Editor’s note: This story is part of a special WRAL News report about corporate hacking.
RALEIGH, N.C. - Meat, tobacco, furniture and surgical products are just a few of the North Carolina exports booming in the Chinese market. North Carolina businesses’ secrets are also in high demand overseas, and cyber terrorism experts say many companies are not doing enough to fend off hackers.
Research Triangle Park companies employ nearly 40,000 people and are home to billions of dollars of intellectual property. Every day, those companies are targeted by hackers, with many of the attacks coming from China, security experts say.
Retired FBI agent Greg Baker has helped RTP companies deal with cyber threats and says everyone should be concerned, especially “if your retirement plan is tied to one of those 401ks.”
“Companies all across the planet are being hacked every single day. Intellectual assets are being stolen every day,” Baker said. “We have to protect what’s ours.”
One example is Nortel, which was one of the Triangle’s largest private employers with more than 7,000 workers. The telecommunications giant has since gone bankrupt, and a former executive said publicly that Chinese hackers were partly to blame.
Brian Shields, a former investigator for Nortel, told The Wall Street Journal last year that hackers spent nine years stealing company secrets, including technical papers, research and development reports, business plans, employee emails and other documents. The hackers also reportedly stole the passwords of seven high-ranking executives. The software used to compromise Nortel was so deep that no one noticed for years, according to Shields.
“That should cause a recognition to occur, that if it can happen to a company that size, it can happen to you,” Baker said. “Most of the situations I’ve seen (are) not because the hacker was so intelligent and so sophisticated, it was really poor company policy, training or a mistake.”
Hacking threats come from various countries for various reasons, including for political and financial gain, espionage and pleasure. When it comes to business secrets, though, an independent government commission estimated that Chinese hackers are responsible for about 50 to 80 percent of all stolen American intellectual property.
The key to understanding the phenomenon of hacking, especially in China, is understanding cultural differences, cyber security experts say. In China, many see hacking as being patriotic. Hackers are treated like celebrities and many believe information should be in the public domain. Chinese officials say they are cracking down, though, and recently added computer crimes to criminal law.
With North Carolina exports to China up nearly 300 percent in the past decade, according to the N.C. Department of Commerce, state business leaders say they want to build a relationship with China. Brooks Raiford, president of the North Carolina Technology Association, sponsored a seminar on June 24 for tech companies looking to do business in China.
Rule No. 1, Raiford says, is to know how the rules work in other countries. “In other cases, even the published rules are not necessarily followed, so that’s where the professional advice comes in on how to double- and triple-protect yourself,” he said.
Big corporations aren’t the only ones threatened, according to Michael Gibbons, a former head of Cyber Crime Investigation for the FBI who now does private security work for Alvarez & Marsal, a global professional services firm. Hackers are now going after businesses’ partners, such as accountants, marketing and law firms.
“They are going where the locks aren’t as secure. That’s the really scary thing, because some of those places, especially with law firms, they have just as sensitive information and, sometimes, all the keys to the kingdom,” Gibbons said. “They are the ones who are processing all the paperwork and how to file the papers to get that new patent. They are the ones who have sensitive litigation that’s ongoing with people’s personal information. It’s very much the place you’d want to go to find a honeypot of information.”
Cyber security firm Mandiant released a report earlier this year that traced 141 attacks on U.S. businesses to hackers in China. In some cases, Mandiant was able to follow hackers as they worked online. Many of the recent attacks were traced to a 12-story high rise in Shanghai.
While Mandiant says the attacks originated in that building, the hackers used fake domains registered in other cities to make them harder to trace. Those cities included Calgary, Houston, Washington and even a fake domain registered to the tiny North Carolina coastal town of Shallote.
“However, this information is not often validated. This means that certain information may be correct, out of date, or completely wrong,” said Mandiant spokeswoman Susan Helmick. “That is to say, a person can register a domain as being in North Carolina, or any other state or location, when it isn’t.”
Those fake domains give hackers another easy way in, even if a company detects and fixes one hole in its firewall.
“It took over 200 days, on average, for organizations to determine that they were compromised,” said Dave Damato, Mandiant’s director of professional services.
Businesses need to “figure out where their sensitive information is, how it’s protected, why they collect it and then get rid of it when they don’t need it anymore,” according to Gibbons.
“There are hundreds of thousands of people across the world engaged in breaking into others’ computers on a continuous basis,” Gibbons said. “I don’t see this going away in the future. In fact, the more complex our society gets and the more we rely on technology, the more vulnerabilities there are going to be. Complexity is really our enemy here.”
Reporter: Kelcey Carlson
Photographer: Greg Clark
Producer: Randall Kerr
Web Editor: Kelly Hinchcliffe
