"Any government or commercial organization with sensitive information is being targeted," MacDonald says. The highly publicized attack on Google's network, in which the company was a target of what it called a highly sophisticated and coordinated assault originating from China, was just the beginning. MacDonald says multiple Gartner clients have reported being attacked during the same timeframe via similar methods. InfoWorld's editors have learned of repeated attacks at major companies, described in several off-the-record conversations.
Others say it's hard to determine how widespread this type of activity is because the attacks are so difficult to identify and track.
"While we know it's a serious problem, the secrecy of these kinds of attacks makes it impossible to know how common they are," says Paul Kocher, the chief scientist at Cryptography Research, a security consultancy. Spying organizations consider any effort that gets detected by the victim to be a massive failure, so the only information available relates to attacks that failed, Kocher says.
"Because the whole point is for the espionage to be stealthy, there is truly no way to know the size and scope of the issue," says Mark Lobel, advisory principal at PricewaterhouseCoopers. But don't let that quiet nature fool you, he adds: "In conversations with people in the industry, they are confident that it is a larger problem than most people recognize or understand."
Who's doing the espionage?
Even when electronic spying is detected, it's often impossible to know the real source of the attack. For example, if you trace an attack to an IP address in a given country, it's likely the machine is simply a compromised computer that's acting as a proxy or relay.
Today, most security vendors track threats such as viruses in a signature-based detection setup, looking for parts of known viruses. But for countries such as China that have the budget and expertise, it's not hard to exploit advanced code and other zero-day attacks that security vendors don't have on record to catch, says Brandon Gregg, a San Francisco-based corporate investigator who plans to teach a law-enforcement class on electronic espionage in the fall.
Although China is often cited as a source of electronic spying, it's hardly the only place from which such attacks originate. "It's human nature that you need one entity you can blame. But from the data I've seen and from what I've heard it's a little more complex than that," says Nils Puhlmann, CSO at online game producer Zynga Game Network and co-founder of the Cloud Security Alliance. While Puhlmann wouldn't provide details, he indicates that electronic spies operate from multiple countries and are not necessarily state-sponsored.
Sites such as Hackerforum.com feature content about remote access tools that allow hackers to not only control a computer completely in a few steps, but to hear and see a user without the user knowing about it.