How I Survived a Cyber Attack by the Chinese Military

This company caught the Chinese with their hands in the data cookie jar, and slammed the lid on them, stopping them cold.

cybersecurity 3FireEye, the Internet security company, introduced one of its clients, a chief security and information officer, to Chief Executive with the understanding that his identity would not be revealed. He works for a Midwest-based company that sells high-tech industrial automation equipment to Boeing, Airbus, Lockheed Martin and the U.S. Navy, among other customers. Its annual sales are about $200 million. Here is his account of being hacked.

“I was out on the golf course on a Saturday in May 2013 when my CEO called. This was everyone’s worst nightmare. He told me he was having trouble with the company’s email system and asked me to check it out. I looked at email on my phone and sure enough, we had problems. It was the canary in the coal mine because our email server had its own private network to the Internet. That network was being saturated with data leaving the building.

“With help from FireEye, we discovered they had been on our systems for two months before we found them.”

“We didn’t know what was going on for a couple of days until we looked at where the traffic was going. All of it was going to one location in Shanghai and we didn’t have any customers or operations there. The information being targeted was export control documents we had filed with the U.S. government to export equipment to the UK, India and Spain. But it seemed like the real target was the U.S. Navy because what we were exporting was similar to what we make for the Navy. Whoever was doing this wanted to take an easy route to help their own Navy.

“With help from FireEye, we discovered they had been on our systems for two months before we found them. The forensics work showed that they did a lot of poking around and knew what they were looking for. They had set up a process for getting the data out by compressing the files so they could be exfiltrated. “We stopped them manually in mid-exfiltration and they couldn’t get back in. Which meant they did not have time to clean up and cover their tracks. We could see all the trails they had left. Our whole directory of emails and passwords had been compromised. They had taken a lot of documents and RFPs, but they had not yet taken our drawings, which are the secret sauce. If they had gone for the drawings first, it would have been better for them.

“The Mandiant people at FireEye told us that the attack was similar to other attacks by a unit of the People’s Liberation Army called simply Unit 61398. They had been tracking these guys and knew their patterns. This unit represented what they called an Advanced Persistent Threat (APT.)

“After we stopped them, we went into a remediation. We had to do things like check all the software on our servers to make sure we had current versions and therefore there no vulnerabilities. We had eight different locations in the world where we had a connection to the Internet. Think of that like having eight doors into your house that someone could get in through. I consolidated that to one door and put new technology into that one system. That was better than having cheaper equipment in eight locations.

“We also had to change everybody’s passwords. We figured out that the attack started out from a phishing email. They got somebody to click on something that created a beachhead into our network. “How did I keep my job? It wasn’t like we were completely unprepared.

We had a firewall and virus protection. But realistically, if someone is good and they want to target you, they are going to get in. There is no way to stop it. The key question is how fast can you limit it. Unfortunately, we didn’t have intrusion detection software.

“I was lucky that we had several people on our board who had gone through different kinds of attacks and they supported me as I put together a remediation program and made a presentation to the board. When I explained what I needed to prevent this from happening again, they supported me. I would not have gotten the money if I hadn’t been attacked.

“The Chinese tried three more times after that to get back in, but they couldn’t. After a while, this sort of thing starts to piss you off.”


MORE LIKE THIS

  • Get the CEO Briefing

    Sign up today to get weekly access to the latest issues affecting CEOs in every industry
  • upcoming events

    Roundtable

    Strategic Planning Workshop

    1:00 - 5:00 pm

    Over 70% of Executives Surveyed Agree: Many Strategic Planning Efforts Lack Systematic Approach Tips for Enhancing Your Strategic Planning Process

    Executives expressed frustration with their current strategic planning process. Issues include:

    1. Lack of systematic approach (70%)
    2. Laundry lists without prioritization (68%)
    3. Decisions based on personalities rather than facts and information (65%)

     

    Steve Rutan and Denise Harrison have put together an afternoon workshop that will provide the tools you need to address these concerns.  They have worked with hundreds of executives to develop a systematic approach that will enable your team to make better decisions during strategic planning.  Steve and Denise will walk you through exercises for prioritizing your lists and steps that will reset and reinvigorate your process.  This will be a hands-on workshop that will enable you to think about your business as you use the tools that are being presented.  If you are ready for a Strategic Planning tune-up, select this workshop in your registration form.  The additional fee of $695 will be added to your total.

    To sign up, select this option in your registration form. Additional fee of $695 will be added to your total.

    New York, NY: ​​​Chief Executive's Corporate Citizenship Awards 2017

    Women in Leadership Seminar and Peer Discussion

    2:00 - 5:00 pm

    Female leaders face the same issues all leaders do, but they often face additional challenges too. In this peer session, we will facilitate a discussion of best practices and how to overcome common barriers to help women leaders be more effective within and outside their organizations. 

    Limited space available.

    To sign up, select this option in your registration form. Additional fee of $495 will be added to your total.

    Golf Outing

    10:30 - 5:00 pm
    General’s Retreat at Hermitage Golf Course
    Sponsored by UBS

    General’s Retreat, built in 1986 with architect Gary Roger Baird, has been voted the “Best Golf Course in Nashville” and is a “must play” when visiting the Nashville, Tennessee area. With the beautiful setting along the Cumberland River, golfers of all capabilities will thoroughly enjoy the golf, scenery and hospitality.

    The golf outing fee includes transportation to and from the hotel, greens/cart fees, use of practice facilities, and boxed lunch. The bus will leave the hotel at 10:30 am for a noon shotgun start and return to the hotel after the cocktail reception following the completion of the round.

    To sign up, select this option in your registration form. Additional fee of $295 will be added to your total.