Until this morning I had no idea what my 500th blog post would be about. Should I once more rant about how security awareness training is not worth the cost of the posters?(post 184, Dangerous Meme) Do I need to point out one more time how Network Admission Control is, if anything, plain crazy (the now infamous Kocking CNAC post 28)? Should I extrapolate on how the perimeter is alive and well (De-perimeterization is Dead post 479)?
No, it has to be Chinese hacking. Many security industry people have been in some way connected to the 2008 Olympic Games over the years. I first met with the IT folks responsible for "securing" the Beijing Olympics back in 2002. The concern expressed then was over protecting real time reporting of scores; hackers could some how interfere with those and skew results. But now it turns out that the real story is the pre-game invasion of sports teams' IT systems with the goal of garnering critical information on training, performance, and other physical factors such as weather for sailing teams.
From an article that just appeared in the TimesOnline:
The first sport targeted was GB Canoeing, which was hit in October. The other Olympic sports in Britain were immediately informed, but the IT system of the Amateur Boxing Association of England (ABAE) was then subject to eight attacks over a three-week period and two investigations have traced all this activity back to internet protocol (IP) addresses in China. “This wasn’t kids mucking around,” Paul King, the ABAE chief executive, said. “This was a real professional job.”
There is a lot of evidence mounting that state sponsored hacking is being used by China to gain a competitive informational edge on Western nations (post 473). Is that type of behavior spilling over to the sports arena? Evidently.
I have a feeling this will not be my last post on Chinese hacking.