Drone Maker's Secrets Stolen by Chinese PLA

Chinese hackers tied to the PLA (People's Liberation Army) have had access to secret information from QinetiQ, one of the world's foremost designers of military drones. Investigators have discovered that most, if not all, of the secret information in QinetiQ's computer network was compromised as a result of the breach.

Ironically, QinetiQ won a bid to consult with the Department of Defense on cyber-threats.

Denials by the Chinese government have been less than convincing, given the thoroughness of the report released by security firm Mandiant.

State-sponsored cyberattacks have become more common in recent months. These attacks can be particularly difficult for a company to defend against, since the resources of a state sponsor can swamp an individual security department. Even with that, most attacks can be defended against by following basic security principles like the 20 controls recommended by SANS. The US CERT has released 31 guidelines to protect against a broad range of attacks.

In the case of QinetiQ, for example, two-factor authentication would have protected against the most damaging hacks, if it had been implemented.

UPDATE: The Pentagon has directly accused the Chinese government of cyber-spying. The Chinese response:

Although it is common sense that you cannot determine sources of cyber attacks only through IP addresses, some people in the Pentagon still prefer believing they are from China as they always bear a sense of rivalry. It is an allegation based on presupposition.