How to catch Chi­nese hack­ers: Look at who wants your cor­po­rate se­crets

Keep­ing tabs on ri­vals may help com­pa­nies foil at­tacks “All this time we’ve been fo­cused on the tech­nol­ogy layer”

Bloomberg Businessweek (Asia) - - CONTENTS - −Dune Lawrence

Jef­frey John­son has the stamp of a mil­i­tary man, per­haps as a re­sult of his early ca­reer in the U.S. Navy. The part in his hair might as well have been drawn with a ruler; his shirt is tucked as tight as a hos­pi­tal cor­ner. He looks slightly in­con­gru­ous strid­ing around his down­stairs den in sub­ur­ban Vir­ginia in his socks and eat­ing Chick-fil-A take­out, as he ex­plains why Squir­rel Werkz isn’t just an­other cy­ber­se­cu­rity startup.

His con­tention is that hack­ing isn’t a tech­ni­cal is­sue: It’s a busi­ness and com­pet­i­tive is­sue, and that’s how com­pa­nies need to ap­proach it. “All this time we’ve been fo­cused on the tech­nol­ogy layer, but it’s just a means to an end,” he says. “What we for­got to do was to fo­cus on the busi­ness trans­ac­tions.” John­son be­gan do­ing just that as a cy­ber-risk spe­cial­ist at EY (for­merly Ernst & Young). In 2012 he was called in to ex­am­ine a breach at a U.S. chem­i­cal com­pany. An ear­lier in­ves­ti­ga­tion by the FBI con­cluded that Chi­nese hack­ers had pen­e­trated the com­pany’s net­work us­ing a phish­ing e-mail and gained con­trol of servers in Ger­many and Canada for two months.

As John­son be­gan dig­ging into the com­pany’s busi­ness plans and op­er­a­tional data, it be­came clear the dam­age was more ex­ten­sive and in­sid­i­ous. He un­cov­ered ev­i­dence that the hack­ers were in­ter­cept­ing in­bound or­ders, as well as out­bound e-mails with price quotes and other terms. They also tam­pered with the order­ing sys­tem for raw ma­te­ri­als, caus­ing pro­duc­tion de­lays, and made off with valu­able re­search re­lated to a line of en­vi­ron­men­tal prod­ucts.

The likely ben­e­fi­ciary of all the ma­li­cious ac­tiv­ity emerged, John­son says, when a Chi­nese firm made a low­ball of­fer for the U.S. com­pany af­ter its per­for­mance be­gan fal­ter­ing. He says the busi­ness “has no way of re­cov­er­ing. You’re lit­er­ally steal­ing the fu­ture.”

John­son left EY in July and runs Squir­rel­W­erkz out of his house. (On LinkedIn, he lists his cur­rent po­si­tion as Chief Squir­rel.) He’s as­sisted by five an­a­lysts scat­tered across the coun­try. They closely track the ac­tiv­i­ties of Chi­nese “na­tional cham­pi­ons,” strate­gi­cally im­por­tant com­pa­nies that the Chi­nese govern­ment sup­ports through overt and covert means. John­son’s anal­y­sis has un­cov­ered a cor­re­la­tion be­tween cy­ber­cam­paigns tar­get­ing in­ter­na­tional heavy equip­ment mak­ers and spikes in pa­tent fil­ings by a pair of those com­pa­nies’ Chi­nese ri­vals be­gin­ning about 10 years ago. Nei­ther had much re­search and de­vel­op­ment spend­ing to sup­port the sud­den in­no­va­tion, or cap­i­tal ex­pen­di­ture to sup­port their rapid growth, ac­cord­ing to John­son. Squir­rel­W­erkz’s model flags that kind of anom­aly, in­clud­ing over­lap­ping in­tel­lec­tual prop­erty, and can of­fer rec­om­men­da­tions on re­sponses, such as chal­leng­ing the IP claims.

John­son says his ap­proach sim­pli­fies things. In­stead of de­fend­ing against ev­ery­one, com­pa­nies iden­tify the two or three com­peti­tors most likely to tar­get them. In­di­vid­u­als, whether an ex­ec­u­tive at a part­ner com­pany or an en­gi­neer at an ac­qui­si­tion tar­get, are as­signed a risk score based on ca­reer his­tory and links to in­sti­tu­tions in China that may sup­port hack­ing and IP

theft. “Jeff ’s work pro­vides a unique in­te­gra­tion of cy­ber, crim­i­nal, com­pet­i­tive, and eco­nomic threat in­tel­li­gence and an­a­lyt­ics that hasn’t been done be­fore,” says Bob Rose, an in­de­pen­dent cy­ber­se­cu­rity ex­pert who ad­vises sev­eral govern­ment agen­cies and cor­po­ra­tions. “It gives se­nior de­ci­sion­mak­ers a tailored view of the risks, find­ings, and rec­om­men­da­tions.”

John­son has spent the past nine months pre­sent­ing his model and find­ings to govern­ment agen­cies, in­clud­ing the FBI. The U.S. govern­ment has new tools it can use against hack­ing, in­clud­ing a sanc­tions pro­gram cre­ated by ex­ec­u­tive or­der last year. He hopes his cy­ber-eco­nomic model can help build ev­i­dence for such cases, and ul­ti­mately in­crease the cost of hack­ing to China.

The bot­tom line Squir­rel­W­erkz says com­pa­nies in­ves­ti­gat­ing hacks put too much em­pha­sis on tech­nol­ogy and too lit­tle on busi­ness anal­y­sis.

Newspapers in English

Newspapers from Australia

© PressReader. All rights reserved.