Posted by Kalyani M. on Jun 13, 2013
As the world continues to go digital, international spying has also gone to the web, with full-fledged cyber wars targeting innocent users along the way. In 2010, Google became the first company in the U.S. to disclose a major security breach to the public. In its statement, the company claimed that hackers had exfiltrated source code and attempted to crack the accounts of activists for Tibetan independence. And Google wasn’t the only major company targeted in the attacks. Only minutes after Google’s announcement, Adobe released a blog post revealing that they had been the target of a “sophisticated, coordinated attack against corporate network systems managed by Adobe and other companies.”
After the dust settled from the collective shock of the market, government, and consumers, it soon surfaced that the attack targeted source code management systems of more than 30 major companies. The organized hackers sought out source code and other sensitive data from defense contractors and financial institutions. The breach was traced back to China and prompted Secretary of State Hillary Clinton to speak out against the breach. This major security breach was part of an orchestrated hacking campaign that targeted Berlin, London, and Washington companies and institutions. Evidence suggests that the campaign was sponsored, endorsed, or allowed by Beijing officials.
The hackers were able to access a database containing information on U.S. surveillance targets. Government officials still don’t know how much the hackers were able to access, but the breach poses a major concern for national security. The hacked information contained court orders and warrants authorizing surveillance of suspected Chinese spies through their Gmail accounts. For the Chinese government, such information is essential, because as one official put it, “Knowing that you were subjects of an investigation allows them to take steps to destroy information, get people out of the country.” And the attacks haven’t stopped since then, with a recent attempted breach on Microsoft’s servers, in which hackers sought to crack the accounts of those flagged for surveillance by U.S. law enforcement and security agencies. According to the senior director of Microsoft’s Institute for Advanced Technology in Governments, David W. Aucsmith, “What we found was the attackers were actually looking for the accounts that we had lawful wiretap orders on.”
These attacks sourced in China have been dubbed the “Aurora attacks” and have brought national attention to the ongoing cyber war between the U.S. and China. With the backing of a national government, these coordinated attacks have become all the more dangerous. According to CIO.com, IT security workers, managers, and HR teams should “ensure that their systems are as dynamic as possible, narrowing the window for potential attacks and, in the process, making it more costly for the adversaries.” While these cyber wars don’t have physical casualties, unsuspecting consumers using popular services like Gmail could unknowingly find their data seized in the crossfire.
For businesses and users looking to keep their sensitive data out of the expanding battlefield of these cyber wars, several steps are in order. First, IT managers and individual users must do the work of securing any sensitive information onsite. That means data encryption and password protected desktop storage before submitting data to a third party cloud service provider. Then, IT teams and users must find and choose a truly private cloud service provider that can offer actual user anonymity. As the recent Operation Aurora attacks indicate, businesses and users cannot rely on the protections of the U.S. government to secure their data from international hackers backed by national governments.
The Protection of Privacy
Choosing the right third party cloud service can be a challenge as many cloud services on the market have wide security gaps that leave sensitive data wide open to third party attacks and even legal governmental snooping. One cloud service provider that sets itself apart from the market is SpiderOak. This private cloud provider offers the full benefits of cloud storage and sync along with 100% data privacy.
SpiderOak protects sensitive user data through two-factor password authentication and 256-bit AES encryption so that files and passwords stay private. Two-factor authentication is just like the process used by some banking services that require a PIN as an extra precaution along with a password in order to successfully log in. With SpiderOak, users that choose to use two-factor authentication must submit a private code through SMS along with their individual encrypted password. Users can store and sync sensitive information with complete privacy, because this cloud service has absolutely “zero-knowledge” of passwords or data. Plaintext encryption keys are exclusively stored on the user’s chosen devices, so businesses and users can rest easy knowing their data won’t get caught up in an international cyber war. SpiderOak’s private cloud services are available on Windows, Mac, and Linux platforms, along with Android and iOS mobile devices, allowing for flexible solutions for both businesses and private users.