U.S. technology companies making cars that communicate with each other, drones and Internet-enabled devices are top hacker targets, said David DeWalt, chairman and chief executive officer of FireEye Inc.
Hackers primarily from Asia are using computer botnets and malware to steal trade secrets from U.S. companies making automobiles, unmanned aerial systems and satellite components, DeWalt said at a Bloomberg Government breakfast today.
“The No. 1 sector in industry that’s being attacked right now is high-tech and information technology,” DeWalt said “Anything that’s innovative tends to be very under duress.”
While the recent attack on Target Corp.’s computers to get access to consumer data has received much public attention and been the focus of congressional hearings, the warning from FireEye shows that hackers are after industrial trade secrets that can help foreign governments and companies gain a competitive advantage over U.S. industries for years to come.
Hackers backed by other governments are seeking to steal manufacturing designs or intercept data that will enable them to replicate blueprints, DeWalt said. He didn’t name any companies that have been the victim of recent attacks.
Dewalt called for international cooperation to develop standards to fight cybercrime. That may be the only way of cracking down on state-supported efforts to steal trade secrets, he said.
Companies including General Motors Co. and Google Inc. are developing crash-avoidance technology under which cars will sense impending collisions and warn their drivers.
Meanwhile, the annual Consumer Electronics Show in Las Vegas last month featured companies specializing in making personal devices that connect to the Internet.
There’s no indication that hackers are trying to disable systems that depend on sophisticated technology, Kevin Mandia, FireEye’s chief operating officer, said at the breakfast.
“There’s been a rule of engagement where they haven’t changed your data,” Mandia said. “They haven’t intentionally crashed your machine.”
FireEye, based in Milipitas, California, specializes in detecting computer network threats and bought Alexandria, Virginia-based Mandiant Corp. in December in a deal valued at $1.05 billion.
The hacking tactics used to breach Target’s payment processing system weren’t new, DeWalt and Mandia said.
“This technique that was used is something we’ve seen so many times over and over,” DeWalt said. It involved a “spearphish attack on a supply chain to gain access to a back-end system. That’s as old as we’ve been around.”
More often than not, the efforts involve scamming human beings into divulging account names, passwords or other information that can be used to break into computer systems, DeWalt said.
“It just goes to show that these techniques have yet to be resolved that have been around for a decade or more,” he said.
Mandia said an investigation into the attack probably will show that the hackers were from Russia. “It’s the same folks that have been targeting our networks for a dozen years or more,” he said.