China-Based Hacking of 760 Companies Reflects an Undeclared Cyber Cold War
Dec 14, 2011link
"They are stealing everything that isn't bolted down, and it's getting exponentially worse," said Representative Mike Rogers, a Michigan Republican who is chairman of the Permanent Select Committee on Intelligence.
An informal working group of private-sector cybersecurity experts and government investigators identified the victims by tracing information sent from hacked company networks to spy group-operated command-and-control servers, according to a person familiar with the process. In some cases, the targets aren't aware they were hacked.
John Alexandersen, a spokesman for the Lundtofte, Denmark-based Thrane & Thrane, said although he couldn't "rule out" that hackers breached their networks, no confidential data was taken.
Erik Fallis, a spokesman for the California State University Network, said that following an investigation, "no evidence was found to suggest that this event compromised CSU assets."
This is the pattern you see over and over. At some point someone detects a breach. Investigators follow the data to a remote server somewhere. Upon investigation of that server they find lots of evidence of other sites being penetrated. When investigators contact those sites, they claim they have no evidence of anything being taken.
Of course they don't have evidence because they don't have the ability to even know when their stuff is stolen. They need to turn on their audit trails in order to have some chance of having some visibility into what is actually happening on their computers.