As Congress Debates CISPA, Companies Admit No Real Damage From Cyberattacks
from the the-truth-is-so-inconvenient dept
Since the beginning of the cybersecurity FUDgasm from Congress, we've been asking for proof of the actual problem. All we get are stories about how airplanes might fall from the sky, but not a single, actual example of any serious problem. Recently, some of the rhetoric shifted to how it wasn't necessarily planes falling from the sky but Chinese hackers eating away at our livelihoods by hacking into computers to get our secrets and destroy our economy. Today, Congress is debating CISPA (in secret) based on this assumption. There's just one problem: it's still not true.The 27 largest companies have now admitted to the SEC that cyberattacks are basically meaningless and have done little to no damage.
The 27 largest U.S. companies reporting cyber attacks say they sustained no major financial losses, exposing a disconnect with federal officials who say billions of dollars in corporate secrets are being stolen.So what's this all really about? It goes back to what we said from the very, very beginning. This is all FUD, engineered by defense contractors looking for a new way to charge the government tons of money, combined with a willing government who sees this as an opportunity to further take away the public's privacy by claiming that it needs to see into corporate networks to prevent these attacks.
MetLife Inc., Coca-Cola Co. (KO), and Honeywell International Inc. were among the 100 largest U.S. companies by revenue to disclose online attacks in recent filings with the Securities and Exchange Commission, according to data compiled by Bloomberg. Citigroup Inc. (C) reported “limited losses” while the others said there was no material impact.
If this was a real problem, wouldn't we see at least some evidence?
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: cispa, companies, cybersecurity, harm, threats
Reader Comments
Subscribe: RSS
View by: Time | Thread
[ link to this | view in chronology ]
Yep, I can see that.
Seriously, something is wrong with our government.
[ link to this | view in chronology ]
Same tactics, new 'subjective' realm. And we thought Governments evolved slowly.
Except that it's harder since there's more awareness and information spreads more easily.
[ link to this | view in chronology ]
Re:
A: Who do these contractors donate to and are those who receive donations from these contractors the ones pushing for these laws. Of course, when these laws are negotiated in secrecy that maybe difficult.
B: Which politicians go working for these defense contractors after their term is up.
This should not be tolerated at all. This is what the politicians are looking forward to. They're looking for new ways to obtain campaign contributions and find cushy jobs after leaving office and they see cyber defense as a new and innovative way to do it. It's not about defending the American people from an imminent cyber attack. It's about what do the politicians get out of it.
[ link to this | view in chronology ]
There are multiple example of financial loss from hacks. Whether this is due to paying employees extra, consultants, or legal fees, it is still a loss. If you need an example, see the Sony breach:
http://en.wikipedia.org/wiki/PlayStation_Network_outage#Legal_action_against_Sony
Was the damage due to IP, not in the least, but there was damage to both the company fiances, as well as image. Although, the image part could of well been deserved.
[ link to this | view in chronology ]
Re:
maybe it was because these companies already employ people full time to handle this kind of thing, and the overtime pay is a "limited loss" as they have indicated. if "billions" are being lost, why can't even one company come out and say "this cost us $250,000".
[ link to this | view in chronology ]
Re: Re:
http://www.forbes.com/sites/insertcoin/2011/05/23/sony-pegs-psn-attack-costs-at-170-million/
Whether the losses are real or fabricated to appease stock holders is up for debate though.
[ link to this | view in chronology ]
Re: Re: Re:
[ link to this | view in chronology ]
Re:
So, how are lack of encryption, network security and customer support is anyway fault of "chinese hackers" ?
If a bank that keeps your money leave open their safes, open its doors and turn off security cameras, and then someone steals the money, whose head would you want to see on a spike?
[ link to this | view in chronology ]
Re: Re:
As far as lack of security, this was an extreme case of that. A large number of systems however are vulnerable to attack, just download the latest version of Kali Linux and do a quick search on Shodan to realize that Sony isn't unique in that regard.
[ link to this | view in chronology ]
Er, Mike, "secrets" can be stolen, yet still have their secrets.
EXACTLY as you little pirates can steal content yet the owners still have their data! -- The industrial kind of data, however, requires more than lounging back while being entertained by it.
I'm SOLELY making the connection above to try and get some mileage out of this dullness, NOT any other disagreement.
But now I'm asking for Mike's solution to the manifestly growing fascism of the surveillance state. Otherwise, just yet more complaining from Moaning Mike. -- What's the point? We all KNOW the problems, Mike. Now let's find who's merging gov't and corporations, who's committing what crimes, and think on how we get them under control.
[ link to this | view in chronology ]
Re: Er, Mike, "secrets" can be stolen, yet still have their secrets.
NO, the content was not stolen. If the content was stolen the owners wouldn't have their data as it wouldn't be there due to the fact that it was stolen. The data that you moan about being stolen is in fact COPIED and that is not the same as being stolen.
Flawed and failed logic once again on your part.
[ link to this | view in chronology ]
Re: Re: Er, Mike, "secrets" can be stolen, yet still have their secrets.
[ link to this | view in chronology ]
Re: Re: Re: Er, Mike, "secrets" can be stolen, yet still have their secrets.
[ link to this | view in chronology ]
Re: Re: Re: Er, Mike, "secrets" can be stolen, yet still have their secrets.
BTW, WTF is a chain-snatching hotboy?
[ link to this | view in chronology ]
Re: Re: Re: Re: Er, Mike, "secrets" can be stolen, yet still have their secrets.
Mike has never said anything like that. Without the 2-3 non-toadies that comment, this place would be nothing more than a vacuous, self-reinforcing circle jerk.... like Insider Chat.
You are copying his content without compensation.
WTF are you babbling about?
BTW, WTF is a chain-snatching hotboy?
A pre-adolescent, low level, urban street dealer who also engages in stupid, high risk/low return street crimes.
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: Er, Mike, "secrets" can be stolen, yet still have their secrets.
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: Re: Er, Mike, "secrets" can be stolen, yet still have their secrets.
You'll say anything in order to get that pat on the head, won't you? What a pathetic, ingratiating little ass licker you are.
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: Re: Re: Er, Mike, "secrets" can be stolen, yet still have their secrets.
[ link to this | view in chronology ]
Re: Er, Mike, "secrets" can be stolen, yet still have their secrets.
Discussions are about contributing and you are not.
[ link to this | view in chronology ]
Re: Er, Mike, "secrets" can be stolen, yet still have their secrets.
Fuck off. You're not welcome
Yours
People who can actually argue and debate.
[ link to this | view in chronology ]
Re: Er, Mike, "secrets" can be stolen, yet still have their secrets.
YOU are one of the best added values of this blog and the only reason a lot of us come down to the comments section is to look for that "This comment has been flagged" marker since we know comedic gold is hiding a click away.
[ link to this | view in chronology ]
Re: Er, Mike, "secrets" can be stolen, yet still have their secrets.
[ link to this | view in chronology ]
Re: Er, Mike, "secrets" can be stolen, yet still have their secrets.
[ link to this | view in chronology ]
1.Corruption and Money hungry Politicians sniffing up the Asshole of DOD Contractors
2.All about the Control of the Internet..........the probably greatest tool ever invented for Activism.And Worldwide Governments and the Greedbag Politicians are getting scared.
So, they pile on the Fearmongering and get Millions of Sheep to sign on to their own doom.
Read History Books as this happens over and over again.
Not that it would ever happen but have any of you really studied the Rise and the Tactics of the Nazi Party in Germany ? Watch a great documentary or go to the Library and read about the use of Scapegoats,Fearmongering,Propaganda, Etc.
[ link to this | view in chronology ]
Re:
Yes, I have, pretty extensively. I see the same parallels. The problem is that it's an undiscussable subject, like racism. You mention race in a debate, you are accused of racism simply by suggesting that it's a possible component. The same goes for bringing up Nazi Germany ( Godwin's law ). It doesn't matter that the material IS relevant, mentioning it is taboo. Unfortunately this makes it very easy to miss the fact that history could be repeating itself. It's sad.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re: Re:
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
[ link to this | view in chronology ]
The relevant part for me
This is the part of the article that stands out for me. It hasn't been established which is more true.
Cyberattacks Abound Yet Companies Tell SEC Losses Are Few - Bloomberg: "Those mixed messages have triggered a debate over whether Washington is overstating the damage from cyber attacks or whether companies are understating its impact -- or not disclosing the attacks at all. It also raises questions about whether some companies are painting more alarming scenarios for politicians than for their investors."
[ link to this | view in chronology ]
1) Do companies ever downplay risks to business in their SEC filings? Yes. Much of the time. Most of the time, even. It's actually mentioned in the story. This means particularly things that don't have direct material impact--for example, stealing IP that may allow someone else to be build products a company was going to build itself, but may not, in the current reporting period, cause a direct material harm. Over time, these losses would be expected to be greater than direct financial theft, but they are hard to account for and companies have a huge incentive not to speculate on such losses.
2) Several of these companies mention that the greatest impact now is the huge amounts of money they must spend on digital security. The security industry is smaller than the top 100 companies. Those top 100 companies have huge economic power. Do you think that if they believed the threat was fake, they would continue to spend so much money to defend against it just to please the defense industry's FUD?
3) this site loves to extol the work of torrenters and hackers. Can you honestly say for a second that these operations are not direct contributors to the FUD you blame on defense contractors? Anonymous videos are NOT meant to produce FUD? Anonymous and their allied groups continually take on the appearance of paramilitary groups ("Ops" etc.)--we should presume they are just kidding?
[ link to this | view in chronology ]