Hidden Dragon – The rise of the Chinese hacker

The year of the dragon is here and the power house that is china is going to get bigger. With an expected economic growth of double figures some of that growth is definitely going to levitate to ICT, business information and stealing your hard earned and created Intellectual property (IP).

The Chinese hackers are on the increase and although we are not a primary target for them we will undoubtedly get caught in cross fire and the bleed that comes from just being connected to the Internet. In addition the situation has started to arise where the normal monetary hackers are trading sites that have no value to them to the state funded Chinese hackers who then exploit the hacks for information and IP.

The phenomenon of flag waving and state sponsored hacking is not only limited to the Chinese. Most of the ex-soviet block, North Korea and some of south america all have a vested interest in stealing information from the west. The difference between the states and countries is as different as their internal philosophy and this also includes their attack vectors. Some of the attacks are using botnets and defacement as a primary attack weapon while others are only doing legitimate spying for critical information.

In many situations over the last couple of years the criminal hackers and the patriotic hackers have combined forces to achieve absolutely devastating results. Those attacks have had major repercussions through Government and business across the world.

Every attack is aimed at gaining access to some critical information. And small and medium business and not for profit organisations are in the firing line mainly because of the proliferation of Microsoft software. A hacker can do more damage with a shotgun approach than they can with surgery because they end up targeting you, who previously unknown to them, now may have something that they want.

How do you stop that from happening to your business.

There are a number of things that a business can do to protect itself from cyber attack but you have to remember, it is an ongoing process. It is a process of keeping up with what is happening outside your business,

  • using common sense when accessing the internet and securing your business,
  • applying new updates and security patches for operating systems and applications,
  • constant vigilance with auditing and logging,
  • education and training of ALL staff in the basics like password usage and vigilance.
  • It also includes keeping up with your compliance requirements to ensure that your business not only complies with the requirements but it is also certified.

One of the little known solutions is to listen to what your staff are gripping about. Little things and comments about problems with their computers can be an eye opener when it comes to security. Taking notice of protective systems also ensures that they are doing their jobs.

Yes the Dragon has risen but we can, with a little thought, defeat it and keep our businesses and our clients information safe.

Roger Smith, is an educator. Teaching students at ADFA (UNSW) and showing them how vulnerable they are to cybercrime.

He is also CEO at R & I ICT Consulting Services Pty Ltd, an Amazon #1 author on Cybercrime and founder of the SME Security Framework. He is a Consultant who specialises in inexpensive and highly effective security strategies for small and medium businesses and not for profit organisations.

He has developed and authored the SME Security Framework and the Security Policy Training Course which are considered to be the definitive guides to helping SME's protect their organisation using the principles of Technology, Management, Adaptability and Compliance.