Cyberborgs for Cyber Wars

Size matters in the covert wars of cyber espionage – even more so when two Herculean cyber warriors merge on Wall Street. US cyber-security firm FireEye Inc. announced the acquisition of Mandiant Corp. late last week in a deal worth more than US$1 billion, generating not just an immediate surge in FireEye’s share price but a Mexican wave across the world.

This merger and creation of a next-generation cyber-security firm – FireEye is a provider of security software for detecting cyber-attacks and Mandiant a specialist firm best known for emergency responses to computer network breaches – comes at a time when old-style anti-virus software took a dive, with governments, companies and private citizens across the globe hunting desperately for more effective defensive measures to fend off sophisticated hackers and state-sponsored cyber-attacks.

But the interesting and ironic twist to this FireEye and Mandiant deal is that many of Mandiant’s employees came from the US intelligence world and the Defense Department.

The world was quite a different place 12 months ago. Same time last year, the hottest cyber security issues were increasing cyber-crime activities and Chinese state-sponsored cyber-attacks. Computer forensics specialist firm Mandiant rose to prominence last February when it stole global headlines with its report linking the hacking into US companies’ systems to a Shanghai-based unit of the Chinese People’s Liberation Army.

The security chiefs of some major US banks, generally considered the best in their business within the private sector, were then reportedly turning to the National Security Agency for help to protect their computer systems after a barrage of attacks on their web sites rendered them helpless.

Ask the NSA for help? Yes, I hear some chuckles.

The world was put onto its heels June 9 last year when Edward Snowden, the former NSA contractor and whistleblower now turned fugitive in Russia, came forward to reveal himself as the source to the revelations of the NSA’s massive programs of covert cyber-snooping and surveillance on ordinary citizens and foreign leaders. And the rest was history.

The Snowden saga almost overnight and single-handedly raised global awareness of cyber security risks, especially for those previously oblivious and indifferent to early warnings with the “what’s that to do with me” attitude.

According to Verizon’s 2013 Data Breach Investigations Report, “there’s a lot of complacency among organizations about the risk of espionage attacks” and “lesson one is that the “I’m too small to be a target” argument doesn’t hold water”.

Among Verizon’s findings of over 47,000 security breach incidents, three quarters of cyber-attacks last year were opportunistic and financially motivated and 19 percent “were perpetrated by state-affiliated actors – in other words, a form of espionage.” Of the latter, 95 percent “of all state-affiliated espionage attacks relied on phishing in some way – even the most targeted and malicious attacks often rely on relatively simple techniques.”

Both FireEye and Mandiant, however, cater to the business world and not general consumers. Clients paid top dollar for their A-Team like services which the man in the street can ill-afford.

Nevertheless, in this Post Snowden era, security experts are expected to be thrilled with this latest and biggest transaction in the security industry in recent years, which could pave the way for more consolidation within the sector.

Privately held Mandiant was founded in 2004, by former US military cyber-crime investigator Kevin Mandia, as a security consultancy specialist that later evolved to develop into a cyber-SWAT like team with its own software to guard against advanced persistent threats such as state-sponsored cyber-attacks. According to the Financial Times, as many as 30 percent of the Fortune 100 companies have Mandiant onboard when their computers were hacked.

FireEye, a Silicon Valley producer of security software that was listed only last year, differentiates itself from mainstream providers of antivirus products. Instead of simply monitoring the web and identifying malicious software, by which time damage has already been done, FireEye pioneered software that can isolate and assess the incoming web traffic separately in its “virtual containers” before deciding whether to let the traffic through.

On the other side of the coin, the world is resembling George Orwell’s Nineteen Eighty-Four with growing knowledge of the extent, coverage and pervasive level of surveillance, fueled further the past week by special reports by German magazine Der Speigel about the clandestine works of the NSA. The Verizon report also cited that the majority of financially motivated incidents involved actors in either the US or Eastern European countries and 96 percent of espionage cases were attributed to threat actors in China.

As perpetrators and cyber warriors build their arsenals, it is the innocent victims of the world that continue to pay the price – in both dollar and privacy terms.

(Vanson Soo runs an independent business intelligence and commercial investigations practice specialized in the Greater China region. Blog: Another version of this appears in The Standard of Hong Kong)