The security world is abuzz with news today that both the Democratic and Republican presidential campaigns had their IT systems hacked and infiltrated in recent months.
As originally reported by Newsweek, "The computer systems of both the Obama and McCain campaigns were victims of a sophisticated cyber-attack by an unknown foreign entity, prompting a federal investigation."
The newsmagazine also reported that after taking a closer look at the incidents, Obama's technical experts believed that the involved hackers were either Russian or Chinese.
So should this surprise anyone at this point? Not really. If the Chinese government was able, as it has been accused, of getting spyware onto the computer of the acting U.S. Secretary of Defense, should anyone feel really good about their ability to keep these people out?
Newsweek's sources speculated that the attacks were targeted attempts by foreign constituencies to study the potential policies that each candidate would propose to put into place.
And certainly, one can easily imagine why government officials in places like China and Russia would have a vested interest in such matters.
So, what should businesses and other organizations take away from this news?
Without sounding too much like an alarmist, I'd have to say that U.S. companies should be fully aware that their overseas competitors can and will attempt to access their IT systems to steal their product designs, innovative ideas and any other intellectual property they seek, and they likely have the technical ability on hand to do so.
And, they might in fact have the tacit permission and backing of their governments to engage in such activities.
Is this far-fetched fear mongering? Clearly based on the campaign reports, I'd have to say it is not. Consider that the campaigns are likely even more secretive than your average enterprise, and likely had top federal IT security types enlisted to help protect their assets.
Further, if you talk to anyone who has done red team or forensics work for any federal agency, they'll tell you this type of spying is not only happening, but it is going on every single day, literally.
So, the point? Cyber-espionage is real, it is happening, and it is surely being pursued as actively in the private sector as it is in the government space--because, as we know, money makes the world go round, even more so than world politics.
The solution? Now that's an even bigger question to ponder.
Matt Hines has been following the IT industry for over a decade as a reporter and blogger, and has been specifically focused on the security space since 2003, including a previous stint writing for eWEEK and contributing to the Security Watch blog. Hines is currently employed as marketing communications manager at Core Security Technologies, a Boston-based maker of security testing software. The views expressed herein do not necessarily represent the views of Core Security, and neither the company, nor its products and services will be actively discussed in the blog. Please send news, research or tips to SecurityWatchBlog@gmail.com.