Part of the fall-out from WikiLeaks was the Anonymous.com attack on various organizations. One of the entities attacked was HBGary, a firm that provides cyber-security advisory services and products to government and industry. Bloomberg News reports on the contents of some of the 60,000 emails that were stolen from HBGary. These emails show that spear-phishing is a much larger problem than had been previously acknowledged. Bloomberg reports:
Security experts say that the hackers’ techniques now surpass the ability of even the most sophisticated companies to catch them easily. The e-mails show that hackers routinely bypassed firewalls with so-called spear-fishing e-mails that target executives, tricking the companies’ own employees into downloading malicious software and infecting their own networks.
Bloomberg reports that previously undisclosed spear-phishing attacks have hacked networks of many prominent companies including:
Baker Hughes Inc.
DuPont
Walt Disney Co.
Sony Corp.
Johnson & Johnson
General Electric Co
Exxon Mobil Corp.
Royal Dutch Shell Plc
BP Plc
ConocoPhillips
Marathon Oil Corp
Morgan Stanley
QinetiQ Group Plc (QQ/), a London-based defense company
Alliant Techsystems Inc., a smart weapons maker
Bloomberg quotes U.S. Senator Sheldon Whitehouse (D. RI), who chaired a U.S. Senate Select Committee on Intelligence task force on U.S. cyber security in 2010, “We are on the losing end of the biggest transfer of wealth through theft and piracy in the history of the planet.”
Bloomberg also quoted FBI Deputy Assistant Director Steven Chabinsky, FBI cyber division, who said it would be hard to imagine that the scale of the current range of cyber attacks could grow larger. “It appears that every industry is being victimized by intrusions.” Chabinsky observed that “hackers also appear to be widening their targets, stealing information from vendors or contractors that may have strategic data about their clients, including public relations and law firms.” The hacking of King & Spalding LLP, a large Atlanta law firm, illustrates his point.
Read the entire Bloomberg report at http://www.bloomberg.com/news/2011-03-08/hacking-of-dupont-j-j-ge-were-google-type-attacks-that-weren-t-disclosed.html