"Because the whole point is for the espionage to be stealthy, there is truly no way to know the size and scope of the issue," says Mark Lobel, advisory principal at PricewaterhouseCoopers. But don't let that quiet nature fool you, he adds: "In conversations with people in the industry, they are confident that it is a larger problem than most people recognize or understand."
Who's doing the espionage?
Even when electronic spying is detected, it's often impossible to know the real source of the attack. For example, if you trace an attack to an IP address in a given country, it's likely the machine is simply a compromised computer that's acting as a proxy or relay.
Today, most security vendors track threats such as viruses in a signature-based detection setup, looking for parts of known viruses. But for countries such as China that have the budget and expertise, it's not hard to exploit advanced code and other zero-day attacks that security vendors don't have on record to catch, says Brandon Gregg, a San Francisco-based corporate investigator who plans to teach a law-enforcement class on electronic espionage in the fall.
Although China is often cited as a source of electronic spying, it's hardly the only place from which such attacks originate. "It's human nature that you need one entity you can blame. But from the data I've seen and from what I've heard it's a little more complex than that," says Nils Puhlmann, CSO at online game producer Zynga Game Network and co-founder of the Cloud Security Alliance. While Puhlmann wouldn't provide details, he indicates that electronic spies operate from multiple countries and are not necessarily state-sponsored.
Sites such as Hackerforum.com feature content about remote access tools that allow hackers to not only control a computer completely in a few steps, but to hear and see a user without the user knowing about it.
How do the cyber spies infiltrate your systems?
A typical targeted attack will exploit multiple weaknesses to achieve its ultimate goal: usually to steal information or compromise a specific account. A particular user in an organization might be targeted via a well-crafted, believable email (a technique called "spearphishing") and might inadvertently help install spyware via his or her PC.
Some attacks can originate by hackers gaining access to publicly available information and correlating it. While not every piece of information posted on the Internet is sensitive, when combined with other data on the Web as well as additional information posted by other companies, a pattern can begin to emerge.
"You are able to put together pieces of nonsensitive information to figure out or to deduce sensitive information," notes PricewaterhouseCoopers' Lobel.
Sign up for Computerworld eNewsletters.