File000154

Module XLI - Investigating Corporate Espionage

EC-CouncilCopyright © by EC-Council

All Rights Reserved. Reproduction is Strictly Prohibited

News: Changing the Face of OPSEC

Source: http://www.americanchronicle.com/



Case Study: The New Spies

Source: http://www.newstatesman.com/



News: Confessions of a Corporate Spy

Source: http://computerworld.com/

Ira Winkler offers chilling accounts of espionage

PHOENIX -- A former National Security Agency analyst who is now an expert on corporate espionage offered chilling accounts yesterday of his easy penetration into a variety of U.S. companies. In one case, in just a few hours he was able to make off with product plans and specifications worth billions of dollars. Ira Winkler, global security strategist at CSC Consulting, spoke at Computerworld's Premier 100 IT Leaders Conference here and punctured several popular misconceptions about information security. Notably, he said that information security is not the same thing as computer security. Most of his success in penetrating companies, which had hired him to do just that, came from"social engineering" -- not from hacking into corporate networks. "Never measure security budgets by IT," said Winkler, author of Spies Among Us: How to Stop the Spies, Terrorists, Hackers and Criminals You Don't Even Know You Encounter Every Day. At one large company, for example, he persuaded a guard to admit him by saying he had lost his badge and presenting a business card as a substitute. He'd stolen the card -- which belonged to an employee who worked at the plant -- from a local restaurant that collected business cards in a jar for prize awards. Winkler went on to exploit a number of security weaknesses, from doors he found unlocked to using forged signatures to using simple computer hacks. The result: Designs for nuclear reactors and other technologies were compromised, possibly with national security implications. He even detected people in India hacking into the company's computers. "Spies are interested in information, not just computers," he said. "You can protect a computer perfectly, but if someone throwsout a classified printout, you are out of luck." Winkler noted that he always starts a spy job by scouring information openly available on the Internet. At one company, he found out quickly which people to target by reading a company newsletter on the firm's Web site. Lawyers are a fruitful target, too, he said, calling them "the worst for computer security." Winkler said some companies make the mistake of trying to protect all information equally. Instead, they should devise a system similar to what's used by the military: Protecting "top-secret" information is given a higher priority than protecting "secret" or "confidential" data.



Module Objective

• Corporate Espionage• Motives behind Spying• Information that Corporate Spies Seek• Causes of Corporate espionage• Spying Techniques• Defense from Corporate Spying• Tools

This module will familiarize you with:



Module Flow

Corporate Espionage

Information that corporate spies seek

Causes of Corporate Espionage

Tools

Defense from Corporate SpyingSpying Techniques

Motives behind Spying



Corporate Espionage

"Espionage is the use of illegal means to gather information“

The term corporate espionage or industrial espionage is used to describe espionage conducted for commercial purposes on companies, governments, and to determine the activities of competitors

It describes activities such as theft of trade secrets bribery blackmail and technological surveillances



Motives Behind Spying

• The main intention of spying is financial gain

Financial Gain:

• A spy is motivated mostly by personal and non-ideological hostility towards the country or organization

Disgruntled Employee:

• A spy finds it interesting and challenging to extract information

Challenge and curiosity:

• A spy may also be motivated by personal connections and relationships

Personal relations:

Motives behind spying include:



Information That Corporate Spies Seek

• Marketing and new product plans• Source code• Corporate strategies• Target markets and prospect information• Usual business methods• Product designs, research, and costs• Alliance and contract arrangements: delivery, pricing, terms• Customer and supplier information• Staffing, operations, and wage/salary• Credit records or credit union account information

Information that corporate spies seek includes:



Corporate Espionage: Insider/Outsider Threat

Adversaries can be classified into two basic categories:

Insiders

Insiders such as IT personnel, contractors, and other disgruntled employees who can be lured to be indulged in espionage activities

Outsiders

Outsiders include attackers of other organizations



Threat of Corporate Espionage due to Aggregation of Information

Aggregation of information refers to the practice of storing all the sensitive data at one location

It may constitute of both an insider as well as an outsider attack

Insider with access privileges or the one who knows the location where the credentials are stored, can create a threat

Outsider who breaks into the network of the organization can search, aggregate, and relate all the information, thus leading to espionage



Techniques of Spying

• It is an illegal technique of obtaining trade secrets and information

• Attackers may get unauthorized access to the system’s resources using different techniques such as virus, Trojan, and malware propagation attacks

Hacking:

• Social engineering is defined as a “non-technical kind of intrusion that relies heavily on human interaction and often involves tricking other people to break normal security procedures.”

• It involves threats such as online threat, telephone attack, waste managing threat, and personal approach

Social Engineering:



Techniques of Spying (cont’d)

• “Dumpster diving is a technique of retrieving sensitiveinformation from someone else's trash

Dumpster Diving:

• It is the wireless hacking

Whacking:

• Phone eavesdropping is eavesdropping using telephones • "Electronic eavesdropping is the use of an electronic

transmitting or recording device to monitor conversations without the consent of the parties"

Phone Eavesdropping:



Techniques of Spying (cont’d)

• The traffic originating from an organization’s network that consists of web and email services can be used by insiders to pass out information

Network leakage:

• Cryptography garbles a message in such a way that its meaning is concealed

• Cryptography techniques may be used by insiders to secretly pass out information

• Insiders, familiar with the encryption algorithm used in the organization, may help others in decrypting the confidential information

Cryptography:

• It is used to conceal the message exchange between two parties• Insiders can use Steganography techniques to pass out information

Steganography:



Defense Against Corporate Spying

• Controlled Access• Background investigation of the personnel• Basic security measures to protect against corporate

spying

You can secure the confidential data of a company from spies by the following techniques:



Controlled Access

Encrypt the most critical data

Never store the sensitive information of the business on the networked computer

Classify the sensitivity of the data and thus categorize the personnel access rights to read/write the information

Personnel must be assigned the duties where their need-to-know controls should be defined

Ensure that the critical data is authenticated and authorized

Store the confidential data on a stand alone computer with no connection to other computers and the telephone line

Install the anti-virus and password to protect the secured system

Regularly change the password of the confidential files



Background Investigation of the Personnel

Verify the background of new employees

Physical security check should not be ignored

Monitor the employee’s behavior

Monitor the systems used by employees

Disable the remote access

Make sure that unnecessary account privileges are not allotted to the normal users

Disable the USB drives in the employee’s network

Enforce a security policy which addresses all concerns of employees



Basic Security Measures to Protect Against Corporate Spying

Cross-shred all paper documents before trashing them

Secure all dumpsters and post ‘NO TRESPASSING’ signs

Conduct the security awareness training programs for all employees regularly

Place locks on the computer cases to prevent hardware tampering

Lock the wire closets, server rooms, phone closets, and other sensitive equipments

Never leave a voice mail message or e-mail broadcast message that gives an exact business itinerary



Steps to Prevent Corporate Espionage

• According to the criteria determined, score all assets of the organization and prioritize them

Understand and prioritize the critical assets:

• Cost-benefit analysis is a typical method of determining the acceptable level of risk

Define the acceptable level of loss:

• Controlling the access of the employees according to the requirement of their job

Control access:

• Honeypots and Honeytokens are traps which are set at the system level and file level for catching intruders or insider threats

Bait: Honeypots and Honeytokens:

corporateespionage



Steps to Prevent Corporate Espionage (cont’d)

• It can be used to figure out who is leaking information to the public or to another entity

Mole detection:

• It controls and detects the insiders by understanding behavioral patterns

Profiling:

• It involves monitoring of the employees for suspicious activities

Monitoring:

• It looks for a pattern that is indicative of a problem or issue

Signature analysis:



Key Findings of U.S Secret Service and CERT Coordination Center/SEI Study -2008 on Insider Threat

The majority of insiders were current employees in administrative and support positions that required limited technical skills

Nearly half of insiders exhibited some inappropriate or concerning behavior prior to the incident

Financial gain was the motive for most insiders’ illicit cyber activities

In over half the cases, a specific event triggered, or was a contributing factor in, insiders’ decisions to carry out the incidents

The majority of insiders planned their actions

Most of the insiders had authorized access at the time of their malicious activity

Access control gaps facilitated most of the insider incidents



Key Findings of U.S Secret Service and CERT Coordination Center/SEI Study -2008 on Insider Threat (cont’d)

Half of the insiders exploited weaknesses in established business processes or controls such as inadequate or poorly enforced policies and procedures for separation of duties

Insiders were detected and identified by a combination of people, processes, and technologies

In most cases, insiders faced criminal charges

Most insiders did not anticipate the consequences of their illicit activities

Insider actions affected federal, state, and local government agencies with the major impact to organizations being fraud resulting from damage to information or data



Netspionage

“"Netspionage" is defined as network enabled espionage, and in our information systems world, it is an exciting way of extending the old practice of competitive intelligence gathering. This new, computerized, and information-dependent world is heavily dependent on the web, networks, and software technology. The information gatherers of this new age are exploiting dependency on technology for personal, corporate, and national gain.”

-William C. Boni



Investigating Corporate Espionage Cases

Check the points of the possible physical intrusion

Check the CCTV records

Check e-mails and attachments

Check systems for backdoors and Trojans

Check system, firewall, switches, and router’s logs

Screen the logs of the network and employee’s monitoring tools, if any

Check and recover files that are deleted as it can be a foundation for the investigation

Seek the help of the law enforcement agencies, if required



Employee Monitoring: Activity Monitor

• Views remote desktops • Monitors Internet usage• Monitors software usage • Records activity log for all workplaces on the local or shared network location• Tracks any user’s keystrokes on your screen in real time mode • Takes snapshots of the remote PC screen on a scheduled basis • Total control over the networked computers• Deploys Activity Monitor Agent (the client part of the software) remotely from the

administrator's PC to all computers in your network • Autodetection of all networked computers with Agent installed • Automatically downloads and exports log files from all computers on a scheduled basis • HTML, Excel, and CSV support to export data and reports

Features:

Activity Monitor allows to track how, when, and what a network user performs in any LAN

The system consists of server and client parts



Activity Monitor: Screenshot



Spector CNE Employee Monitoring Software

Spector CNE is the leading employee monitoring and investigating software

It is designed to provide businesses with a complete and accurate record of all their employees’ PC and Internet activity

It monitors and conducts investigations on employees suspected of inappropriate activity

It prevents, reduces, or eliminates problems associated with Internet and system abuse

It monitors and eliminates leaking of the confidential Information



Track4Win

• It offers multi-user monitoring (office/corporate LAN and remote WAN)

• It provides real-time monitoring and Internet tracking• It offers time tracking for all software applications• It gives password protection and screen capture from the

remote computers

Features:

Track4Win can monitor all the computer’s activities and Internet use

It keeps track of the visited website addresses and logs work time on each application



Track4Win: Screenshot 1



Track4Win: Screenshot 2



Spy Tool: SpyBuddy

• Easy to secretly record websites, IRCs, IMs, disk/file change, and passwords

• Allows to record your online activity, see what people are doing on YOUR PC, and remotely monitor a machine via e-mail

Features:

SpyBuddy monitors the PC and tracks every action

It has the functionality to record all AOL/ICQ/MSN/AIM/Yahoo chat conversations, all websites visited, all windows opened and interacted with, and every application executed



SpyBuddy: Screenshot



Tool: NetVizor

NetVizor is a powerful network surveillance tool, that allows to monitor the entire network from one centralized location

It enables to track workstations and individual users who may use multiple PCs on a network



Tool: Privatefirewall w/Pest Patrol

Privatefirewall is a personal Firewall and intrusion detection application that prevents the unauthorized access to the PC

It provides solid protection "out of the box" while allowing the advanced users to create custom configurations



Privatefirewall w/Pest Patrol: Screenshot



Anti Spy Tools

In real time, Internet Spy Filter blocks spyware, web bugs, worms, cookies, ads, and scripts to protect from being profiled and tracked

Spybot - S&D is an adware and spyware detection and removal tool



Anti Spy Tool: SpyCop

• Stops Password Theft Dead: It detects spy software that is installed on your computer to capture passwords

• Keeps Emails Private: It alerts you if emails are being snooped by spy software

• Kills Instant Message & Chat Spy Software: It keeps online chats and instant messages safe from prying eyes

Features:

SpyCop finds spy programs such as Spector designed specifically to record the screen, email, passwords, and much more



SpyCop: Screenshots



Anti Spy Tools (cont’d)

Spyware Terminator is a full-featured adware and spyware scanner with real-time protection

XoftSpySE is a spyware detection, scanning, and removal tool, protecting you from the unwanted Spyware



Spy Sweeper

• Offers real time protection• Prevents new malware from being installed• Prevents the unauthorized system changes to your

browser settings, startup programs, and hosts file• Ability to run spyware scans automatically

Features:

Spy Sweeper safely detects and removes more traces of spyware including Trojans, adware, keyloggers, and system monitoring tools



Spy Sweeper: Screenshot



Counter Spy

• Ceases spyware before it can install • Alerts when potential dangers arise• Provides detailed information if spyware

or adware is found while scanning

Features:

Counter Spy detects and removes adware and spyware from the system



Counter Spy: Screenshot



SUPERAntiSpyware Professional

• Offers automatic definition updates, real-time protection, and customizable scan options

• Allows you to restore the various settings which are often changed by malware programs

• Provides an option to report false positives and scheduled system scans

Features:

SUPERAntiSpyware Professional scans and protects your computer for known Spyware, Adware, Malware, Trojans, and Dialers



SUPERAntiSpyware Professional: Screenshot 1



SUPERAntiSpyware Professional: Screenshot 2



IMonitorPCPro - Employee Monitoring Software

IMonitorPCPro monitors the employee's Internet and computer usage

It runs invisibly and records the user’s activities

It includes website blocking, program usage limits, chat blocking, and user alerts

It offers detailed activity and summary reports

It is easy to use and configure

It is intuitive and is password protected



IMonitorPCPro: Screenshot



Case Study: HP Chief Accused of Corporate Spying

Source: http://www.thepeninsulaqatar.com



Case Study: India’s Growing Corporate Spy Threat

Source: http://www.atimes.com/atimes/South_Asia/IE25Df01.html



Guidelines while Writing Employee Monitoring Policies

Make sure that the employee’s are aware of what exactly is being monitored

Employee should be briefed with the organization’s policies and procedures

Employees should be made aware of policy violations

Be specific and the policy should be applicable for each and every employee

Terms that are specific should be in bold, underlined, or italicized

Apply provisions that allow for updates to the policy

Policies should adhere to local laws of the land



Summary

The term ‘Corporate espionage’ is used to describe espionage conducted for commercial purposes on companies, governments, and to determine the activities of competitors

Personal relations, disgruntled employees, and easy money are the main motives behind corporate spying

The major techniques used for Corporate Spying are Hacking, Social Engineering, Dumpster Diving, and Phone Eavesdropping

Steps to prevent corporate espionage are understanding and prioritizing critical assets, defining acceptable level of loss, control access, baits, mole detection, profiling, monitoring, and signature analysis

Netspionage is defined as network enabled espionage in which knowledge and sensitive proprietary information are generated, processed, stored, transmitted, and obtained via networks and computer systems





Technology

File000154