As Congress Debates CISPA, Companies Admit No Real Damage From Cyberattacks

from the the-truth-is-so-inconvenient dept

Wed, Apr 10th 2013 7:46am — Mike Masnick

Since the beginning of the cybersecurity FUDgasm from Congress, we've been asking for proof of the actual problem. All we get are stories about how airplanes might fall from the sky, but not a single, actual example of any serious problem. Recently, some of the rhetoric shifted to how it wasn't necessarily planes falling from the sky but Chinese hackers eating away at our livelihoods by hacking into computers to get our secrets and destroy our economy. Today, Congress is debating CISPA (in secret) based on this assumption. There's just one problem: it's still not true.

The 27 largest companies have now admitted to the SEC that cyberattacks are basically meaningless and have done little to no damage.

The 27 largest U.S. companies reporting cyber attacks say they sustained no major financial losses, exposing a disconnect with federal officials who say billions of dollars in corporate secrets are being stolen.

MetLife Inc., Coca-Cola Co. (KO), and Honeywell International Inc. were among the 100 largest U.S. companies by revenue to disclose online attacks in recent filings with the Securities and Exchange Commission, according to data compiled by Bloomberg. Citigroup Inc. (C) reported “limited losses” while the others said there was no material impact.

So what's this all really about? It goes back to what we said from the very, very beginning. This is all FUD, engineered by defense contractors looking for a new way to charge the government tons of money, combined with a willing government who sees this as an opportunity to further take away the public's privacy by claiming that it needs to see into corporate networks to prevent these attacks.

If this was a real problem, wouldn't we see at least some evidence?

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: cispa, companies, cybersecurity, harm, threats

35 Comments

If you liked this post, you may also be interested in...

Reader Comments

Subscribe: RSS

View by: Time | Thread

rw (profile), 10 Apr 2013 @ 5:58am

It is a real problem...Congress itself.
[ link to this | view in chronology ]
Akari Mizunashi (profile), 10 Apr 2013 @ 6:05am

So, what's being said is CISPA stands for Chinese Instigating Senate Paranoia Act.

Yep, I can see that.

Seriously, something is wrong with our government.
[ link to this | view in chronology ]
Ninja (profile), 10 Apr 2013 @ 6:16am

This is all FUD, engineered by defense contractors looking for a new way to charge the government tons of money, combined with a willing government who sees this as an opportunity to further take away the public's privacy by claiming that it needs to see into corporate networks to prevent these attacks.

Same tactics, new 'subjective' realm. And we thought Governments evolved slowly.

Except that it's harder since there's more awareness and information spreads more easily.
[ link to this | view in chronology ]
- Anonymous Coward, 10 Apr 2013 @ 8:37am
  
  Re:
  What we really need to look out for is
  
  A: Who do these contractors donate to and are those who receive donations from these contractors the ones pushing for these laws. Of course, when these laws are negotiated in secrecy that maybe difficult.
  
  B: Which politicians go working for these defense contractors after their term is up.
  
  This should not be tolerated at all. This is what the politicians are looking forward to. They're looking for new ways to obtain campaign contributions and find cushy jobs after leaving office and they see cyber defense as a new and innovative way to do it. It's not about defending the American people from an imminent cyber attack. It's about what do the politicians get out of it.
  [ link to this | view in chronology ]
Anonymous Coward, 10 Apr 2013 @ 8:05am

Devil's Advocate:
There are multiple example of financial loss from hacks. Whether this is due to paying employees extra, consultants, or legal fees, it is still a loss. If you need an example, see the Sony breach:
http://en.wikipedia.org/wiki/PlayStation_Network_outage#Legal_action_against_Sony

Was the damage due to IP, not in the least, but there was damage to both the company fiances, as well as image. Although, the image part could of well been deserved.
[ link to this | view in chronology ]
- Anonymous Coward, 10 Apr 2013 @ 8:28am
  
  Re:
  Then why didn't they report this 'damage'...
  
  maybe it was because these companies already employ people full time to handle this kind of thing, and the overtime pay is a "limited loss" as they have indicated. if "billions" are being lost, why can't even one company come out and say "this cost us $250,000".
  [ link to this | view in chronology ]
  - Anonymous Coward, 10 Apr 2013 @ 8:34am
    
    Re: Re:
    Actually, they did:
    http://www.forbes.com/sites/insertcoin/2011/05/23/sony-pegs-psn-attack-costs-at-170-million/
    
    Whether the losses are real or fabricated to appease stock holders is up for debate though.
    [ link to this | view in chronology ]
    - BentFranklin (profile), 10 Apr 2013 @ 9:34am
      
      Re: Re: Re:
      Sony is not an American company.
      [ link to this | view in chronology ]
- Anonymous Howard (profile), 10 Apr 2013 @ 8:37am
  
  Re:
  From the wikipedia link:
  
  Sony "failed to encrypt data and establish adequate firewalls to handle a server intrusion contingency, failed to provide prompt and adequate warnings of security breaches, and unreasonably delayed in bringing the PSN service back online."
  
  So, how are lack of encryption, network security and customer support is anyway fault of "chinese hackers" ?
  
  If a bank that keeps your money leave open their safes, open its doors and turn off security cameras, and then someone steals the money, whose head would you want to see on a spike?
  [ link to this | view in chronology ]
  - Anonymous Coward, 10 Apr 2013 @ 8:54am
    
    Re: Re:
    I was basically just commenting on:
    
    The 27 largest U.S. companies reporting cyber attacks say they sustained no major financial losses, exposing a disconnect with federal officials who say billions of dollars in corporate secrets are being stolen.
    
    As far as lack of security, this was an extreme case of that. A large number of systems however are vulnerable to attack, just download the latest version of Kali Linux and do a quick search on Shodan to realize that Sony isn't unique in that regard.
    [ link to this | view in chronology ]
This comment has been flagged by the community. Click here to show it

out_of_the_blue, 10 Apr 2013 @ 8:07am

Er, Mike, "secrets" can be stolen, yet still have their secrets.
"The 27 largest U.S. companies reporting cyber attacks say they sustained no major financial losses, exposing a disconnect with federal officials who say billions of dollars in corporate secrets are being stolen."

EXACTLY as you little pirates can steal content yet the owners still have their data! -- The industrial kind of data, however, requires more than lounging back while being entertained by it.

I'm SOLELY making the connection above to try and get some mileage out of this dullness, NOT any other disagreement.

But now I'm asking for Mike's solution to the manifestly growing fascism of the surveillance state. Otherwise, just yet more complaining from Moaning Mike. -- What's the point? We all KNOW the problems, Mike. Now let's find who's merging gov't and corporations, who's committing what crimes, and think on how we get them under control.
[ link to this | view in chronology ]
- Anonymous Coward, 10 Apr 2013 @ 8:23am
  
  Re: Er, Mike, "secrets" can be stolen, yet still have their secrets.
  ""EXACTLY as you little pirates can steal content yet the owners still have their data!""
  
  NO, the content was not stolen. If the content was stolen the owners wouldn't have their data as it wouldn't be there due to the fact that it was stolen. The data that you moan about being stolen is in fact COPIED and that is not the same as being stolen.
  
  Flawed and failed logic once again on your part.
  [ link to this | view in chronology ]
  - This comment has been flagged by the community. Click here to show it
    
    Anonymous Coward, 10 Apr 2013 @ 8:48am
    
    Re: Re: Er, Mike, "secrets" can be stolen, yet still have their secrets.
    It's still stolen from the standpoint that you have unlawfully taken the creative output of another without due compensation. The fact that the creator still has the content doesn't excuse that or make you less honorable than any other chain-snatching hotboy.
    [ link to this | view in chronology ]
    - Anonymous Coward, 10 Apr 2013 @ 8:48am
      
      Re: Re: Re: Er, Mike, "secrets" can be stolen, yet still have their secrets.
      *more* honorable
      [ link to this | view in chronology ]
    - Rikuo (profile), 10 Apr 2013 @ 8:58am
      
      Re: Re: Re: Er, Mike, "secrets" can be stolen, yet still have their secrets.
      AJ, Mike has stated that you are unwelcome on this site and that he doesn't want you viewing his content. You are copying his content without compensation.
      BTW, WTF is a chain-snatching hotboy?
      [ link to this | view in chronology ]
      - This comment has been flagged by the community. Click here to show it
        
        Anonymous Coward, 10 Apr 2013 @ 10:12am
        
        Re: Re: Re: Re: Er, Mike, "secrets" can be stolen, yet still have their secrets.
        AJ, Mike has stated that you are unwelcome on this site and that he doesn't want you viewing his content.
        
        Mike has never said anything like that. Without the 2-3 non-toadies that comment, this place would be nothing more than a vacuous, self-reinforcing circle jerk.... like Insider Chat.
        
        You are copying his content without compensation.
        
        WTF are you babbling about?
        
        BTW, WTF is a chain-snatching hotboy?
        
        A pre-adolescent, low level, urban street dealer who also engages in stupid, high risk/low return street crimes.
        [ link to this | view in chronology ]
        
        Rikuo (profile), 10 Apr 2013 @ 10:15am
        
        Re: Re: Re: Re: Re: Er, Mike, "secrets" can be stolen, yet still have their secrets.
        Yes he has. I remember him distinctly saying to you, AJ, that he wants $1000 a month from you to view his website. And yet, you continue to copy the articles here onto your computer without due compensation.
        [ link to this | view in chronology ]
        
        This comment has been flagged by the community. Click here to show it
        
        Anonymous Coward, 10 Apr 2013 @ 10:34am
        
        Re: Re: Re: Re: Re: Re: Er, Mike, "secrets" can be stolen, yet still have their secrets.
        Yes he has. I remember him distinctly saying to you, AJ, that he wants $1000 a month from you to view his website. And yet, you continue to copy the articles here onto your computer without due compensation.
        
        You'll say anything in order to get that pat on the head, won't you? What a pathetic, ingratiating little ass licker you are.
        [ link to this | view in chronology ]
        
        Alana (profile), 10 Apr 2013 @ 8:42pm
        
        Re: Re: Re: Re: Re: Re: Re: Er, Mike, "secrets" can be stolen, yet still have their secrets.
        You must be talking to the mirror.
        [ link to this | view in chronology ]
- Anonymous Coward, 10 Apr 2013 @ 8:38am
  
  Re: Er, Mike, "secrets" can be stolen, yet still have their secrets.
  I stopped reading at "pirates" because it became apparent your comment had little to do with facts and discussion and everything to do with adhom attacks.
  Discussions are about contributing and you are not.
  [ link to this | view in chronology ]
- Rikuo (profile), 10 Apr 2013 @ 8:45am
  
  Re: Er, Mike, "secrets" can be stolen, yet still have their secrets.
  "Dear" AJ
  
  Fuck off. You're not welcome
  
  Yours
  People who can actually argue and debate.
  [ link to this | view in chronology ]
- Anonymous Coward, 10 Apr 2013 @ 9:37am
  
  Re: Er, Mike, "secrets" can be stolen, yet still have their secrets.
  You do realize you and trolls like you increase the value of these comments area and give a bunch of us a good laugh right?
  
  YOU are one of the best added values of this blog and the only reason a lot of us come down to the comments section is to look for that "This comment has been flagged" marker since we know comedic gold is hiding a click away.
  [ link to this | view in chronology ]
- Anonymous Coward, 10 Apr 2013 @ 10:35am
  
  Re: Er, Mike, "secrets" can be stolen, yet still have their secrets.
  that's obvious you little anti-pirate, the govt. and the corporations. Take off your blinders.
  [ link to this | view in chronology ]
- Anonymous Coward, 10 Apr 2013 @ 11:06am
  
  Re: Er, Mike, "secrets" can be stolen, yet still have their secrets.
  Focus on the topic, not attacking the people writing it, douschenozzle.
  [ link to this | view in chronology ]
gorehound (profile), 10 Apr 2013 @ 8:24am

All about two things is CISPA the shit:

1.Corruption and Money hungry Politicians sniffing up the Asshole of DOD Contractors

2.All about the Control of the Internet..........the probably greatest tool ever invented for Activism.And Worldwide Governments and the Greedbag Politicians are getting scared.

So, they pile on the Fearmongering and get Millions of Sheep to sign on to their own doom.
Read History Books as this happens over and over again.
Not that it would ever happen but have any of you really studied the Rise and the Tactics of the Nazi Party in Germany ? Watch a great documentary or go to the Library and read about the use of Scapegoats,Fearmongering,Propaganda, Etc.
[ link to this | view in chronology ]
- Dreddsnik, 10 Apr 2013 @ 8:32am
  
  Re:
  " Not that it would ever happen but have any of you really studied the Rise and the Tactics of the Nazi Party in Germany ? "
  
  Yes, I have, pretty extensively. I see the same parallels. The problem is that it's an undiscussable subject, like racism. You mention race in a debate, you are accused of racism simply by suggesting that it's a possible component. The same goes for bringing up Nazi Germany ( Godwin's law ). It doesn't matter that the material IS relevant, mentioning it is taboo. Unfortunately this makes it very easy to miss the fact that history could be repeating itself. It's sad.
  [ link to this | view in chronology ]
Anonymous Coward, 10 Apr 2013 @ 8:32am

It's also combined with politicians who want campaign contributions and revolving door favors from these defense contractors. Wouldn't it be nice to get a nice easy high paying job that requires no skills or effort after you leave office?
[ link to this | view in chronology ]
Anonymous Coward, 10 Apr 2013 @ 8:38am

what is happening here is that Congress dont want anyone to know the companies that are going to be given massive contracts to 'protect all from cyber attacks' whilst paying nice back handers to those in Congress. add to that the secret interpretations that will be used against anyone that is suddenly disliked for whatever reason and can be whipped into court on God knows what trumped up charges! this whole debacle is a farce! Congress ought to be ashamed of itself! definitely the way to project the democratic ways of the USA, i dont think!
[ link to this | view in chronology ]
Anonymous Coward, 10 Apr 2013 @ 8:39am

Off-topic: I love the little green bar you put on comments that have been made by you. Nice addition.
[ link to this | view in chronology ]
- Anonymous Coward, 10 Apr 2013 @ 8:39am
  
  Re:
  Oh, never mind. They are for new comments apparently.
  [ link to this | view in chronology ]
  - Anonymous Coward, 10 Apr 2013 @ 8:40am
    
    Re: Re:
    Still a nice addition. Credit where it's due.
    [ link to this | view in chronology ]
- Anonymous Coward, 10 Apr 2013 @ 8:40am
  
  Re:
  The green bar indicates the comments are recent.
  [ link to this | view in chronology ]
Anonymous Coward, 10 Apr 2013 @ 8:40am

At least it's not as bad as the TSA with Dr. Thick finger.
[ link to this | view in chronology ]
Suzanne Lainson (profile), 10 Apr 2013 @ 12:15pm

The relevant part for me
I don't know enough about cybersecurity to yet know what is happening. But based on what I have read, I don't think the government is acting independently on this issue. I believe private enterprise is calling the shots in one way or another: either to gain government contracts and/or to get the government to set up protections for private enterprise.

This is the part of the article that stands out for me. It hasn't been established which is more true.

Cyberattacks Abound Yet Companies Tell SEC Losses Are Few - Bloomberg: "Those mixed messages have triggered a debate over whether Washington is overstating the damage from cyber attacks or whether companies are understating its impact -- or not disclosing the attacks at all. It also raises questions about whether some companies are painting more alarming scenarios for politicians than for their investors."
[ link to this | view in chronology ]
uRspqF7L (profile), 19 Apr 2013 @ 5:21am

Since Mike is now a Wall Street expert and understands how SEC filings work, I hesitate to say anything, but here goes.

1) Do companies ever downplay risks to business in their SEC filings? Yes. Much of the time. Most of the time, even. It's actually mentioned in the story. This means particularly things that don't have direct material impact--for example, stealing IP that may allow someone else to be build products a company was going to build itself, but may not, in the current reporting period, cause a direct material harm. Over time, these losses would be expected to be greater than direct financial theft, but they are hard to account for and companies have a huge incentive not to speculate on such losses.

2) Several of these companies mention that the greatest impact now is the huge amounts of money they must spend on digital security. The security industry is smaller than the top 100 companies. Those top 100 companies have huge economic power. Do you think that if they believed the threat was fake, they would continue to spend so much money to defend against it just to please the defense industry's FUD?

3) this site loves to extol the work of torrenters and hackers. Can you honestly say for a second that these operations are not direct contributors to the FUD you blame on defense contractors? Anonymous videos are NOT meant to produce FUD? Anonymous and their allied groups continually take on the appearance of paramilitary groups ("Ops" etc.)--we should presume they are just kidding?
[ link to this | view in chronology ]