The Greatest Threat to the United States

Six months ago, I reported the No. 1 security risk on Americans' minds is no longer terrorism; hackers and viruses outranked terrorism as the nation's No. 1 security threat. U.S. Defense Secretary Leon Panetta has been sounding the alarm on cyber war. In October, he stressed to Time magazine that, "We are facing the threat of a new arena in warfare that could be every bit as destructive as 9/11 -- the American people need to know that." Read on, and I'll explain the growing problem, how you can protect yourself, and the stock I think is best-positioned to gain from battling ever-expanding cybersecurity risks.

The huge rise of cyber attacks
It's no surprise Americans are scared. In just the past six months, we've seen:

  • On August 15, Saudi Arabia's state-owned oil company, Saudi Aramco, was hacked with a copycat version of the cyberweapon Flame. The true extent of the hack was never confirmed, though the hackers claimed that 75% of Saudi Aramco's computers -- roughly 30,000 -- were destroyed.
  • On September 4, hacker group Antisec leaked 1 million Apple (NASDAQ: AAPL  ) Universal Device IDs, and claimed to have an estimated 11 million more UDIDs, which they stole from the FBI.
  • In September, U.S. banks were first attacked with distributed denial-of-service (DDOS) attacks by the Al-Qassam Cyberfighters, who many believe to be a front for the Iranian government. The attacks have been basically constant since then, with SunTrust, PNC (NYSE: PNC  ) , Bank of America (NYSE: BAC  ) , JPMorgan Chase (NYSE: JPM  ) , and US Bancorp among those affected.
  • Also in September, the White House Military Office was attacked, though the White House said the network was unclassified and isolated.
  • On October 26, South Carolina's Department of Revenue revealed it had been hacked, and had 3 million social security numbers taken from it.
  • In November, after commencing air strikes on Gaza, Israel announced there had been more than 44 million hacking attempts on government web sites in the five days since the operation commenced.
  • In December there was a scare, that was later proved to be unfounded, that Verizon had been hacked, and 300,000 customer records released. The data came from a third party marketing firm.
  • In January, the New York Times (NYSE: NYT  ) and Wall Street Journal announced they were hacked by Chinese hackers starting in October, when the New York Times reported that the relatives of China's Prime Minister Wen Jibao had accumulated a fortune of several billion dollars.
  • Also in January, Kapersky Labs, the Russian cyber security firm that uncovered the cyberweapon Flame, released a report detailing the cyber-espionage network "Red October," which has been actively stealing data since at least 2007

In just the past two-and-a half-weeks, we've seen:

The scary part is that these are just the attacks that have been noticed and reported on. The true number and scope of the attacks on companies will likely never be known.

Cyberwar
For the past few years, U.S. companies from Google to Northrop Grumman  have been accusing China of waging a cyberwar against U.S. targets; but, without being able to prove 100% that the Chinese government was involved, the Obama administration has only been able to relay concerns to the Chinese government.

Within the U.S. government, Defense Secretary Leon Panetta has been sounding the alarm on cyber war for the past year. It seems that his cries have been falling on deaf ears, as the U.S. Senate killed cybersecurity legislation in November that would have created voluntary cybersecurity standards for companies that are essential to U.S. infrastructure. Not to be deterred, he continues to speak up on the issue noting earlier this month that:

I believe that it is very possible the next Pearl Harbor could be a cyber attack ... [that] would have one hell of an impact on the United States of America. That is something we have  to worry about and protect against.

Other experts are more worried about low-visibility attacks. Former cybersecurity and cyberterrorism advisor for the White House Richard Clarke said last year:  

Every major company in the United States has already been penetrated by China. My greatest fear is that, rather than having a cyber-Pearl Harbor event, we will instead have this death of a thousand cuts. Where we lose our competitiveness by having all of our research and development stolen by the Chinese. And we never really see the single event that makes us do something about it.

It looks like that "single event" has finally come to pass, but in the form of two publicly reported attacks.

New York Times Attacked
On January 30, the New York Times published an in-depth account of its battles with Chinese hackers. After publishing an investigation of corruption in the Chinese government on October 25, the New York Times' network monitors noticed network "behavior that was consistent with other attacks believed to have perpetrated by the Chinese military." After unsuccessfully trying to expel the hackers over two weeks, the New York Times hired cybersecurity specialist Mandiant. After tracking the hackers' movements and actions for four months in January, Mandiant was able to expel the hackers for good from the New York Times' systems, at which point, the newspaper went public with its account.

Mandiant believed the attack to be the work of a Chinese Cyber Espionage Unit, which it refers to as Advanced Persistent Threat (APT) 12. For its part, China denied any attacks on media organizations with the Chinese Defense Ministry  saying, "It is unprofessional and groundless to accuse the Chinese military of launching cyber attacks without any conclusive evidence."

Evidence of China's Cyber Espionage Organization unveiled to the public
On Tuesday, Mandiant came out with a report on APT 1, one of China's Cyber Espionage Units that Mandiant considers to be "one of the most prolific in terms of the sheer quantity of information it has stolen."

We've known U.S. companies are under siege: In the past five years, 27 of the 30 companies that make up the Dow Jones Industrial Average have been hacked or had data breaches. The Mandiant report on APT1 gives us a clearer picture of the threat to U.S. companies by showing the breadth of industries of the 141 organizations APT1 attacked over the past seven years.

Mandiant's report, which can be downloaded from Mandiant here, details APT1's attack infrastructure, command, and control, and tools, tactics, and procedures. Without getting into the specifics of the report, which I highly recommend you read, Mandiant concludes

We believe that APT1 is able to wage such a long-running and extensive cyber espionage campaign in large part because it receives direct government support. In seeking to identify the organization behind this activity, our research found that People's Liberation Army (PLA's) Unit 61398 is similar to APT1 in its mission, capabilities, and resources. PLA Unit 61398 is also located in precisely the same area from which APT1 activity appears to originate.

Mandiant believes that ATP1 is PLA Unit 61398, which is known to be a unit in the People's Liberation Army's cyber-command. The gauntlet has been thrown down.

The Chinese Defense Ministry vehemently denied the accusations, and said the report "lacks technical proof." On the other side, the Obama administration has raised concerns with senior Chinese officials at the highest levels, and has come out with a comprehensive report titled "Administration Strategy on Mitigating the Theft of U.S. Trade Secrets." It remains to be seen if anything will come of all this.

In the meantime what can you do?

Eight simple tips to boost your cybersecurity

Many of the above hacks could have been prevented by some simple precautions.

1. Use long, complex, passwords. By that, I mean at least 12 characters with numbers, symbols, uppercase letters, and lowercase letters. I always suggest to people to read this brief article on passwords. It's frightening how many people use simple passwords such as "12345" or "password." A 10-character password with all the above would take the most powerful known brute force password breaker 5.5 years to break, compared to 5.3 hours for an eight-character password.

2. Use two-step authentication wherever possible.

3. Don't reuse the same password across multiple websites.

4. Choose obscure answers to your password retrieval questions.

5. Use antivirus software.

6. Use BillGuard to monitor your credit card. BillGuard is a free monitor for your credit and debit cards (they use the crowdsourced data to create the most advanced fraud monitoring system, which they sell to credit card companies).

7. If you receive a suspicious email, do not open it, especially if it has attachments or links that seem suspicious.

8. If you receive a suspicious email from someone you know, especially if it has attachments or links that seem suspicious, call (do not email) the person to confirm that they sent it.

In the case of email phishing hacks of the variety that ATP1 does, there's not a lot you can do besides educating yourself. If interested, in the Mandiant report, you can read pages 27-30 to learn about the relatively simple tactics APT1 used.

My top stock for cybersecurity
Six months ago, I called out Check Point Software Technologies (NASDAQ: CHKP  ) as my favored way to invest in the cybersecurity space. While the stock is basically unchanged since then, I still like it as the story hasn't changed.

1) No. 3 in network security behind Cisco and Juniper Networks, with an $11 billion market cap.

2) Very profitable, $800 million in FCF.

3) Founded and run by Gil Shwed and Marius Nacht, each with roughly a 10% stake.

4) No debt, $3 billion in cash and bonds on the balance sheet, and buying back shares every quarter.

While there are other interesting stocks in the network security space, none have the low valuation, balance sheet strength, or insider ownership that Check Point does.

Final Foolish thought

Cybersecurity will only become more important as the number of devices connected to the Internet continues to grow exponentially. The Motley Fool recently released a free report named "The Next Trillion-Dollar Revolution," that shows why this seismic shift will dwarf any other technological revolution seen before it. The report also reveals a stock we have singled out as the front runner of this trend. Thousands have already requested access to this report, and you can get your copy today by clicking here -- it's free.


Read/Post Comments (17) | Recommend This Article (44)

Comments from our Foolish Readers

Help us keep this a respectfully Foolish area! This is a place for our readers to discuss, debate, and learn more about the Foolish investing topic you read about above. Help us keep it clean and safe. If you believe a comment is abusive or otherwise violates our Fool's Rules, please report it via the Report this Comment Report this Comment icon found on every comment.

  • Report this Comment On February 21, 2013, at 11:21 PM, techy46 wrote:

    "U.S. Defense Secretary Leon Panetta has been sounding the alarm on cyber war."

    He's a war monger just like John McCain. They both would love to use all of our tax dollars to build war machine to fight the next great evil from China. We need to stop the political and religious bigotry and the wars they start. There's a really simple fix. Take the critical systems off the internet.

  • Report this Comment On February 22, 2013, at 4:12 PM, rmsteere wrote:

    Cyber attacks are the 2nd most dangerous problem we face. Far and away the biggest problem is that very few Americans think it is important to vote. Our society is slowly draining away under the (non) leadership of fools. Who elected them? They and their cronies elected them. You can bet they vote while we see a little more than half turning out for Presidential elections, maybe 40% for midterm elections, and we're lucky to see 5% in local elections. You get what you pay for.

  • Report this Comment On February 22, 2013, at 6:52 PM, TMFDanDzombak wrote:

    We can add Microsoft to the list of companies hacked

    http://finance.yahoo.com/news/microsoft-says-small-number-co...

  • Report this Comment On February 23, 2013, at 12:03 PM, ETQ wrote:

    The greatest threat to the United States is the ill informed, dopey, lazy electorate that keeps the administration in the White House.

  • Report this Comment On February 23, 2013, at 12:03 PM, Grahdodd wrote:

    Great work on this piece. This is a huge issue.

    This is 21st century war. For developed nations especially, this is the real battlefield.

  • Report this Comment On February 23, 2013, at 12:22 PM, hughmartin100 wrote:

    A potential investment opportunity also exists with managed security service providers. MSSP are agreggators of talent for this specific space. My company has seen a significant uptick in requests for quotes in our service because although there is a huge need, there are fewer and fewer cyber security professionals to apply to the threat.

  • Report this Comment On February 23, 2013, at 1:43 PM, DrJCA1 wrote:

    Personal and sensitive data should NOT be on the internet,. Humans are truly the dumbest creatures in the universe. So now they put things on this junk internet and cry when bad folks use the information to hurt them. If that's not stupid enough, now the morons are rushing towards this newer piece of trash - the cloud. Oh yea, I'll put all my personal stuff on here so anyone can use it for harm. so many folks allow technology to be their master, instead of their servant.

  • Report this Comment On February 23, 2013, at 2:05 PM, Amateur2013 wrote:

    I sure hope that we are working on hacking them right back, as this is clearly a 2-edged sword, and we should be ahead of every other country on the planet in the technology area. We have no problem being a threat to the world with a nuclear arsenal that costs a ridiculous amount of money, we should let it be known that the real threat from the United States is we will track down the hackers and virus them out of existence, and that we are making sure to put tracking devices on every single computer shipped or manufactured overseas so we can destroy their computers remotely, too. As to "suspicious" email, that would be anything with the subject line of "hi" or the sender's name or nothing, just delete them without looking - and if you recognize the sender, call and ask if the email is from them, if not, then be a sweetheart and let them know they have a virus. Download free software and scan your computer every day - I use 3 programs after having been infected earlier this year.

  • Report this Comment On February 23, 2013, at 4:39 PM, xetn wrote:

    The US government is also involved in hacking; witness the stuxnet and flame cyber attacks on Iran. These were reputed to be conceived by joint Israeli and US.

  • Report this Comment On February 24, 2013, at 12:50 PM, reggidmalc wrote:

    Good article, but what about CACI and IBM? I thought they were big in this area? Any others?

  • Report this Comment On February 25, 2013, at 3:59 PM, whereaminow wrote:

    Nice recap of the ongoing attacks.

    But Checkpoint, no. It's a dead technology.

    If you want to hit big, look at up and coming cloud detection and mitigation services.

    That is all

    David in Liberty

  • Report this Comment On February 25, 2013, at 4:07 PM, whereaminow wrote:

    I guess I should expand a little bit, since this is the field I work in.

    Checkpoint gets no advantage in securing business from the increased sophistication and persistence of today's attackers. It is not a business that sees a major benefit.

    Companies that do advanced threat detection (like Mandiant) are huge beneficiaries. They have competitors you should look up as well. Having a dedicated cyber forensics team that actually knows what it's doing (VERY FEW have this knowledge) means explosive growth as people lean about these threats.

    Other companies that benefit work in the cloud, where they can aggregate bandwith and use that to assist you in mitigating attack traffic. This business model is exploding with many new competitors jumping in the field. One, because profit margins are great right now. Two, because the existing competition has no idea what they're doing.

    You have to understand the technical aspects of the new age of cyberwar to know where to look. Checkpoint is not where you want to look. (That being said, I have nothing against what Checkpoint actually does, which is firewall and IPS/IDS, I'm just telling you that I handle advanced attacks for a living and I don't have any use for a Checkpoint box.)

    David in Liberty

  • Report this Comment On February 25, 2013, at 11:49 PM, TerryHogan wrote:

    @techy46 and @DrJCA1

    Taking critical systems or information off the internet is no panacea. Take a look at Stuxnet and how it was delivered.

    On another note, I'm a little shocked at the scope of this and the sort of cavalier attitude on both sides. I suppose this could be a cold-war situation where we don't hear everything that's going on. But still, even if the US is doing way more hacking of China, the US still has more to lose intellectual property-wise.

  • Report this Comment On February 26, 2013, at 12:48 PM, dsciola wrote:

    WhereamiNow/Dave in Liberty,

    Intersting thoughts. So which co's are on the cutting edge then if not Checkpoint? What softwares, companies, services, etc do u work with here?

    Few other Fools here know what companies are in this space. Any further thoughts would be much appreciated.

    Dom

  • Report this Comment On February 27, 2013, at 11:09 AM, whereaminow wrote:

    Hi Dom,

    Let me preface by saying two things:

    1. Just because I work in this field, it doesn't mean I know a good stock.

    2. Just because Checkpoint isn't useful against the types of attacks this article refers to, that doesn't mean it's not a good stock either.

    All that being said, the attacks listed here are varied. For example, ATP and Al Qassam are two different things. To defeat Al Qassam you need bandwith, and that occurs through cloud mitigation. Think Savvis, Prolexic, Verisign, and others. For ATP you need cyber forensics, see Mandiant and Sophos among others Visit the Dark Reading website to find new companies. There's also companies popping up all over the place to simulate attacks from the cloud like RedWolf and others.

    It's really limitless. It's an exploding field. It's hard to even say where to start.

    David in Liberty

  • Report this Comment On February 28, 2013, at 5:33 AM, scaledude wrote:

    i have been asking for years why is hacking not treated like the a crime against our country (which it is in many events). Anyone who intends to benefit financially by stealing should be put in jail. Anyone who steals highly classified information that places our country in jeapordy dhould be treated like the criminal he or she is...lethal injection of a few just might set the example.

    I hear a large percentage do it for bragging rights. Wow that's great, he is so smart he can F-up a corporate system in a couple hours thats amazing, i want to be like him.

  • Report this Comment On March 02, 2013, at 9:57 PM, ChrisBern wrote:

    @DrJCA1 -- all due respect, you clearly don't understand what is happening here. It's not that these companies are "putting sensitive data on the internet". It's that companies store intellectual property and sensitive data on computers (have been for decades and will continue to), and hackers are breaking into their internal network in order to exfiltrate (steal) the data out of their network and onto the hackers' systems. This is a very serious issue and companies are really struggling with the ability to ward off such well-funded and persistent threats. The bad guys only need one flaw to get in...the good guys have to be nearly perfect.

    There were a lot of suggestions for companies up above. Network-security companies like CheckPoint are, for starters, only helpful when your computer is on your internal network. As everyone knows, more and more workers take their laptops and tablets home with them or on the road when they travel--network security gives you zero protection in those situations. It makes sense to add in security technologies such as Bit9 that will serve as the "last line of defense" should something malicious make its way to your machine and attempt to execute. Bottom line is you have to have defense from a varieties of sources, including hopefully diplomatic pressure from the leadership of the U.S. who should be putting SERIOUS pressure on China specifically to discontinue these practices, which have been referred to as the largest scale theft of property in the history of the world.

Add your comment.

Sponsored Links

Leaked: Apple's Next Smart Device
(Warning, it may shock you)
The secret is out... experts are predicting 458 million of these types of devices will be sold per year. 1 hyper-growth company stands to rake in maximum profit - and it's NOT Apple. Show me Apple's new smart gizmo!

DocumentId: 2270596, ~/Articles/ArticleHandler.aspx, 11/23/2014 6:20:19 AM

Report This Comment

Use this area to report a comment that you believe is in violation of the community guidelines. Our team will review the entry and take any appropriate action.

Sending report...

Today's Market

updated 1 day ago Sponsored by:
DOW 17,810.06 91.06 0.51%
S&P 500 2,063.50 10.75 0.52%
NASD 4,712.97 11.10 0.24%

Create My Watchlist

Go to My Watchlist

You don't seem to be following any stocks yet!

Better investing starts with a watchlist. Now you can create a personalized watchlist and get immediate access to the personalized information you need to make successful investing decisions.

Data delayed up to 5 minutes

Related Tickers

11/21/2014 4:33 PM
^DJI $17810.06 Up +91.06 +0.51%
DOW JONES INDUSTRI… CAPS Rating: No stars
AAPL $116.47 Up +0.16 +0.14%
Apple CAPS Rating: ****
CHKP $76.72 Up +0.69 +0.91%
Check Point Softwa… CAPS Rating: ****
FB $73.75 Up +0.15 +0.20%
Facebook CAPS Rating: **
NYT $12.70 Down +0.00 +0.00%
The New York Times CAPS Rating: *

Advertisement