China denies accusations that its military is leading the way, but whoever the intruders are, they are using new technologies to steal large volumes of intellectual property.
Companies need data dieting to fend off appetites of cyber criminals
Cyber hackers may be attacking the UAE with new security threats designed to take advantage of the increased adoption of new technologies such as cloud computing and mobile communications, if reports are to be believed.
According to a report by the cyber-security company Mandiant, which was founded by the former United States air force cyber forensics investigator Kevin Mandia, the UAE is a prime target for cyber espionage emanating from China.
Mandiant claims to have traced a series of hacking attacks around the world to a unit of the Chinese People's Liberation Army. Outside North America, the main focus of the attacks, the alleged Chinese army hackers have concentrated on 13 other countries including the UAE. The Chinese foreign ministry, however, rejected the accusations yesterday.
But whatever the source, the intruders launch well-defined attacks that apparently have been honed over years and designed to steal large volumes of valuable intellectual property.
The hackers revisit the victim's network to steal technology blueprints, proprietary manufacturing processes, test results, business plans, pricing documents, partnership agreements and emails plus contact lists.
Alan Brill, the senior managing director of the security firm Kroll Advisory Solutions, says new internet technologies such as cloud computing, the increasingly prevalent practice of hosting all company data on remote computer banks managed by a third party, also present new dangers.
"We now have a lot of technology partners we don't think about. Are you using cloud storage or processing services? How do they protect your data? Where do they store it? Are they using data centres in countries with limited cyber-crime laws?" says Mr Brill.
He adds that in some companies, departments are making deals with cloud providers without reference to the central IT department and without even going to the company's legal counsel for advice.
The malicious computer software that was used to attack Middle Eastern oil companies last year, reportedly erasing data on three quarters of Aramco's corporate personal computers, is now being used to steal corporate information, often without the victim's knowledge, reports Kroll. "The hackers are taking advantage of so-called 'zero day' exploits, which are so new that defensive systems - like antivirus scanners - can't recognise them," says Mr Brill.
As well as the new generation of "zero day" attacks that exploit a previously unknown vulnerability in a computer application, hackers send seemingly innocent emails to company employees to obtain information such as passwords and user names, a process known as "phishing". Often the emails link to a bogus website.
"They craft a very well-built phishing email that links to a drive-by malware site that creates an infection simply by visiting it. The email itself seems benign, and is not stopped by filters," says Mr Brill.
Kroll says the hackers are also using increasingly sophisticated tools such as a form of attack called an "SQL injection" to bypass target organisations' built-in security measures. "The hacker sends a string of data to your system via a regular internet connection that contains commands to your database. If you're vulnerable, your database answers them, and you can lose tens of thousands of records," says Mr Brill.
Kroll says it essential that all organisations take measures to protect themselves from malicious hacking attacks.
"With the advent of the internet, everyone connected to it is on the front lines of the battle. If you're not taking defensive steps, you should expect to be hacked," says Mr Brill. "Even worse, you might be hacked and not know it."
In addition to traditional security software patches, Kroll recommends a line of cyber defence called "white listing", which limits the programmes an organisation's computers will run to those on a pre-approved list. If the programme is not on the list, as would be the case with a malicious hacking attack, it will not run. Kroll also recommends that companies limit access to their data by measures such as restricting the number of "privileged" internet accounts they allow.
Another recommendation is that companies go on what is called a "data diet", which means identifying and keeping only that data which is needed. Many organisations keep vast digital stores of outdated information.
But Kroll believes that, despite the current publicity surrounding large-scale attacks, such as those allegedly carried out from China, the real threat still comes from company insiders.
Michael Du Bose, a managing director at Kroll, says "insiders, not outside hackers, are involved in more than two thirds of all cyber cases involving theft of intellectual property".
Malevolent insiders can take the form of disgruntled employees, opportunists, or contractors.
"Statistics only go so far in describing the severity of risk caused by this particular type of cyber threat. Real-life examples paint a more complex and persuasive picture," says Mr Du Bose.
"The FBI doubled the number of trade-secret arrests in the last four years, and the overwhelming majority of those prosecutions involved insiders."