Nissan Motor Co. is scrambling to recover from a major attack by so far-unknown hackers who found a hole into the maker’s global computer network.
Officials are still trying to get a complete sense of the damage and are facing the massive task of shoring up the system, an official told TheDetroitBureau.com, but Nissan says it appears that neither its customer data nor vehicle program files were compromised in the well-planned attack.
“We have detected an intrusion into our company’s global information systems network,” revealed Nissan Motor Co. Executive Vice President Andy Palmer, who added that the Japanese maker’s “information security team confirmed the presence of a computer virus on our network and immediately took aggressive actions to protect the company’s systems and data.”
The attack was first identified a week ago, but the maker chose to keep it secret until it could get a better handle on the problem and determine what files and programs were compromised, according to a Nissan spokesman.
“As a result of our swift and deliberate actions,” said Palmer, in a prepared release, “we believe that our systems are secure and that no customer, employee or program data has been compromised. However, we believe that user IDs and hashed passwords were transmitted. We have no indication that any personal information and emails have been compromised.”
The attack on Nissan is, if anything, far from unique, according to security experts, notably including former U.S. security chief Richard Clarke – whose warnings of a likely major Al Qaeda attack before 9/11 were ignored.
In an interview with Smithsonian Magazine last month, Clarke said, “I think the evidence is pretty strong. Every major company in the United States has already been penetrated by China.”
In particular, he warned that Chinese-made computing equipment sold in the U.S. may be “contaminated” with “logic bombs” and other means that hackers could later exploit. According to Clarke and other experts, Chinese espionage is largely state sponsored or tolerated, and much of it is aimed at coming up with corporate information, including intellectual property, that is then provided to Chinese corporations looking for a competitive advantage.
Nissan spokesman David Reuter stressed that the automaker does not yet know the source of the cyber-attack. It is common, he stressed, for experienced hackers to mislead a victim by relaying their attack through separate computer servers in another country.
According to a Washington Post story earlier this week, the FBI’s former top cyber chief believes at least a half-dozen different countries are targeting the U.S., including China, as well as Russia and Iran.
The problem has been so severe that, in some cases, companies have had to completely abandon hardware and software systems and start all over again.
“Once they’re in…they’re in,” said Shawn Henry, who retired last month.
Meanwhile, Scott Borg, chief economist of the US. Cyber Consequences Unit, a research firm focused on hacking and cyber-attacks, estimates the problem to be costing the business world anywhere from $6 billion to $20 billion annually, both in intellectual property losses and lost business opportunities.
Whether Nissan eventually will be able to track the problem back to its root is anything but certain, though Palmer promised it will “vigilantly maintain our protection and detection systems and related countermeasures to keep ahead of emerging threats. Our focus remains on safeguarding the integrity of employee, consumer and corporate information.”