China-based hacks of Google and more than 20 other companies are just the tip of the iceberg, says internet security...
expert and crime investigator Ira Winkler.
"Worrying about the Google hacks is like worrying about a stain on the carpet when the house is burning," he told delegates at the RSA Conference 2010 in San Francisco.
Pervasive and well organised Titan Rain-style attacks have been going on for years and continue under a different name, Winkler said.
Winkler, who is president of the Internet Security Advisors Group (ISAG), said it is common for China to produce for the local market copies of products being manufactured by US or European companies.
"Concern about the Google hacks is funny because China is routinely breaching and stealing data from information systems belonging to US military and government organisations," he said.
China acknowledges that they lag in technology, so they are focused on acquiring technology through every means possible, particularly missile and satellite technologies, he said.
Typically breach teams target people with access to IT systems through social engineering methods to gain a foothold within an organisation and compromise internal servers.
Next collection teams access servers, search for valuable data, store it internally and then send it out in large chunks within minutes, often disguised as video transmissions, said Winkler.
"The problem is that most companies are using the wrong tools to protect themselves. At the most basic level, tools need to be behaviour-based and not signature-based," he said.
Only by using tools that can identify the presence of back doors, root kits and the most sophisticated methods of siphoning out data will organisations be able to attempt to limit data leaks, he said.