A top federal prosecutor has a message for companies: If you've been hacked, tell us.
Speaking at a cyber security conference in New York on Thursday, Manhattan U.S. Attorney Preet Bharara said companies should trust in the discretion of prosecutors and the FBI and come forward with information about a security breach, rather than keep it an internal secret.
When industry delays or minimizes, it is harder to assess vulnerabilities and harder to formulate solutions, Bharara said. When industry delays unduly in disclosing to us, or minimizes, it is that much harder to get the bad guy.
Cyber security experts say that corporations rarely acknowledge breaches, and often keep them secret from law enforcement out of fear that news of a compromise will damage their reputation, hurt stock prices and possibly lead to further attacks.
Bharara addressed that fear, calling it unacceptable in the face of increasingly virulent cyber attacks.
Trying to maintain secrecy was the equivalent of sticking one's head in the sand, Bharara said. Get over it.
In January 2010, Google Inc acknowledged that it had been the victim of a cyber attack, reporting that it was one of at least a score of major corporations that had been targeted by hackers in China.
Security experts have since said that they notified dozens of other companies that they were also victimized by the same hackers, but only a handful have acknowledged that they were involved in what has become known as the Aurora attacks.
Once cases come to court, however, federal prosecutors in Manhattan have on some occasions gone to great lengths to help preserve company secrets.
When a now-jailed former programmer at Goldman Sachs was tried in Manhattan federal court on charges he stole computer code for the investment bank's high-frequency trading platform, prosecutors asked the judge to seal certain proceedings to preserve the secrecy of Goldman's system from competitors.
(Reporting by Basil Katz; Editing by Eddie Evans)