By Matt Hines
September 04, 2007
The Chinese government has denied involvement in a series of hacks
carried out against IT systems at the Pentagon in June this week, but
the threat of technology-driven espionage has forced the FBI to push
businesses and academic institutions to better prepare for such attacks.
Little publicly-available evidence exists to prove that foreign
governments have backed or planned to launch attempts to steal
intellectual property from U.S. corporations and researchers, but
officials with the FBI claim that the problem is real and that American
organizations must begin policing their operations more aggressively
today to prevent valuable data from being stolen tomorrow.
In October, the FBI's Counterintelligence Domain Program -- which aims
to foster cooperation between the agency and private entities to help
organizations identify and protect potential intelligence risks -- will
mark its first year in existence.
The program is already making significant steps in helping to close the
gap between businesses and law enforcement to defend intellectual
property from being left vulnerable to potential theft, FBI officials
"In the past, we've always been reactive to this type of scenario and
essentially showed up after the fact to bring resources to bear on this
type of crime, but we want to be more proactive to help businesses and
academic institutions protect themselves before an incident occurs,"
said Tom Mahlik, who serves as chief of the Domain program for the FBI.
"We've always responded aggressively to traditional espionage with
investigation, such as with the theft of national secrets, but those
cases really represent counterintelligence failures where the secrets
are already in Beijing or Moscow and where valuable new technologies or
intellectual property would already be gone," he said.
Counterintelligence efforts rank second on FBI Director Robert S.
Mueller's current strategic agenda, sandwiched below counterterrorism
work and above the fight against all forms of cyber-crime, according to
Thus far, the Domain project has materialized primarily in the form of
relationships built between the leaders of the agency's 56 individual
divisions and the leading corporate entities and research groups
identified by those units as organizations that control data that
criminals and governments could try to get their hands on.
For instance, companies handling sensitive government work -- such as
defense contractors and large IT systems integrators -- have already
joined in the effort, Mahlik said. The program will be expanded over
time to pull more companies into the fold that are developing
cutting-edge technologies and other products that are considered to give
the U.S. a technological or business-related advantage.
Those relationships, and training seminars held by the FBI in the name
of expanding Domain, are aimed at identifying any research, information,
or technologies that might be targeted by U.S. adversaries -- and to
establish an ongoing information exchange among the program's members to
improve protections and reduce opportunities for theft.
As for the current state of involvement of foreign nation states,
including large terrorist groups, in intellectual property theft, the
FBI refuses to share specific examples or hard data, but Mahlik said
there should be little doubt that the problem exists.
"The FBI is well aware of deliberate targeted attacks that were aimed at
stealing sensitive data from organizations, including NASA, the
Department of Defense, and individual defense contractors," said the FBI
expert. "We're still trying to deduce the magnitude of the problem, and
a lot of that has to do with what we've dealt with in terms of
investigating any ex-filtration of data and where it has ended up."
Mahlik said that two of the most significant trends feeding the need for
corporate counterintelligence are offshore outsourcing and the heavy
flow of foreign engineering talent into U.S. corporations and research
While it remains hard to prove that foreigners are being trained
specifically with the purpose of infiltrating U.S organizations to steal
valuable data, he said that the concept is very real.
"This isn't about traditional spies anymore; the engineer, student, or
business partner are the threat now, and these people are being given
increased access to corporate secrets, intellectual property, and
pre-patent research information at universities," Mahlik said. "These
types of people are being actively used to ex-filtrate key pieces of
information back to their homelands as there is always a race to
establish a competitive advantage."
Data security in a global market
David Drab, principal for the Information & Content Security group at
Xerox, said that companies are increasingly coming to the imaging giant
looking for new ways to label sensitive information and track its flow
among users in the workplace and throughout their supply chains.
Before joining Xerox, Drab served at the FBI for 27 years and observed,
among other things, the flow of former KGB agents in former Soviet
states into criminal organizations.
A good number of those intelligence experts were trained in the art of
finding holders of sensitive corporate and national defense information
and trying to liberate the data, he said, and many are likely employed
in efforts to steal whatever plans they can sell to others for a profit
"This is why you have Wal-Mart hiring former government intelligence
officers. It's not about spying so much as it's about identifying
business risk and what is occurring with competitors in the global
environment," Drab said. "These companies are creating separate entities
from traditional security or IT security to allow management to identify
people internally who might have access to high-level information or
might be targeted by competitors or foreign entities."
Drab points to the 2001 indictment of two Japanese-born individuals
accused of stealing research on Alzheimer's disease from the Lerner
Research Institute (LRI) in Cleveland as proof of the need for
One of the accused researchers subsequently pled guilty to charges of
misleading investigators looking into the situation, while another, who
returned to Japan to work for a quasi-government agency working on
Alzheimer's research, was unsuccessfully sought for extradition to the
U.S. to face trial.
Among the tools developed by Xerox to help trace the use of paper
documents, one of the hardest data formats to track, are gloss marks and
infrared stamps used to create a trail of evidence as to who might have
accessed, printed and walked off with sensitive data when copies of any
stolen documents are recovered.
Large companies like financial services institutions have also begun
speaking publicly about the problem of international cyber-theft, saying
that they are already working to deal with the problem.
At the Usenix Security Symposium held in Boston in August, Jerry Brady,
global head of IT security at New York-based financial giant Morgan
Stanley, outlined the threat of foreign attack as a current business
reality. He specifically cited emerging activity in the Far East as
"Sometimes the threats are coming from the governments themselves in
different parts of the world," said Brady. "The people who want to harm
us drives a lot about how we think of security awareness. We do a lot of
monitoring and threat intelligence to tell who our adversaries are today
and who they will be tomorrow."
When asked if the government has done enough to help companies like
Morgan Stanley deal with the issue, Brady said that the firm's
relationship with law enforcement officials has improved over the last
several years, specifically around intelligence gathering regarding new
However, he said that companies cannot rely on the government alone to
watch out for their interests overseas.
"It's popular to pin this issue on the government, but we in private
industry need to play an even bigger role in addressing the problem,"
said Brady. "Every time we go into a new country we have to do a risk
assessment, every country has its own IP protections and concepts and we
know that; we know the countries where ex-KGB Soviet Bloc resources have
ended up, and where we need to be even more vigilant."
Attend HITBSecConf2007 - Malaysia
Taking place September 3-6 2007 featuring seven tracks of technical
training and a dual-track security conference with keynote speakers
Lance Spitzner and Mikko Hypponen! - Book your seats today!