Hackers Sought Companies’ 'Crown Jewels'

From: http://www.businessweek.com/news/2010-03-03/mcafee-says-hackers-sought-crown-jewels-at-six-companies.html

March 3 (Bloomberg) -- McAfee Inc., exploring the cyber attacks originating from China, discovered at least six incidents in which hackers broke into the computer systems that companies use to house valuable intellectual property.

“We know that these systems were absolutely targeted for the crown jewels of each organization -- potentially representing billions of dollars,” George Kurtz, McAfee’s chief technology officer, said today in an interview from Santa Clara, California. “We want to shed light on a problem that many didn’t realize.”

Many companies hold source codes, product formulas and other kinds of intellectual property in “software configuration management systems,” said McAfee, the second-largest maker of security software. Companies typically set up these systems to support collaboration and version control, and they assume network security will keep their internal systems safe.

Google Inc., the world’s most-popular search engine, said in January that it found evidence of “sophisticated” cyber attacks originating from China. Hackers went after at least 20 companies, Google said at the time.

Those attacks are being investigated by U.S. government agencies, local law enforcement and security experts such as McAfee and larger rival Symantec Corp. McAfee Chief Executive Officer Dave DeWalt said this week that his company was the first to notice the hacks.

Non-Technology Companies

While Kurtz declined to say where the targeted companies are located, he did say they weren’t all technology businesses. Jill Hazelbaker, a spokeswoman for Mountain View, California- based Google, declined to comment.

McAfee fell 61 cents to $39.54 at 4 p.m. in New York Stock Exchange composite trading. The shares have slipped 2.5 percent this year.

The perpetrators of the attacks relied on an approach called spear phishing, targeting specific employees with high- level access privileges to the data they seek, Kurtz said. The hackers also learn the identities of people those employees trust and then send the employees e-mails, with infected attachments, pretending to be those people.

When the targeted employee clicks on an attachment, it triggers malware. That program opens a “back door” into the corporate network and steals passwords and other useful information, McAfee said.

“We saw that high-privileged users’ accounts were compromised, and that’s how the attackers got access,” Kurtz said. “If George has access to source code, I will figure out who’s friends with George and get him to click on something from that person.”

Most Valuable Information

Kurtz said few companies are adequately protecting their most valuable information.

“If companies had the same level of protections on their cash-management systems as they do on their intellectual- property repositories, they’d be broke,” he said. “We know of at least half a dozen companies that were targeted.”

Kurtz said he couldn’t confirm the source of the cyber attacks.

“It’s difficult to figure out,” he said.

--With assistance from Brian Womack in San Francisco. Editors: Stephen West, Nick Turner.

To contact the reporter on this story: Rochelle Garner in San Francisco at rgarner4@bloomberg.net