Bloomberg breaks news of another major Chinese cyber espionage campaign, this one directed against defense and security contractor QinetiQ North America. The campaign lasted at least five years, involved multiple (and diverse) points of attack, and succeeded against a company whose considerable security expertise failed to prompt effective action once warnings appeared. The attackers stole technology that now appears in fielded Chinese systems. The notorious People's Liberation Army Unit 61398 (a.k.a. "Comment Crew") is blamed for the attack; Terramark, HBGary, and Mandiant were engaged to contain it, apparently with mixed success.
The story is worth close attention because it's by no means an aberration. As a Center for Strategic and International Studies senior fellow put it to Businessweek, "The line forms to the left when it comes to defense contractors that have been hacked."
The US Department of Labor's website (now fixed) was hacked to serve malware in a watering hole attack. Unknown parties breached a US Army Corps of Engineers database recording physical vulnerabilities in dams.
In industry news, South Carolina's recovery from last year's data breach offers lessons for businesses approaching this market. VentureBeat offers Fixmo as an example of how an international company can succeed in the US security market. Struggling tech companies continue to grasp at cyber as a profitable lifeline. Apple thinks its designs have suffered from skeuomorphism. (Who knew?)
The US FBI wants backdoors it can use to push through carrier reluctance to cooperate with eavesdropping. Thirty-six governments worldwide now use FinFisher for surveillance.