February 21, 2013
- Are the pipelines safe? Chinese cyberspies infiltrate U.S. government and industry alike
- “Not just China”: One expert throws cold water on recent headlines and says the situation is potentially worse
- Cybersecurity: a $55 billion pie set to grow by more than half in the next five years… and your chance to grab a piece
- Markets swoon in a “Fed freakout”: Amoss on why you should ignore Federal Reserve “hawks”
- Hilarity ensues in a silver experiment… economic numbers seen through the eyes of an addict… marijuana seen through the eyes of lawmakers (even more scary)… and more!
They’re called “Comment Crew.”
The name suggests they hijack the comments sections of blogs. But their work is much more malign: They break into the computer networks of federal agencies and Fortune 500 companies. They insert hidden code, or “comments,” into Web pages — among other sinister acts.
And they might be officers of China’s People’s Liberation Army (PLA) — assigned to Unit 61398, a 12-story office tower a few miles from downtown Shanghai.
Unit 61398 of the People’s Liberation Army: nerve center for cyber-warfare?
A report compiled by the U.S. computer security firm Mandiant “leaves little doubt,” as a lengthy New York Times article puts it, “that an overwhelming percentage of the attacks on American corporations, organizations and government agencies originate in and around the white tower.”
“Either they are coming from inside Unit 61398,” Mandiant CEO Kevin Mandia told the Times, “or the people who run the most-controlled, most-monitored Internet networks in the world are clueless about thousands of people generating attacks from this one neighborhood.”
Mandiant counts more than 140 intrusions by Comment Crew since 2006. It is only one of several hacker groups Mandiant links to the PLA.
“While Comment Crew has drained terabytes of data from companies like Coca-Cola,” says the Times story, “increasingly, its focus is on companies involved in the critical infrastructure of the United States — its electrical power grid, gas lines and waterworks.” One target: a company with remote access to 60% of North American oil and gas pipelines.
If this is news to you, it’s not to Comment Crew’s long list of victims. And they’re moving fast to take preventive measures.
Indeed, information security — or “InfoSec,” to use industry jargon — is big business.
Last year, the number of cyberattacks reported to the Department of Homeland Security grew 52%. Gartner Group — a giant information technology research firm — estimates global spending on cybersecurity will rise from $55 billion in 2011 to $86 billion by 2016. Within the U.S. alone, it’s already a $30 billion industry.
“Results from Gartner budgeting surveys published in June 2012 underline the fact that organizations globally are prioritizing on security budgets,” says Gartner’s research director Lawrence Pingree.
Mandiant, with the release of its report, has become a major player in the InfoSec field.
“What was remarkable,” says an equally exhaustive Washington Post article about the report, “was that the extraordinary details — code names of hackers, one’s affection for Harry Potter and how they stole sensitive trade secrets and passwords — came from a private security company without the official backing of the U.S. military or intelligence agencies that are responsible for protecting the nation from a cyberattack.”
That said, the report was “embraced by stakeholders in both government and industry,” says the Post.
If you want access to Mandiant’s services, be prepared to pay up: It doesn’t publicize its fees, but word on the street is they run $400 an hour. Mandiant took in $100 million last year — up from $40 million the year before.
The Mandiant report has its critics… and not only in China. Jeffrey Carr, author of Inside Cyber Warfare, says Mandiant twisted the facts to fit a predetermined conclusion that China is responsible.
“Mandiant refuses to consider what everyone that I know in the Intelligence Community acknowledges,” he writes — “that there are multiple states engaging in this activity; not just China.”
But the truth is almost beside the point — as Carr acknowledges.
“[I]t’s good business today to blame China,” Carr explains.
“I know from experience that many corporations, government and DOD organizations are more eager to buy cyberthreat data that claims to focus on the PRC than any other nation state.”
It’s almost inevitable: Bureaucrats and businessmen who need to protect their systems, but who don’t understand the technical gobbledygook, end up getting played by the contractors.
“InfoSec vendors,” Carr writes, “have been left alone to define the threat landscape based upon their product offerings. In other words, vendors only tell customers to worry about the threats that their products can protect them from, and they only tell them to worry about the actors that they can identify (or think that they can identify).”
Cue the White House.
“The Obama administration announced a broad new effort Wednesday,” reports The Associated Press, “to fight the growing theft of American trade secrets following fresh evidence linking cyberstealing to China’s military.”
“There are only two categories of companies affected by trade-secret theft,” said Attorney General Eric Holder: “those that know they’ve been compromised and those that don’t know it yet. A hacker in China can acquire source code from a software company in Virginia without leaving his or her desk.”
If you think the timing of such an initiative — a day after Mandiant’s report is splashed across the front pages — is coincidental, you don’t know much about the ways of Washington.
Bottom line: Cybersecurity is hot. It’s got bipartisan appeal in Congress. There’s a made-in-Hollywood boogeyman. And because the topic is only now coming on the radar, it won’t figure into the “sequestration” noise currently consuming the pundit class. Vast new sums of federal cash are about to flood into this still-tiny sector.
Tapping into this cash flood is part and parcel of our “making the empire pay” proposition.
As shown in Empire of Debt, the empire has a logic all its own. That logic will bring about events beyond your control. It is far better to understand those events and plan your life and your portfolio accordingly… than to allow them to blindside you and your family.
With that in mind, cybersecurity will be a key area of focus in our newest publication… devoted to military high-tech. We’ve tapped Byron King to be the editor. He’ll draw on a vast network of contacts built up during his decades as a Navy pilot and scholar at the Naval War College. He’ll plug you in to the most bleeding-edge technology that could generate huge gains for early-mover investors.
This will be a high-end service, much like Byron’s Energy & Scarcity Investor… or Patrick Cox’s Breakthrough Technology Alert.
And for the next five days, you have a chance to access it for free.
In fact, we’ll even send you a check for your trouble.
Seriously. It’s an offer we’ve never made before. Publisher Joe Schriefer lays it out in detail here.
Stocks are skidding further today after what you might call the Fed Freakout yesterday.
Minutes of the Federal Reserve’s January meeting went public at 2 p.m. They revealed several Fed governors were skittish about keeping the easy-money crack flowing indefinitely.
Markets reacted… well, as any crack addict would:
- As of this writing, the Dow is down 175 points since yesterday’s open
- Gold was whacked more than $50 in a 24-hour span… although it has since recovered a bit to $1,578
- Crude is down to $93.30 — as low as it’s been all year
- Even Treasuries took a minor hit, the yield on the 10-year rising above 2% before retreating today.
The sole beneficiary: the rotten-to-the-core greenback. The dollar index sits at a five-month high of 81.4.
“Apparently, a few so-called ‘hawks’ think printing endless money is a risky idea,” says a skeptical Dan Amoss.
“Well, that’s too bad for them, because they’ll continue getting steamrolled by the doves. There is a bankrupt federal government to fund, and it needs perpetually low borrowing rates on its Treasury bonds.
“The views of Fed hawks don’t really matter. Chairman Bernanke prefers having the appearance of a few dissenters so the dovish majority doesn’t look so mentally inflexible. Hawks seem concerned about overheated junk bond markets, but ironically, creating asset bubbles is Bernanke’s quietly spoken policy objective. In a few candid moments, Bernanke has admitted paying very close attention to the link between Fed policy and the stock market.
“The bottom line is that the Fed is currently implementing a super-easy policy, and there’s no chance of this changing anytime soon. In fact, even with firm oil and gasoline prices, Bernanke has insisted he’d keep viewing this as transitory. The Fed will base any decision to tighten on its own forecasts of inflation — not actual inflation.
“Holders of gold and silver have been panicking because of the Fed minutes and the G-7’s totally noncredible promise to avoid currency wars. At a time when most central banks are stuck in an ‘inflate or die’ predicament, precious metals are, ironically, hated. Opportunity abounds. [Dan identifies one more precious metals royalty play in today’s 5 PRO…]
Traders are also chewing on a raft of numbers today. If the thought of withdrawal pangs from Fed crack were a challenge yesterday, it’s almost unbearable after looking at numbers like these…
- First-time unemployment claims: another big swing, this time upward to 362,000
- Consumer prices: allegedly unchanged in January, according to the Bureau of Labor Statistics. Rising prices for housing, clothing and air travel were offset by energy prices that supposedly fell — once the statisticians applied their “seasonal adjustments.” Heh
- Philly Fed survey: Make it two straight months of contraction in this measure of mid-Atlantic manufacturing. And it’s worse than last month. Ditto the new-orders component of the number
- Existing home sales: Even the optimists at the National Association of Realtors could conjure only a 0.4% increase in January.
Our favorite hard money street show returns with a new twist. This time around, activist Mark Dice hit the streets to give strangers a straightforward choice: a free $5 bill or a free one-ounce Silver Eagle. We guess it was too hard for him to get any takers by offering just free bullion.
The answers are even more surprising than you think. We can understand people not knowing what the price of silver is… but some people chose neither!
“I guess these people just don’t even want free money…” he says, after being rejected a few times. We don’t understand it. One guy actually knew the price of silver and still chose the $5 bill.
FYI, even after yesterday’s beating, silver still sits more than $23 above that piece of scrip he’s offering.
These days, you can’t even give money away.
“Come on, Tennessee!” a reader writes, after our account of the couple pulled over because of a bumper sticker that maybe kinda sorta looked like a marijuana leaf if you looked real hard.
“Get with the times, man… Out here in Washington (the state, not D.C.), my state’s government is relishing the thought of all those new tax revenues it will derive from the recently passed marijuana legalization initiative.
“We’ve got two branches of state bureaucracy fighting over who is going to be in-powered to hire more bureaucrats to tax, audit, license, enforce and grow the stuff. Our legislators are so excited by the thought of these new revenues, they’re already spending the money they haven’t collected yet to hire a consulting group to tell us how ‘primo’ the stuff is or isn’t.
“Now where exactly did they get this expertise? Why, the medical marijuana ‘dudes,’ of course. Tennessee, you’ve got to change your ways and get enlightened to the new world order and all the possibilities of increased tax revenues. Pulling people over for a marijuanalike bumper sticker? Sounds like a police state to me. Wait, that was the point wasn’t it?”
The 5 Min. Forecast
P.S. “It isn’t science fiction any longer,” writes Gene Policinski at the First Amendment Center, “to consider the Orwellian impact on public demonstrations where a government ‘eye-in-the-sky’ linked to facial-recognition software now used in land-based cameras could enable police to identify each person in a march or picket line — and perhaps, in the process, also ‘tag’ bystanders or journalists.”
Oy… There’s something to think about the next time you take part in, say, a gun rights protest.
To date 7,656 people have signed the Laissez Faire Club’s petition demanding a halt to the use of surveillance and strike drones on U.S. soil. Have you?