Marvin Gile smooths his tie, takes a sip of coffee and settles in at his desk, ready to begin another day as chief financial officer at the defense contracting company that’s been his employer for the past 12 years. His first order of business is slogging through the dozens of e-mails that accumulated in his inbox overnight.
Delete. Delete. Delete.
Then he notices an e-mail from the company’s human resources director announcing a new hire. He double-clicks the attached PDF to learn the details, but the document opens and then crashes. Strange. He moves on to the next task of the day.
What Gile doesn’t know is that in the few seconds it took him to open the bogus e-mail and attachment, malicious software — malware — was released, putting his company’s proprietary information at risk. The moment the malware breached his computer, it sent up a virtual flare to signal one or more servers around the world to send instructions. And in just a few minutes, it was transferring files of sensitive information to a remote location [source: Taylor].
Cyberattacks like this one are on the rise. From 2010 to 2011, the number of cyberattacks made on U.S. companies rose 44 percent; defense, energy and financial sectors were the most targeted, but Google, Intel, Facebook and the members of the U.S. Congress were victims, too [source: Rodriguez]. Reports of malware-based attacks remained strong in 2012, with malware infiltrations causing Internet blackouts at major U.S. banks and compromising networks at nuclear energy companies [sources: Perlroth, Goldman].
While it isn’t always clear where the attacks originate, attention has increasingly turned to the Chinese government. In February 2013, for example, the New York Times reported its computer networks had been hacked during a four-month period by a China-based group with government ties. Soon after, a comprehensive report released by computer security firm Mandiant linked the People’s Liberation Army in China to cyberattacks at 141 U.S. companies.