Intel was hit by a ‘sophisticated incident' last month, but it has stated that it was not a victim of the ‘Aurora' attacks.
In a filing with the US Securities and Exchange Commission, Intel admitted that it regularly ‘faces attempts by others to gain unauthorised access through the internet to our information technology systems'.
It then went on to claim that a ‘recent and sophisticated incident occurred in January 2010 around the same time as the recently publicised security incident reported by Google'. It has issued no official statement to confirm or deny that it was not part of the Aurora attacks, whose victims already include Google and Juniper, and the blame was ultimately laid at the use of Microsoft's Internet Explorer 6. Microsoft advised users to upgrade to IE8, the latest version of the browser.
David Harley, director of malware intelligence at ESET, commented that he doubted that the last had been heard of these incidents, and suspected that there are other organisations that have not realised that they have been hit, or are in sectors more reluctant to disclose a breach.
He said: “It's not really possible to estimate the practical consequences but it doesn't mean they won't lose subtle advantages.”
Reuters reported that Google would not comment on whether Intel was one of the roughly 20 unnamed companies, and Intel spokesman Chuck Mulloy said that ‘the only connection is timing'.
Rik Ferguson, senior security advisor at Trend Micro, said that it was impossible to answer which companies will report attacks. He said: “In reality, a company holding personally identifiable information, or with valuable intellectual property (either for the purposes of resale or extortion) would be seen as fair game in the criminal fraternity.
“The truth of this is actually reinforced by the fact that the Intel breach doesn't appear to be related to the Aurora attacks. I said that the time Aurora was nothing new, the only really surprising thing was that Google went public with it.
“As to whether companies suffer, I think if the public communication is done in an honest and transparent way it can actually even help a victim's brand to be seen to be able to deal with eventualities such as this.”