Are there lessons in China’s Hacking Attacks for Canadian business?

Canadian IT SecurityMandiant is putting a big target right on China, according to industry reports. Mandiant is a computer-security firm who identified a twelve-story white office building in Shanghai on Datong Lu (“Great Harmony Road’).

Camouflaged amongst restaurants, shops and massage parlors, the location has been zeroed-out as the headquarters of the People’s Liberation Army Unit 61398. This group and their individuals are known to many corporations and organizations in the United States as “Comment Crew” or “Shanghai Group”.

New York Times reports this location in a rundown neighborhood is where an overwhelming majority of cyber-attacks launched against US corporations, organizations and government agencies have originated.

After years of warnings that Chinese hacking was a serious threat, the Mandiant study, along with the cooperation of US officials confirming many of its findings, signals a new American counteroffensive against the era of Chinese cyber attacks.

The Mandiant and NY Times report stops short of accusing Unit 61398 of being directly in charge.

This is no longer just a concern for business in the United States. For years, US corporations have generally kept quiet versus publicly declaring their security breaches or vulnerabilities. However the government is less comfortable with US firms keeping their silence. Hackers are now targeting the power grid, water supply and additional parts of the country’s infrastructure.

One report states that one of the Chinese targets was a company with remote access to more than 60% of the oil and gas pipelines in North America.

Comment Crew has also been reported for draining terabytes of data from Coca-Cola who in 2009 after a hacking attack lost their bid to acquire China Huiyuan Juice Group for $2.4 billion. Comment Crew went looking through Coke’s strategies while executives were trying to close the deal.

China’s official reaction remains unchanged and they deny all accusations. They claim China is also a victim of cyber attacks and ask that the finger not be pointed at Beijing. However, many cyber-security professionals have reason to believe that many of the hacking activities are state sponsored.

China is not alone with these activities. The United States government also has their own cyber warriors. Working alongside Israel, the United States has used malicious software called Stuxnet to cause turmoil with Iran’s uranium enrichment program. US officials insist they do not target or use offensive weapons for nonmilitary purposes or to steal data from corporations.

IT security is crucial and a requirement for business of all sizes. Business large and small must have a technology and IT security defense and plan in place. Examples of service firms or companies working in the energy sector were targets because they had remote access to oil and gas pipelines. What are you willing to risk?

Your Canadian business may be small compared to others, however the risk of a cyber attack hitting even a small business is real.

Are you doing what it takes to secure your business network? Need a trusted Canadian IT security team to help make sure all is OK on the security front? Give our team of IT security specialists a call today and book a no obligation review of your IT security.