A recent piece in the New York Times said that the Chinese army is constantly hacking American computers. The article is based on a study by cybersecurity firm Mandiant. The study shows Chinese intrusions into corporate networks in the U.S. trace back to an Army unit in Shanghai.
Scary stuff, right? Kim Zetter of Wired says “scary” may be the wrong word to use.
“I don’t like to use that word. This is espionage, and a lot of it is economic espionage; in the past, it’s happened in a lot of other ways. Computers just make it a lot easier and a lot more stealth,” said Zetter.
But how do these guys even go about hacking into corporate systems? Zetter says the main avenue for hackers is through email.
“It’s very easy to get into email. You have a lot of protections on a network, but you can’t block email from getting in,” said Zetter.
Zetter said hackers use “spearfishing” attacks: Malware emails that are crafted in a way that entice users to click. These emails usually come from a person that the user knows or is about a topic that the employee is interested in. When the email is open, it allows malware into the system, and hackers use that to dig deeper into a system.
Although it may seem like common sense to stray away from clicking something suspicious, Zetter says you can take all the measures you want to get employees not to do something, but they will still do it.