Monday August 22, 2011 - Greg Scoblete
Intellectual property (IP) is the lifeblood of any technology business. It is a source of innovation, of new products and services, and, failing that, a means of extracting lucrative settlements in court. It's safe to say that without IP, there isn't much of a technology industry. It's also safe to say that IP is not safe - not by a long shot.
Indeed, the biggest tech story of August wasn't Apple becoming the largest company in the world by market cap or the news that said company briefly had more money than the U.S. Treasury. No, it was a story by in Michael Joseph Gross in Vanity Fair revealing a massive cyber espionage and cyber theft campaign dubbed Operation Shady RAT.
In details that could chill the heart of even the most battle-tested CIO, Gross illustrates how cyber-criminals, many operating for, or with encouragement from, the Chinese government, have hacked into thousands of computer networks and pilfered gigabytes worth of corporate and government secrets. Dmitri Alperovitch, the VP of threat research at McAfee, is quoted in the piece describing the situation thusly: “It’s clear from this and other attacks we’ve been witnessing that there is an unprecedented transfer of wealth in the form of trade secrets and I.P., primarily from Western organizations and companies, falling off the truck and disappearing into massive electronic archives."
In a radio interview about the article, Gross explained how this worked in practice. A chip company in China, Gross said, with very little track record in the industry would suddenly produce cutting-edge processors using designs and other IP stolen from their competitors. Source code from software companies has also been lifted, either to exploit for vulnerabilities or to profit from.
China is no stranger to IP piracy concerns. The U.S. has filed several complaints with the World Trade Organization through the years regarding the theft of Hollywood movies. But cyber theft introduces another level of complexity - and danger - for technology companies around the world since the threat is so insidious (it can take months or years before it's discovered). What's more worrying is that, if Gross' account is to be believed, most companies are either in denial about the threat or largely unaware that it exists. Even companies that have been victimized have refused to publicly acknowledge it. According to Gross, firms like Google naively thought that the U.S. government was keeping America's network infrastructure secure and thus were lax about their own security.
While the U.S. government has slowly been getting its cyber act together, it's clear that the onus is on private companies to secure their IP, before it ceases to be theirs alone.
