The U.S. Department of Defense confirmed last week that cyberspies have been sifting through some government computer systems. What wasn't said: The same spies may have been combing through the computer systems of major U.S. defense contractors for more than a year.
"There's been a massive, broad and successful series of attacks targeting the private sector," says Alan Paller, director of the SANS Institute, a Bethesda, Md.-based organization that hosts a response center for companies with cybersecurity crises. "No one will talk about it, but companies are creating a frenzy trying to stop it."
Paller believes that the 10 most prominent U.S. defense contractors--including Raytheon (nyse: RTN - news - people ), Lockheed Martin (nyse: LMT - news - people ), Boeing (nyse: BA - news - people ) and Northrop Grumman (nyse: NOC - news - people )--have, for the past 14 months, been the victims of the same sort of cyberespionage that has recently plagued the Pentagon. He and other experts warn that the classified military technology research held by these private sector companies is even more vulnerable to hackers than the data stored on government computers. And while the U.S. government publicizes its security breaches, researchers say these commercial contractors almost always keep their data losses out of the public eye.
Cyberspies hacked into a Pentagon computer system in June, an infiltration first reported by the Financial Times. Germany's chancellor, Angela Merkel, raised concerns about hackers with Chinese Premier Wen Jiabao during a visit in late August. The Guardian reported last week that the British Parliament and Foreign Office had been hacked, citing government sources. Unnamed U.S. officials have pointed fingers at involvement by China's People's Liberation Army, though state representatives from China have denied involvement.
But while the governments squabble, private industry has remained disturbingly silent. None of the companies have publicly reported data breaches, though many have informed the Department of Defense. "Reporting an event like this would kill your stock price," says a source close to the military contractor industry who asked not to be named.
A spokesman from Boeing said the company couldn't comment on specific security issues, though it "takes security very seriously," and has a "robust computing security team that constantly monitors our network for any suspicious activity." Representatives at Raytheon, Lockheed Martin and Northrop Grumman declined to comment. But the Boeing source, who spoke by phone with Forbes.com, says all four companies have been penetrated by hackers, who appear to be based in China.
(entire article @ following link)
http://www.forbes.com/home/security/2007/09/11/cyberspies-raytheon-lockheed-tech-cx_ag_0911cyberspies.html