Upload
desmond-devendran
View
149
Download
0
Tags:
Embed Size (px)
Citation preview
Module XLI - Investigating Corporate Espionage
EC-CouncilCopyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
News: Changing the Face of OPSEC
Source: http://www.americanchronicle.com/
EC-CouncilCopyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Case Study: The New Spies
Source: http://www.newstatesman.com/
EC-CouncilCopyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
News: Confessions of a Corporate Spy
Source: http://computerworld.com/
Ira Winkler offers chilling accounts of espionage
PHOENIX -- A former National Security Agency analyst who is now an expert on corporate espionage offered chilling accounts yesterday of his easy penetration into a variety of U.S. companies. In one case, in just a few hours he was able to make off with product plans and specifications worth billions of dollars. Ira Winkler, global security strategist at CSC Consulting, spoke at Computerworld's Premier 100 IT Leaders Conference here and punctured several popular misconceptions about information security. Notably, he said that information security is not the same thing as computer security. Most of his success in penetrating companies, which had hired him to do just that, came from"social engineering" -- not from hacking into corporate networks. "Never measure security budgets by IT," said Winkler, author of Spies Among Us: How to Stop the Spies, Terrorists, Hackers and Criminals You Don't Even Know You Encounter Every Day. At one large company, for example, he persuaded a guard to admit him by saying he had lost his badge and presenting a business card as a substitute. He'd stolen the card -- which belonged to an employee who worked at the plant -- from a local restaurant that collected business cards in a jar for prize awards. Winkler went on to exploit a number of security weaknesses, from doors he found unlocked to using forged signatures to using simple computer hacks. The result: Designs for nuclear reactors and other technologies were compromised, possibly with national security implications. He even detected people in India hacking into the company's computers. "Spies are interested in information, not just computers," he said. "You can protect a computer perfectly, but if someone throwsout a classified printout, you are out of luck." Winkler noted that he always starts a spy job by scouring information openly available on the Internet. At one company, he found out quickly which people to target by reading a company newsletter on the firm's Web site. Lawyers are a fruitful target, too, he said, calling them "the worst for computer security." Winkler said some companies make the mistake of trying to protect all information equally. Instead, they should devise a system similar to what's used by the military: Protecting "top-secret" information is given a higher priority than protecting "secret" or "confidential" data.
EC-CouncilCopyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Module Objective
• Corporate Espionage• Motives behind Spying• Information that Corporate Spies Seek• Causes of Corporate espionage• Spying Techniques• Defense from Corporate Spying• Tools
This module will familiarize you with:
EC-CouncilCopyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Module Flow
Corporate Espionage
Information that corporate spies seek
Causes of Corporate Espionage
Tools
Defense from Corporate SpyingSpying Techniques
Motives behind Spying
EC-CouncilCopyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Corporate Espionage
"Espionage is the use of illegal means to gather information“
The term corporate espionage or industrial espionage is used to describe espionage conducted for commercial purposes on companies, governments, and to determine the activities of competitors
It describes activities such as theft of trade secrets bribery blackmail and technological surveillances
EC-CouncilCopyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Motives Behind Spying
• The main intention of spying is financial gain
Financial Gain:
• A spy is motivated mostly by personal and non-ideological hostility towards the country or organization
Disgruntled Employee:
• A spy finds it interesting and challenging to extract information
Challenge and curiosity:
• A spy may also be motivated by personal connections and relationships
Personal relations:
Motives behind spying include:
EC-CouncilCopyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Information That Corporate Spies Seek
• Marketing and new product plans• Source code• Corporate strategies• Target markets and prospect information• Usual business methods• Product designs, research, and costs• Alliance and contract arrangements: delivery, pricing, terms• Customer and supplier information• Staffing, operations, and wage/salary• Credit records or credit union account information
Information that corporate spies seek includes:
EC-CouncilCopyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Corporate Espionage: Insider/Outsider Threat
Adversaries can be classified into two basic categories:
Insiders
Insiders such as IT personnel, contractors, and other disgruntled employees who can be lured to be indulged in espionage activities
Outsiders
Outsiders include attackers of other organizations
EC-CouncilCopyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Threat of Corporate Espionage due to Aggregation of Information
Aggregation of information refers to the practice of storing all the sensitive data at one location
It may constitute of both an insider as well as an outsider attack
Insider with access privileges or the one who knows the location where the credentials are stored, can create a threat
Outsider who breaks into the network of the organization can search, aggregate, and relate all the information, thus leading to espionage
EC-CouncilCopyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Techniques of Spying
• It is an illegal technique of obtaining trade secrets and information
• Attackers may get unauthorized access to the system’s resources using different techniques such as virus, Trojan, and malware propagation attacks
Hacking:
• Social engineering is defined as a “non-technical kind of intrusion that relies heavily on human interaction and often involves tricking other people to break normal security procedures.”
• It involves threats such as online threat, telephone attack, waste managing threat, and personal approach
Social Engineering:
EC-CouncilCopyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Techniques of Spying (cont’d)
• “Dumpster diving is a technique of retrieving sensitiveinformation from someone else's trash
Dumpster Diving:
• It is the wireless hacking
Whacking:
• Phone eavesdropping is eavesdropping using telephones • "Electronic eavesdropping is the use of an electronic
transmitting or recording device to monitor conversations without the consent of the parties"
Phone Eavesdropping:
EC-CouncilCopyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Techniques of Spying (cont’d)
• The traffic originating from an organization’s network that consists of web and email services can be used by insiders to pass out information
Network leakage:
• Cryptography garbles a message in such a way that its meaning is concealed
• Cryptography techniques may be used by insiders to secretly pass out information
• Insiders, familiar with the encryption algorithm used in the organization, may help others in decrypting the confidential information
Cryptography:
• It is used to conceal the message exchange between two parties• Insiders can use Steganography techniques to pass out information
Steganography:
EC-CouncilCopyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Defense Against Corporate Spying
• Controlled Access• Background investigation of the personnel• Basic security measures to protect against corporate
spying
You can secure the confidential data of a company from spies by the following techniques:
EC-CouncilCopyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Controlled Access
Encrypt the most critical data
Never store the sensitive information of the business on the networked computer
Classify the sensitivity of the data and thus categorize the personnel access rights to read/write the information
Personnel must be assigned the duties where their need-to-know controls should be defined
Ensure that the critical data is authenticated and authorized
Store the confidential data on a stand alone computer with no connection to other computers and the telephone line
Install the anti-virus and password to protect the secured system
Regularly change the password of the confidential files
EC-CouncilCopyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Background Investigation of the Personnel
Verify the background of new employees
Physical security check should not be ignored
Monitor the employee’s behavior
Monitor the systems used by employees
Disable the remote access
Make sure that unnecessary account privileges are not allotted to the normal users
Disable the USB drives in the employee’s network
Enforce a security policy which addresses all concerns of employees
EC-CouncilCopyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Basic Security Measures to Protect Against Corporate Spying
Cross-shred all paper documents before trashing them
Secure all dumpsters and post ‘NO TRESPASSING’ signs
Conduct the security awareness training programs for all employees regularly
Place locks on the computer cases to prevent hardware tampering
Lock the wire closets, server rooms, phone closets, and other sensitive equipments
Never leave a voice mail message or e-mail broadcast message that gives an exact business itinerary
EC-CouncilCopyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Steps to Prevent Corporate Espionage
• According to the criteria determined, score all assets of the organization and prioritize them
Understand and prioritize the critical assets:
• Cost-benefit analysis is a typical method of determining the acceptable level of risk
Define the acceptable level of loss:
• Controlling the access of the employees according to the requirement of their job
Control access:
• Honeypots and Honeytokens are traps which are set at the system level and file level for catching intruders or insider threats
Bait: Honeypots and Honeytokens:
corporateespionage
EC-CouncilCopyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Steps to Prevent Corporate Espionage (cont’d)
• It can be used to figure out who is leaking information to the public or to another entity
Mole detection:
• It controls and detects the insiders by understanding behavioral patterns
Profiling:
• It involves monitoring of the employees for suspicious activities
Monitoring:
• It looks for a pattern that is indicative of a problem or issue
Signature analysis:
EC-CouncilCopyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Key Findings of U.S Secret Service and CERT Coordination Center/SEI Study -2008 on Insider Threat
The majority of insiders were current employees in administrative and support positions that required limited technical skills
Nearly half of insiders exhibited some inappropriate or concerning behavior prior to the incident
Financial gain was the motive for most insiders’ illicit cyber activities
In over half the cases, a specific event triggered, or was a contributing factor in, insiders’ decisions to carry out the incidents
The majority of insiders planned their actions
Most of the insiders had authorized access at the time of their malicious activity
Access control gaps facilitated most of the insider incidents
EC-CouncilCopyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Key Findings of U.S Secret Service and CERT Coordination Center/SEI Study -2008 on Insider Threat (cont’d)
Half of the insiders exploited weaknesses in established business processes or controls such as inadequate or poorly enforced policies and procedures for separation of duties
Insiders were detected and identified by a combination of people, processes, and technologies
In most cases, insiders faced criminal charges
Most insiders did not anticipate the consequences of their illicit activities
Insider actions affected federal, state, and local government agencies with the major impact to organizations being fraud resulting from damage to information or data
EC-CouncilCopyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Netspionage
“"Netspionage" is defined as network enabled espionage, and in our information systems world, it is an exciting way of extending the old practice of competitive intelligence gathering. This new, computerized, and information-dependent world is heavily dependent on the web, networks, and software technology. The information gatherers of this new age are exploiting dependency on technology for personal, corporate, and national gain.”
-William C. Boni
EC-CouncilCopyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Investigating Corporate Espionage Cases
Check the points of the possible physical intrusion
Check the CCTV records
Check e-mails and attachments
Check systems for backdoors and Trojans
Check system, firewall, switches, and router’s logs
Screen the logs of the network and employee’s monitoring tools, if any
Check and recover files that are deleted as it can be a foundation for the investigation
Seek the help of the law enforcement agencies, if required
EC-CouncilCopyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Employee Monitoring: Activity Monitor
• Views remote desktops • Monitors Internet usage• Monitors software usage • Records activity log for all workplaces on the local or shared network location• Tracks any user’s keystrokes on your screen in real time mode • Takes snapshots of the remote PC screen on a scheduled basis • Total control over the networked computers• Deploys Activity Monitor Agent (the client part of the software) remotely from the
administrator's PC to all computers in your network • Autodetection of all networked computers with Agent installed • Automatically downloads and exports log files from all computers on a scheduled basis • HTML, Excel, and CSV support to export data and reports
Features:
Activity Monitor allows to track how, when, and what a network user performs in any LAN
The system consists of server and client parts
EC-CouncilCopyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Activity Monitor: Screenshot
EC-CouncilCopyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Spector CNE Employee Monitoring Software
Spector CNE is the leading employee monitoring and investigating software
It is designed to provide businesses with a complete and accurate record of all their employees’ PC and Internet activity
It monitors and conducts investigations on employees suspected of inappropriate activity
It prevents, reduces, or eliminates problems associated with Internet and system abuse
It monitors and eliminates leaking of the confidential Information
EC-CouncilCopyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Track4Win
• It offers multi-user monitoring (office/corporate LAN and remote WAN)
• It provides real-time monitoring and Internet tracking• It offers time tracking for all software applications• It gives password protection and screen capture from the
remote computers
Features:
Track4Win can monitor all the computer’s activities and Internet use
It keeps track of the visited website addresses and logs work time on each application
EC-CouncilCopyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Track4Win: Screenshot 1
EC-CouncilCopyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Track4Win: Screenshot 2
EC-CouncilCopyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Spy Tool: SpyBuddy
• Easy to secretly record websites, IRCs, IMs, disk/file change, and passwords
• Allows to record your online activity, see what people are doing on YOUR PC, and remotely monitor a machine via e-mail
Features:
SpyBuddy monitors the PC and tracks every action
It has the functionality to record all AOL/ICQ/MSN/AIM/Yahoo chat conversations, all websites visited, all windows opened and interacted with, and every application executed
EC-CouncilCopyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
SpyBuddy: Screenshot
EC-CouncilCopyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Tool: NetVizor
NetVizor is a powerful network surveillance tool, that allows to monitor the entire network from one centralized location
It enables to track workstations and individual users who may use multiple PCs on a network
EC-CouncilCopyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Tool: Privatefirewall w/Pest Patrol
Privatefirewall is a personal Firewall and intrusion detection application that prevents the unauthorized access to the PC
It provides solid protection "out of the box" while allowing the advanced users to create custom configurations
EC-CouncilCopyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Privatefirewall w/Pest Patrol: Screenshot
EC-CouncilCopyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Anti Spy Tools
In real time, Internet Spy Filter blocks spyware, web bugs, worms, cookies, ads, and scripts to protect from being profiled and tracked
Spybot - S&D is an adware and spyware detection and removal tool
EC-CouncilCopyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Anti Spy Tool: SpyCop
• Stops Password Theft Dead: It detects spy software that is installed on your computer to capture passwords
• Keeps Emails Private: It alerts you if emails are being snooped by spy software
• Kills Instant Message & Chat Spy Software: It keeps online chats and instant messages safe from prying eyes
Features:
SpyCop finds spy programs such as Spector designed specifically to record the screen, email, passwords, and much more
EC-CouncilCopyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
SpyCop: Screenshots
EC-CouncilCopyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Anti Spy Tools (cont’d)
Spyware Terminator is a full-featured adware and spyware scanner with real-time protection
XoftSpySE is a spyware detection, scanning, and removal tool, protecting you from the unwanted Spyware
EC-CouncilCopyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Spy Sweeper
• Offers real time protection• Prevents new malware from being installed• Prevents the unauthorized system changes to your
browser settings, startup programs, and hosts file• Ability to run spyware scans automatically
Features:
Spy Sweeper safely detects and removes more traces of spyware including Trojans, adware, keyloggers, and system monitoring tools
EC-CouncilCopyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Spy Sweeper: Screenshot
EC-CouncilCopyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Counter Spy
• Ceases spyware before it can install • Alerts when potential dangers arise• Provides detailed information if spyware
or adware is found while scanning
Features:
Counter Spy detects and removes adware and spyware from the system
EC-CouncilCopyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Counter Spy: Screenshot
EC-CouncilCopyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
SUPERAntiSpyware Professional
• Offers automatic definition updates, real-time protection, and customizable scan options
• Allows you to restore the various settings which are often changed by malware programs
• Provides an option to report false positives and scheduled system scans
Features:
SUPERAntiSpyware Professional scans and protects your computer for known Spyware, Adware, Malware, Trojans, and Dialers
EC-CouncilCopyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
SUPERAntiSpyware Professional: Screenshot 1
EC-CouncilCopyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
SUPERAntiSpyware Professional: Screenshot 2
EC-CouncilCopyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
IMonitorPCPro - Employee Monitoring Software
IMonitorPCPro monitors the employee's Internet and computer usage
It runs invisibly and records the user’s activities
It includes website blocking, program usage limits, chat blocking, and user alerts
It offers detailed activity and summary reports
It is easy to use and configure
It is intuitive and is password protected
EC-CouncilCopyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
IMonitorPCPro: Screenshot
EC-CouncilCopyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Case Study: HP Chief Accused of Corporate Spying
Source: http://www.thepeninsulaqatar.com
EC-CouncilCopyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Case Study: India’s Growing Corporate Spy Threat
Source: http://www.atimes.com/atimes/South_Asia/IE25Df01.html
EC-CouncilCopyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Guidelines while Writing Employee Monitoring Policies
Make sure that the employee’s are aware of what exactly is being monitored
Employee should be briefed with the organization’s policies and procedures
Employees should be made aware of policy violations
Be specific and the policy should be applicable for each and every employee
Terms that are specific should be in bold, underlined, or italicized
Apply provisions that allow for updates to the policy
Policies should adhere to local laws of the land
EC-CouncilCopyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Summary
The term ‘Corporate espionage’ is used to describe espionage conducted for commercial purposes on companies, governments, and to determine the activities of competitors
Personal relations, disgruntled employees, and easy money are the main motives behind corporate spying
The major techniques used for Corporate Spying are Hacking, Social Engineering, Dumpster Diving, and Phone Eavesdropping
Steps to prevent corporate espionage are understanding and prioritizing critical assets, defining acceptable level of loss, control access, baits, mole detection, profiling, monitoring, and signature analysis
Netspionage is defined as network enabled espionage in which knowledge and sensitive proprietary information are generated, processed, stored, transmitted, and obtained via networks and computer systems
EC-CouncilCopyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
EC-CouncilCopyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited