Critical.
Authoritative.
Strategic.
Subscribe to CIO Magazine »

Your World. . . Hacked

As your business becomes more collaborative and global, the risks to your company’s trade secrets rise proportionally. Fortunately, there are new strategies to protect the data that allows you to compete
Page:

Reader ROI

  • Why online IP theft is a growing global threat
  • Strategies for protecting crucial corporate data
  • How to craft an incident response plan

The call to Bob Bailey, an IT executive with a major US government contractor, came on an otherwise ordinary day in October 2003. "Why are you attacking us?" demanded the caller, an IT leader with a Silicon Valley manufacturer. He wanted to know why Bailey's company had launched a denial-of-service attack against his network.

Bailey (not his real name), deputy CIO in charge of IT operations, was thrown. He spent the next several hours reviewing logs and profiling systems. He discovered that someone had taken over one of the company's servers and was using it to launch attacks against other companies in the valley.

After conducting a forensic review of the drives, Bailey learned that intruders had been lurking on two of his company's servers for almost a year. These hackers, who were traced to a university in Beijing, had entered the company's extranet through an unpatched vulnerability in the Solaris operating system. As far as Bailey could tell, they hadn't accessed any classified information. But they were able to view mountains of intellectual property, including design information and product specifications related to transportation and communications systems, along with information belonging to the company's customers and partners.

[[LeftQuote:Most IT organizations approach the risk to IP the way they approach all IT security: focusing on the corporate perimeter and developing security tactics and policies from the system level up]]

"It was such a sobering experience," Bailey says, not least because three years earlier he had conducted a network security audit and patched every hole. But he hadn't done the same with the extranet.

Bailey will never know who hacked his servers. China's poorly defended servers are often used to launch attacks. He likes to believe that the culprits were a couple of students who launched the DoS attacks out of boredom, grew bored with that and went on their ways. But he knows that comforting scenario may be wrong. It's just as possible that the intruders were after his company's IP. And they easily may have got it.

(CIO agreed to Bailey's request for anonymity in order to protect the identities of his company's business partners.)

Page:

Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.

More about: Bill, Billion, Cisco, Communications Systems, Computer Security Institute, Critical Systems, CROWN, Department of Defence, eBay, Exposure, FBI, Forrester Research, Gartner, Hewlett-Packard, ING, Leader, Leader Computers, Microsoft, Motorola, Niku, SANS Institute, Starbucks, Symantec, The SANS Institute, Transportation, VIA, Vigilance, Wall Street

Comments

Post new comment

The content of this field is kept private and will not be shown publicly.
Users posting comments agree to the CIO comments policy.
Login or register to link comments to your user profile, or you may also post a comment without being logged in.
Related Whitepapers
Latest Stories
Community Comments
Latest Blog Posts
Whitepapers
  • Protecting Generation Web
    From data privacy to personal safety issues, cyber-bullying, inappropriate content and malware, schools are facing an increasingly difficult task when it comes to allowing young people to spread their online wings without compromising their safety and personal development. The reality that most schools are catering to the needs of mixed age groups and abilities, and it’s easy to understand why a simple stop and block approach won’t work. Learning environments are, by nature, flexible. It stands to reason that the IT resources used in them should be flexible too. Read on.
    Learn more »
  • Enterprise Buyers Guide for Tablets
    In this enterprise buyers guide Computerworld provides a framework for assessing the suitability of tablet computers with different work styles and demands. The guide takes into account upgrade cycles, pricing and contract issues with telecommunications providers. It features a shopping checklist covering screen types, connectivity and hardware as well as a guide to application management. This is in addition to a full roundup of the major players including road maps for the most popular operating systems.
    Learn more »
  • Oracle Database 11g for Data Warehousing and Business Intelligence
    Oracle Database 11g is a comprehensive database platform for data warehousing and business intelligence that combines industry-leading scalability and performance, deeply integrated analytics, and embedded integration and data-quality -- all in a single platform running on a reliable, low-cost grid infrastructure. Read on.
    Learn more »
All whitepapers
rhs_login_lockGet exclusive access to Invitation only events CIO, reports & analysis.
Recent comments