Fortune 500 under attack from state-backed IP thieves

An advanced threat and intellectual property protection company, Bit9, has claimed that every company in the world that is innovating is in danger of corporate sabotage and theft – with one of the biggest threats being nation-states pulling the strings behind the scenes.

Bit9’s CEO, Patrick Morley, claims that if an organisation has the resources, infiltrating company networks can be a breeze. For IP theft, the threats aren’t generally from rogue hackers: an employee will start at 8AM and look through his or her hit list, and their job will be to crack into a company’s network. Once that person has made their way in, they hand over the details to a colleague, whose job will be to lay out the network’s topology. Those details are collected and stored before being passed on to another colleague, whose whole job will be to get it out of the organisation in an undetectable way, usually using a network of proxy servers, sending the information on to other locations near the cracked company’s HQ. Eventually those details make their way into another country, and often, untraced.

“The pattern that we see repeated again and again,” Morley said, “is just how organised these attacks are. That’s the big change.”

Bit9’s technology has flipped the model, Morley said, so organisations can run trust based security – with software installed on endpoints which watch every iota of information that goes on the device, an agent in the way antivirus can be an agent, but instead of sifting exclusively for malware, it checks trusted software and allows it to run. “If we were to run on your machine,” Morley said, “we’d do a one time scan on your machine and give it a trust rating – and then you can build a policy that says what you want to trust”.

Although Morley could not talk on specific customers, they are mostly very large Fortune 500 global companies which need a certain level of trust in place. Any company which is doing a lot of R&D, who think of the information that they run as critical and under attack, Morley said. “We also work with many who view their IP as different – such as with customer or patient data, so organisations that have credit card information or in health care, they all use this because their IP is their brand,” he said.

Even traditional global brands have heavy R&D programmes in place, and as such, open themselves up as targets. There is a “concerted effort” to get the information out of them, according to Morley. 

Readers will remember the RSA security token snatch, which was used to gain information from highly sensitive clients such as the USA’s largest military contractor, Lockheed Martin. Morley said that Bit9 was deployed with another company where an attack took place – the exact same as against RSA – which it stopped. Just nine days later, RSA made its announcement. 

Another company was working on a large project and was, according to Morley, a “very sensitive customer”. It had to build an app on top of Google Earth. When Bit9 deployed its software at another end point in the company, it noticed Google Earth had a trust rating of ZERO. “We came to find out that they had built this very sensitive project on Google Earth, and that had one – one – file that had been changed into a piece of dropper technology,” Morley said. “Of thousands of files only one had been pulled out. This is the kind of stuff going on.”

Outside of the USA, there is a frustration in helping companies to understand the threats to their intellectual property and their research – until it is too late. The UK is behind the US, according to Morley, and Europe in general is behind the UK in recognising the threat. “You tell people again and again, but it’s not until they recognised the IP has been sucked out of their company – I have hundreds of stories where criticalIP, critical formulas, ideas they have spent years building, gets sucked out in a matter of days,” Morley said.

“The fascinating thing is, now it’s gone, it’s not just gone and a nation is holding it there – it becomes a public-private partnership that leverages the data.”

Considering London’s immense wealth and its basis as one of the world’s largest financial centres, Morley said that he has “no doubt” it as targeted as the US. “There is no doubt,” he said. “It has to be. I think there’s a level of awareness that’s a little behind saying ‘Gee, is this really an issue?’ There’s no question. I think that it is a big problem.”

Although there are always stereotypes about which kind of crime is coming from which region, Morley said they are not largely wrong. They are stereotypes, so not 100 percent accurate, but, he thinks, there has “been enough work done by enough groups across the world to understand where a lot of these attacks are coming out of”. 

In Morley’s opinion, as China’s economy has revved up, the focus has changed: he pointed to an article he had read which revealed the Chinese Communist Party’s 20 year plan, and which industries they had wanted to invest in from a research and development standpoint. “If you mapped those against where the attacks go, they matched it directly,” he said.