Regional firms top US in computer espionage

PUBLISHED : Monday, 11 June, 2001, 12:00am
UPDATED : Monday, 11 June, 2001, 12:00am

Cases of corporate espionage, when one company attempts to pry another's secrets out of its computer system, are more widespread in Asia-Pacific than in the United States, according to the worldwide head of the 'ethical hacking' unit at IBM.

Guy Denton, competency principal at IBM's global centre of security and privacy services, said the differences stemmed from two issues - US companies were more up-to-date on Web security and the country's legal system tended to be a lot harsher on spying.

Ethical hacking occurs when security experts are invited to attempt to penetrate a firm's computer defences.

In hacker terms, these experts are called 'white hats' while those defacing Web sites or burrowing into corporate systems for criminal reasons are 'black hats'.

In the past, the Asia-Pacific area has been less prone to hacking because it used to be a 'cultural no-no'.

'Hackers had not being hacking until they found people from outside, who did not have the same cultural physics, to say 'hacking is not a bad thing to do',' said Mr Denton, who was in Hong Kong to visit clients, including banks and government departments. 'There is also a lot more inter-company hacking here - basically, one company hacking in another company - than there is in the US.

'In the US, it is a lot more restrictive. Most of the hacking occurs from guys from inside the company rather than hackers on the outside.'

Experts agree the first reason why Asia-Pacific has more corporate espionage is because US companies tend to be more aware of Internet and computer security issues.

Security administrators not only had been dealing with e-mail and Web sites a lot longer, but they tended to patch the holes they had, while some Asian technicians were less aware of the fixes, Mr Denton said.

'The security advancement in the US is a lot further along. [Asia-Pacific] is where the US was about a year or so ago. They are catching up and catching up quickly,' Mr Denton added.

The second issue was that US companies, once they found out they had been victims of corporate spying, had more tools to sue.

Other companies that did 'ethical hacking' had not noticed a big difference but it was difficult to measure, said risk technology consulting partner William Gee at global consulting giant Arthur Andersen, based in Hong Kong.

Sunil Misra, managing principal of the worldwide e-security practice at Unisys, agreed with Mr Denton's assessment.

He added that firewalls recently had gained increased acceptance in the Asia-Pacific, compared with already significant deployment in the West.

'While I believe that Internet [e-commerce] development is growing faster in Asia than the West, you are forced into a technology life-cycle compression when it comes to security,' said Mr Misra in an e-mail. He is based in Massachusetts.

'However, the enabling technologies such as PKI (public key infrastructure) are being adopted in both geographies at the same time. This leads to a peculiar situation where in the West we had time to phase these in - you are doing both simultaneously in Asia-Pacific,' Mr Misra said.

PKI is technology that allows two individuals with 'keys' or passwords to send messages securely over computer systems.