Monday, April 12, 2010

Increased Espionage against US Defense Contractors

The Counterintelligence Directorate of the U.S. Defense Security Office recently released a report on espionage against the U.S. defense industry. The study identified four broad methods of information gathering including the use and misuse of technology:
  1. Direct Request - Email requests for information, webcard purchase requests, price quote requests, phone calls, or marketing surveys
  2. Suspicious Internet Activity - Confirmed intrusion, attempted intrusion, computer network attack, potential pre-attack, or spam
  3. Solicitation and Seeking Employment - Offering technical and business services..., resume submissions, or sales offers
  4. Foreign Visits and Targeting - Suspicious activity at a convention, unannounced visit..., solicitations to attend a convention, offers of paid travel to a seminar, targeting of travelers, questions beyond scope, or overt search and seizure
The alleged sources of attacks are world wide including:
  • "East Asia and the Pacific and Near East entities remaining the most prolific collectors of United States technology or information"; and,
  • Europe and Eurasia
The largest growth in cyber activity was from East Asia and the Pacific:
"Suspicious Internet activity with IP addresses originating in the East Asia and the Pacific region represented 79 percent of the regional cyber collection effort, a significant increase over last year’s 52 percent. These apparent cyber operations mainly targeted cleared defense contractor networks used for research and development documentation, especially those related to information systems technology."
The report noted an interesting trend between Asian and Near East activity and that of Europe and Eurasia [emphasis added]:
"Europe and Eurasia collectors do not need to use high-profile collection techniques because their covert collection methodologies are already efficient and effective as to render the more blatant, overt requests largely supplemental to other collection competencies. It is noteworthy that even though their overt collection efforts have declined, European and Eurasian cyber actors remain some of the most active targeters of United States technology."
The report contains in-depth analysis of the types of information targets and regional statistics and analysis of activity. The report forecasts increased cyber activity in the future:
"Government and commercial collection entities worldwide are highly likely to continue the use of cyber collection activities against United States government and its CDCs. Cyber intrusion offers a relatively low-risk, high-gain technique giving illicit collectors the opportunity to acquire sensitive and proprietary information stored on United States computer networks. Cyber targeting may also be utilized as a collection planning tool to identify targets of opportunity not readily apparent to traditional collectors. This cyber reconnaissance allows foreign elements to design targeting plans employing the full range of collection techniques on focused targets."


No comments: