectual property, including design information and product specifications related to transportation and communications systems, along with information belonging to the company's customers and partners.

[[LeftQuote:Most IT organizations approach the risk to IP the way they approach all IT security: focusing on the corporate perimeter and developing security tactics and policies from the system level up]]

"It was such a sobering experience," Bailey says, not least because three years earlier he had conducted a network security audit and patched every hole. But he hadn't done the same with the extranet.

Bailey will never know who hacked his servers. China's poorly defended servers are often used to launch attacks. He likes to believe that the culprits were a couple of students who launched the DoS attacks out of boredom, grew bored with that and went on their ways. But he knows that comforting scenario may be wrong. It's just as possible that the intruders were after his company's IP. And they easily may have got it.

(CIO agreed to Bailey's request for anonymity in order to protect the identities of his company's business partners.)

Page:

Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.

More about: Bill, Billion, Cisco, Communications Systems, Computer Security Institute, Critical Systems, CROWN, Department of Defence, eBay, Exposure, FBI, Forrester Research, Gartner, Hewlett-Packard, ING, Leader, Leader Computers, Microsoft, Motorola, Niku, SANS Institute, Starbucks, Symantec, The SANS Institute, Transportation, VIA, Vigilance, Wall Street

Comments

Post new comment

The content of this field is kept private and will not be shown publicly.
Users posting comments agree to the CIO comments policy.
Login or register to link comments to your user profile, or you may also post a comment without being logged in.
Related Whitepapers
Latest Stories
Community Comments
Latest Blog Posts
Whitepapers
  • Webcast: Innovation Driving UC Everywhere: From Mobile to the Cloud and Beyond
    Polycom announced it is acquiring HP's Visual Collaboration Business Unit, including HP's Halo products and Managed Services, and the two companies have entered into a deep strategic agreement through which Polycom will become HP's exclusive partner for telepresence and video UC solutions. This will create an end-to-end UC solution that will deliver to our joint customers an unparalleled user experience, interoperability, investment protection, and ease of deployment. Watch this webcast.
    Learn more »
  • Implementing, Serving, and Using Cloud Storage
    Organisations of all types are trying to control costs and satisfy increasing demands at the same time— demands created by explosive data growth and ever-changing regulations. To address these challenges, storage industry professionals are turning to cloud computing and cloud storage solutions.
    Learn more »
  • Chapter 1: Threats and Challenges to Enterprise VoIP
    The convergence of voice and data networks has been evolving and gaining momentum for several years. Organizations that are implementing Voice over IP (VoIP) in an effort to cut communications costs or leverage the competitive advantage of integrated services shouldn’t overlook the security risks that arise as voice and data converge.
    Learn more »
All whitepapers
rhs_login_lockGet exclusive access to Invitation only events CIO, reports & analysis.

HP and IDG news, product videos and resources