Monday, October 22, 2012
Who is Spying on You? Worse, Who is Spying on Your Organization?
In the internet age, industrial spying is alive and well. The means to grab a company's proprietary information is no longer a janitor going through the bins after hours. Now, automated tools enable infiltration and compromise. While governments may be actively engaged in cyber snooping, few CIOs and other decision makers realize the extent to which criminals and other maleficents will go to get secrets, and not just ones about national security. Recently a worm, ACAD/Medre.A, showed a big spike in Peru on ESET’s Live Grid (a cloud-based malware collection system utilizing data from users worldwide). ESET’s research shows that the worm steals AutoCAD drawings and sends them to email accounts located in China. ESET has worked with Chinese ISP Tencent, Chinese National Computer Virus Emergency Response Center and Autodesk, the creator of AutoCAD, to stop the transmission of these files. ESET confirms that tens of thousands of AutoCAD drawings, primarily from users in Peru, were leaking at the time of the discovery. In another case, McAfee, security firm now part of Intel, released a report that presents the details a single criminal's successful attack, lasting several years, against at least 72 organizations. The compromised companies took far too long -- sometimes years -- to fix the problem, and it is unclear if any knew the extent of the breach when they sanitized corrupted computers. The Economist says, "The goal seems to have been retrieving massive quantities of proprietary and confidential information, whether for purposes of duplicating intellectual property or, in the case of the World Anti-Doping Agency, finding out which athletes might be tested next, or even modifying test results." Interception of communications is another vulnerability many fail to address. The recent row over Blackberry encryption capabilities in the context of Internet and communications technologies and free speech are not new -- but this front in the war between those who know secrets, and those who want to know, expands to cover services such as Google Talk and the telephone and video services provided by Skype and other SIP-based Voice-over-internet (VOIP) providers.