By Bill Goodwin
21 November 2006
Senior government officials have warned businesses that foreign
intelligence services are using sophisticated electronic attacks to
steal sensitive financial and technological secrets from their IT
Overseas intelligence agencies engaged in economic espionage are
targeting UK firms for technical information and details of contract
bids from major firms, they said.
The attacks are thought to originate from countries including China,
North Korea and former Soviet states.
The National Infrastructure Security Co-ordination Centre (NISCC) said
the attacks have increased over the past 12 months.
"The scale of these attacks requires a processing capability which
suggests this is not a cottage industry. There is no sector of the
critical national infrastructure that we have not seen targeted. If all
of those attacks were successful, we are talking about huge amounts of
information being accessed," said NISCC director Roger Cumming.
"In a lot of cases the attacks aim to provide the parties with a
technological advantage, and to gain access to scientific and technical
information. In some cases there have been attacks against government."
Government security officials believe that overseas intelligence
agencies are investing significant resources in identifying people in an
organisation who have access to the data they want. They use social
engineering techniques to trick staff into opening e-mails or plugging
in USB memory sticks to infect computers with hacking tools, the NISCC
The attacks make use of unrecorded vulnerabilities, known as zero-day
attacks, which evade anti-virus and anti-spyware systems.
Intelligence officials have identified attacks against critical
businesses by monitoring news reports for information that has been
leaked about firms and matching the leaks against computer security
The NISCC has held behind the scenes talks with business groups about
the attacks, which in the past have been mistakenly attributed to
organised criminal groups. It is urging them to update their risk
management strategies to reflect the risks posed by well-funded overseas
"Understanding what is important in your organisation is crucial.
Remember, these are not random attacks. They are going after information
that is important to them," said Cumming.
Allan Paller, director of US security advisory organisation the Sans
Institute, said evidence from the US showed that foreign intelligence
services had penetrated US government computer systems.
He advised businesses to respond to threats by carrying out mock
phishing attacks within their organisations to educate staff. An
exercise by New York State found that 80% of staff fell for the e-mails,
but this was cut by half when the exercise was repeated, he said.
The NISCC, which monitors the security of firms responsible for critical
services, such as energy and transport, has appealed to businesses in
other sectors that are attacked to report it. All reports will be
treated as confidential, it said.
Subscribe to InfoSec News