Don’t worry about dorm-room hackers, crime rings, or the mafia, said two cyber-security experts Thursday at the Washington Ideas Forum.
Worry about the government. Or, rather, the governments, plural.
“These attacks are happening all the time,” said Dmitri Alperovitch, CTO and co-founder at Crowdstrike, of attacks on American corporate and government servers. “These are not malicious actors, but nation-states, and they want to steal our intellectual property so they can better compete on the markets.”
(As a private cybersecurity company, Crowdstrike is in the business of protecting companies from exactly these kinds of targeted IP attacks.)
Morgan Marquis-Boire, the director of security at First Look Media, agreed. As security lead at that news startup, Marquis-Boire is charged with protecting some of the reporters most focused on the Snowden leaks. And journalistic organizations, he said, are another frequent target of state-sponsored attacks. More than 20 top media outlets have been hacked by governments or others acting in their stead.
Both men focused on the asymmetry of the attacks, and the impossibility of ever fully being protected from them. If you’re doing a story on Chinese leaders illegally enriching themselves, Alperovitch said, “I can guarantee you, you’re already infected.”
Would such espionage attacks ever slow down? Moderator Mary Louise Kelly recalled a quote of Marquis-Boire’s in a 2012 New York Times story: “I can’t wait for the day when I can sleep in and watch movies and go to the pub instead of analyzing malware and pondering the state of the global cybersurveillance industry.”
Is such a day on the horizon?
“This is just espionage,” said Alperovitch. “It’s a human problem, not a technical problem.”
Marquis-Boire was less sure. He hailed the “greater transparency and dialogue around surveillance right now.” Spying on companies and governments might never stop, he said, but soon, as citizens spied on by their own government, “we might have more of a say.”