File000154
Upcoming SlideShare
Loading in...5
×

Like this? Share it with your network

Share
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
    Be the first to like this
No Downloads

Views

Total Views
158
On Slideshare
158
From Embeds
0
Number of Embeds
0

Actions

Shares
Downloads
6
Comments
0
Likes
0

Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide

Transcript

  • 1. Module XLI - Investigating Corporate Espionage
  • 2. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited News: Changing the Face of OPSEC Source: http://www.americanchronicle.com/
  • 3. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Case Study: The New Spies Source: http://www.newstatesman.com/
  • 4. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited News: Confessions of a Corporate Spy Source: http://computerworld.com/ Ira Winkler offers chilling accounts of espionage PHOENIX -- A former National Security Agency analyst who is now an expert on corporate espionage offered chilling accounts yesterday of his easy penetration into a variety of U.S. companies. In one case, in just a few hours he was able to make off with product plans and specifications worth billions of dollars. Ira Winkler, global security strategist at CSC Consulting, spoke at Computerworld's Premier 100 IT Leaders Conference here and punctured several popular misconceptions about information security. Notably, he said that information security is not the same thing as computer security. Most of his success in penetrating companies, which had hired him to do just that, came from "social engineering" -- not from hacking into corporate networks. "Never measure security budgets by IT," said Winkler, author of Spies Among Us: How to Stop the Spies, Terrorists, Hackers and Criminals You Don't Even Know You Encounter Every Day. At one large company, for example, he persuaded a guard to admit him by saying he had lost his badge and presenting a business card as a substitute. He'd stolen the card -- which belonged to an employee who worked at the plant -- from a local restaurant that collected business cards in a jar for prize awards. Winkler went on to exploit a number of security weaknesses, from doors he found unlocked to using forged signatures to using simple computer hacks. The result: Designs for nuclear reactors and other technologies were compromised, possibly with national security implications. He even detected people in India hacking into the company's computers. "Spies are interested in information, not just computers," he said. "You can protect a computer perfectly, but if someone throws out a classified printout, you are out of luck." Winkler noted that he always starts a spy job by scouring information openly available on the Internet. At one company, he found out quickly which people to target by reading a company newsletter on the firm's Web site. Lawyers are a fruitful target, too, he said, calling them "the worst for computer security." Winkler said some companies make the mistake of trying to protect all information equally. Instead, they should devise a system similar to what's used by the military: Protecting "top-secret" information is given a higher priority than protecting "secret" or "confidential" data.
  • 5. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Module Objective • Corporate Espionage • Motives behind Spying • Information that Corporate Spies Seek • Causes of Corporate espionage • Spying Techniques • Defense from Corporate Spying • Tools This module will familiarize you with:
  • 6. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Module Flow Corporate Espionage Information that corporate spies seek Causes of Corporate Espionage Tools Defense from Corporate SpyingSpying Techniques Motives behind Spying
  • 7. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Corporate Espionage "Espionage is the use of illegal means to gather information“ The term corporate espionage or industrial espionage is used to describe espionage conducted for commercial purposes on companies, governments, and to determine the activities of competitors It describes activities such as theft of trade secrets bribery blackmail and technological surveillances
  • 8. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Motives Behind Spying • The main intention of spying is financial gain Financial Gain: • A spy is motivated mostly by personal and non-ideological hostility towards the country or organization Disgruntled Employee: • A spy finds it interesting and challenging to extract information Challenge and curiosity: • A spy may also be motivated by personal connections and relationships Personal relations: Motives behind spying include:
  • 9. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Information That Corporate Spies Seek • Marketing and new product plans • Source code • Corporate strategies • Target markets and prospect information • Usual business methods • Product designs, research, and costs • Alliance and contract arrangements: delivery, pricing, terms • Customer and supplier information • Staffing, operations, and wage/salary • Credit records or credit union account information Information that corporate spies seek includes:
  • 10. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Corporate Espionage: Insider/Outsider Threat Adversaries can be classified into two basic categories: Insiders Insiders such as IT personnel, contractors, and other disgruntled employees who can be lured to be indulged in espionage activities Outsiders Outsiders include attackers of other organizations
  • 11. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Threat of Corporate Espionage due to Aggregation of Information Aggregation of information refers to the practice of storing all the sensitive data at one location It may constitute of both an insider as well as an outsider attack Insider with access privileges or the one who knows the location where the credentials are stored, can create a threat Outsider who breaks into the network of the organization can search, aggregate, and relate all the information, thus leading to espionage
  • 12. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Techniques of Spying • It is an illegal technique of obtaining trade secrets and information • Attackers may get unauthorized access to the system’s resources using different techniques such as virus, Trojan, and malware propagation attacks Hacking: • Social engineering is defined as a “non-technical kind of intrusion that relies heavily on human interaction and often involves tricking other people to break normal security procedures.” • It involves threats such as online threat, telephone attack, waste managing threat, and personal approach Social Engineering:
  • 13. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Techniques of Spying (cont’d) • “Dumpster diving is a technique of retrieving sensitive information from someone else's trash Dumpster Diving: • It is the wireless hacking Whacking: • Phone eavesdropping is eavesdropping using telephones • "Electronic eavesdropping is the use of an electronic transmitting or recording device to monitor conversations without the consent of the parties" Phone Eavesdropping:
  • 14. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Techniques of Spying (cont’d) • The traffic originating from an organization’s network that consists of web and email services can be used by insiders to pass out information Network leakage: • Cryptography garbles a message in such a way that its meaning is concealed • Cryptography techniques may be used by insiders to secretly pass out information • Insiders, familiar with the encryption algorithm used in the organization, may help others in decrypting the confidential information Cryptography: • It is used to conceal the message exchange between two parties • Insiders can use Steganography techniques to pass out information Steganography:
  • 15. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Defense Against Corporate Spying • Controlled Access • Background investigation of the personnel • Basic security measures to protect against corporate spying You can secure the confidential data of a company from spies by the following techniques:
  • 16. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Controlled Access Encrypt the most critical data Never store the sensitive information of the business on the networked computer Classify the sensitivity of the data and thus categorize the personnel access rights to read/write the information Personnel must be assigned the duties where their need-to-know controls should be defined Ensure that the critical data is authenticated and authorized Store the confidential data on a stand alone computer with no connection to other computers and the telephone line Install the anti-virus and password to protect the secured system Regularly change the password of the confidential files
  • 17. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Background Investigation of the Personnel Verify the background of new employees Physical security check should not be ignored Monitor the employee’s behavior Monitor the systems used by employees Disable the remote access Make sure that unnecessary account privileges are not allotted to the normal users Disable the USB drives in the employee’s network Enforce a security policy which addresses all concerns of employees
  • 18. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Basic Security Measures to Protect Against Corporate Spying Cross-shred all paper documents before trashing them Secure all dumpsters and post ‘NO TRESPASSING’ signs Conduct the security awareness training programs for all employees regularly Place locks on the computer cases to prevent hardware tampering Lock the wire closets, server rooms, phone closets, and other sensitive equipments Never leave a voice mail message or e-mail broadcast message that gives an exact business itinerary
  • 19. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Steps to Prevent Corporate Espionage • According to the criteria determined, score all assets of the organization and prioritize them Understand and prioritize the critical assets: • Cost-benefit analysis is a typical method of determining the acceptable level of risk Define the acceptable level of loss: • Controlling the access of the employees according to the requirement of their job Control access: • Honeypots and Honeytokens are traps which are set at the system level and file level for catching intruders or insider threats Bait: Honeypots and Honeytokens: corporate espionage
  • 20. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Steps to Prevent Corporate Espionage (cont’d) • It can be used to figure out who is leaking information to the public or to another entity Mole detection: • It controls and detects the insiders by understanding behavioral patterns Profiling: • It involves monitoring of the employees for suspicious activities Monitoring: • It looks for a pattern that is indicative of a problem or issue Signature analysis:
  • 21. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Key Findings of U.S Secret Service and CERT Coordination Center/SEI Study - 2008 on Insider Threat The majority of insiders were current employees in administrative and support positions that required limited technical skills Nearly half of insiders exhibited some inappropriate or concerning behavior prior to the incident Financial gain was the motive for most insiders’ illicit cyber activities In over half the cases, a specific event triggered, or was a contributing factor in, insiders’ decisions to carry out the incidents The majority of insiders planned their actions Most of the insiders had authorized access at the time of their malicious activity Access control gaps facilitated most of the insider incidents
  • 22. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Key Findings of U.S Secret Service and CERT Coordination Center/SEI Study - 2008 on Insider Threat (cont’d) Half of the insiders exploited weaknesses in established business processes or controls such as inadequate or poorly enforced policies and procedures for separation of duties Insiders were detected and identified by a combination of people, processes, and technologies In most cases, insiders faced criminal charges Most insiders did not anticipate the consequences of their illicit activities Insider actions affected federal, state, and local government agencies with the major impact to organizations being fraud resulting from damage to information or data
  • 23. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Netspionage “"Netspionage" is defined as network enabled espionage, and in our information systems world, it is an exciting way of extending the old practice of competitive intelligence gathering. This new, computerized, and information-dependent world is heavily dependent on the web, networks, and software technology. The information gatherers of this new age are exploiting dependency on technology for personal, corporate, and national gain.” -William C. Boni
  • 24. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Investigating Corporate Espionage Cases Check the points of the possible physical intrusion Check the CCTV records Check e-mails and attachments Check systems for backdoors and Trojans Check system, firewall, switches, and router’s logs Screen the logs of the network and employee’s monitoring tools, if any Check and recover files that are deleted as it can be a foundation for the investigation Seek the help of the law enforcement agencies, if required
  • 25. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Employee Monitoring: Activity Monitor • Views remote desktops • Monitors Internet usage • Monitors software usage • Records activity log for all workplaces on the local or shared network location • Tracks any user’s keystrokes on your screen in real time mode • Takes snapshots of the remote PC screen on a scheduled basis • Total control over the networked computers • Deploys Activity Monitor Agent (the client part of the software) remotely from the administrator's PC to all computers in your network • Autodetection of all networked computers with Agent installed • Automatically downloads and exports log files from all computers on a scheduled basis • HTML, Excel, and CSV support to export data and reports Features: Activity Monitor allows to track how, when, and what a network user performs in any LAN The system consists of server and client parts
  • 26. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Activity Monitor: Screenshot
  • 27. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Spector CNE Employee Monitoring Software Spector CNE is the leading employee monitoring and investigating software It is designed to provide businesses with a complete and accurate record of all their employees’ PC and Internet activity It monitors and conducts investigations on employees suspected of inappropriate activity It prevents, reduces, or eliminates problems associated with Internet and system abuse It monitors and eliminates leaking of the confidential Information
  • 28. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Track4Win • It offers multi-user monitoring (office/corporate LAN and remote WAN) • It provides real-time monitoring and Internet tracking • It offers time tracking for all software applications • It gives password protection and screen capture from the remote computers Features: Track4Win can monitor all the computer’s activities and Internet use It keeps track of the visited website addresses and logs work time on each application
  • 29. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Track4Win: Screenshot 1
  • 30. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Track4Win: Screenshot 2
  • 31. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Spy Tool: SpyBuddy • Easy to secretly record websites, IRCs, IMs, disk/file change, and passwords • Allows to record your online activity, see what people are doing on YOUR PC, and remotely monitor a machine via e-mail Features: SpyBuddy monitors the PC and tracks every action It has the functionality to record all AOL/ICQ/MSN/AIM/Yahoo chat conversations, all websites visited, all windows opened and interacted with, and every application executed
  • 32. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited SpyBuddy: Screenshot
  • 33. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Tool: NetVizor NetVizor is a powerful network surveillance tool, that allows to monitor the entire network from one centralized location It enables to track workstations and individual users who may use multiple PCs on a network
  • 34. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Tool: Privatefirewall w/Pest Patrol Privatefirewall is a personal Firewall and intrusion detection application that prevents the unauthorized access to the PC It provides solid protection "out of the box" while allowing the advanced users to create custom configurations
  • 35. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Privatefirewall w/Pest Patrol: Screenshot
  • 36. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Anti Spy Tools In real time, Internet Spy Filter blocks spyware, web bugs, worms, cookies, ads, and scripts to protect from being profiled and tracked Spybot - S&D is an adware and spyware detection and removal tool
  • 37. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Anti Spy Tool: SpyCop • Stops Password Theft Dead: It detects spy software that is installed on your computer to capture passwords • Keeps Emails Private: It alerts you if emails are being snooped by spy software • Kills Instant Message & Chat Spy Software: It keeps online chats and instant messages safe from prying eyes Features: SpyCop finds spy programs such as Spector designed specifically to record the screen, email, passwords, and much more
  • 38. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited SpyCop: Screenshots
  • 39. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Anti Spy Tools (cont’d) Spyware Terminator is a full-featured adware and spyware scanner with real-time protection XoftSpySE is a spyware detection, scanning, and removal tool, protecting you from the unwanted Spyware
  • 40. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Spy Sweeper • Offers real time protection • Prevents new malware from being installed • Prevents the unauthorized system changes to your browser settings, startup programs, and hosts file • Ability to run spyware scans automatically Features: Spy Sweeper safely detects and removes more traces of spyware including Trojans, adware, keyloggers, and system monitoring tools
  • 41. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Spy Sweeper: Screenshot
  • 42. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Counter Spy • Ceases spyware before it can install • Alerts when potential dangers arise • Provides detailed information if spyware or adware is found while scanning Features: Counter Spy detects and removes adware and spyware from the system
  • 43. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Counter Spy: Screenshot
  • 44. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited SUPERAntiSpyware Professional • Offers automatic definition updates, real-time protection, and customizable scan options • Allows you to restore the various settings which are often changed by malware programs • Provides an option to report false positives and scheduled system scans Features: SUPERAntiSpyware Professional scans and protects your computer for known Spyware, Adware, Malware, Trojans, and Dialers
  • 45. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited SUPERAntiSpyware Professional: Screenshot 1
  • 46. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited SUPERAntiSpyware Professional: Screenshot 2
  • 47. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited IMonitorPCPro - Employee Monitoring Software IMonitorPCPro monitors the employee's Internet and computer usage It runs invisibly and records the user’s activities It includes website blocking, program usage limits, chat blocking, and user alerts It offers detailed activity and summary reports It is easy to use and configure It is intuitive and is password protected
  • 48. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited IMonitorPCPro: Screenshot
  • 49. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Case Study: HP Chief Accused of Corporate Spying Source: http://www.thepeninsulaqatar.com
  • 50. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Case Study: India’s Growing Corporate Spy Threat Source: http://www.atimes.com/atimes/South_Asia/IE25Df01.html
  • 51. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Guidelines while Writing Employee Monitoring Policies Make sure that the employee’s are aware of what exactly is being monitored Employee should be briefed with the organization’s policies and procedures Employees should be made aware of policy violations Be specific and the policy should be applicable for each and every employee Terms that are specific should be in bold, underlined, or italicized Apply provisions that allow for updates to the policy Policies should adhere to local laws of the land
  • 52. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Summary The term ‘Corporate espionage’ is used to describe espionage conducted for commercial purposes on companies, governments, and to determine the activities of competitors Personal relations, disgruntled employees, and easy money are the main motives behind corporate spying The major techniques used for Corporate Spying are Hacking, Social Engineering, Dumpster Diving, and Phone Eavesdropping Steps to prevent corporate espionage are understanding and prioritizing critical assets, defining acceptable level of loss, control access, baits, mole detection, profiling, monitoring, and signature analysis Netspionage is defined as network enabled espionage in which knowledge and sensitive proprietary information are generated, processed, stored, transmitted, and obtained via networks and computer systems
  • 53. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited
  • 54. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited