Drexel U. Cybersecurity Expert Says Chinese Hackers Used Some Simple Tricks
By Tim Jimenez
PHILADELPHIA (CBS) -- In the first case of its kind, a US grand jury is charging five Chinese computer hackers with economic espionage and theft of trade secrets (see related story).
Today, a local cybersecurity expert provided some insight about how such a cyber spying can happen.
Drexel University assistant professor Robert D'Ovidio says some of the techniques of those hackers were fairly simple, including what's called spear phishing.
"They're going after the end user to get them, to trick them, into giving over access credentials," D'Ovidio told KYW Newsradio today, "and that's how they're gaining access to networks."
One example happened with US Steel. Federal officials say one of the hackers sent spear-phising e-mails to employees there -- legitimate looking e-mails -- asking for critical information to access the company's network.
D'Ovidio says hackers just need one bite to get into the system and do their damage.
"They know pricing information, they know marketing plans," D'Ovidio says, "and all of that stuff can be very vital when you're responding to an RFP or to a request to provide a proposal to a company for a particular job or product."
He says the big deal here is that it's one thing if a country is using its resources in interests of national security, but a different story when they go after the trade secrets and other information from private companies, which means an economic impact, including job losses.
D'Ovidio says companies need to get all employees on the same page with online safety.
"Do not fall victim to these simple e-mail requests of verifying user names and passwords," he warned.
