File000154

Module XLI - Investigating Corporate
Espionage

EC-Council
Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
News: Changing the Face of
OPSEC
Source: http://www.americanchronicle.com/

EC-Council
Case Study: The New Spies
Source: http://www.newstatesman.com/

EC-Council
News: Confessions of a
Corporate Spy
Source: http://computerworld.com/
Ira Winkler offers chilling accounts of espionage
PHOENIX -- A former National Security Agency analyst who is now an expert on corporate espionage offered chilling accounts
yesterday of his easy penetration into a variety of U.S. companies. In one case, in just a few hours he was able to make off with
product plans and specifications worth billions of dollars.
Ira Winkler, global security strategist at CSC Consulting, spoke at Computerworld's Premier 100 IT Leaders Conference here
and punctured several popular misconceptions about information security. Notably, he said that information security is not the
same thing as computer security. Most of his success in penetrating companies, which had hired him to do just that, came from
"social engineering" -- not from hacking into corporate networks.
"Never measure security budgets by IT," said Winkler, author of Spies Among Us: How to Stop the Spies, Terrorists, Hackers
and Criminals You Don't Even Know You Encounter Every Day.
At one large company, for example, he persuaded a guard to admit him by saying he had lost his badge and presenting a
business card as a substitute. He'd stolen the card -- which belonged to an employee who worked at the plant -- from a local
restaurant that collected business cards in a jar for prize awards.
Winkler went on to exploit a number of security weaknesses, from doors he found unlocked to using forged signatures to using
simple computer hacks. The result: Designs for nuclear reactors and other technologies were compromised, possibly with
national security implications.
He even detected people in India hacking into the company's computers.
"Spies are interested in information, not just computers," he said. "You can protect a computer perfectly, but if someone throws
out a classified printout, you are out of luck."
Winkler noted that he always starts a spy job by scouring information openly available on the Internet. At one company, he
found out quickly which people to target by reading a company newsletter on the firm's Web site.
Lawyers are a fruitful target, too, he said, calling them "the worst for computer security."
Winkler said some companies make the mistake of trying to protect all information equally. Instead, they should devise a
system similar to what's used by the military: Protecting "top-secret" information is given a higher priority than protecting
"secret" or "confidential" data.

EC-Council
Module Objective
• Corporate Espionage
• Motives behind Spying
• Information that Corporate Spies Seek
• Causes of Corporate espionage
• Spying Techniques
• Defense from Corporate Spying
• Tools
This module will familiarize you with:

EC-Council
Module Flow
Corporate Espionage
Information that corporate
spies seek
Causes of Corporate Espionage
Tools
Defense from Corporate SpyingSpying Techniques
Motives behind Spying

EC-Council
Corporate Espionage
"Espionage is the use of illegal means to gather
information“
The term corporate espionage or industrial espionage is
used to describe espionage conducted for commercial
purposes on companies, governments, and to determine the
activities of competitors
It describes activities such as theft of trade secrets bribery
blackmail and technological surveillances

EC-Council
Motives Behind Spying
• The main intention of spying is financial gain
Financial Gain:
• A spy is motivated mostly by personal and non-ideological hostility
towards the country or organization
Disgruntled Employee:
• A spy finds it interesting and challenging to extract information
Challenge and curiosity:
• A spy may also be motivated by personal connections and
relationships
Personal relations:
Motives behind spying include:

EC-Council
Information That Corporate Spies Seek
• Marketing and new product plans
• Source code
• Corporate strategies
• Target markets and prospect information
• Usual business methods
• Product designs, research, and costs
• Alliance and contract arrangements: delivery, pricing, terms
• Customer and supplier information
• Staffing, operations, and wage/salary
• Credit records or credit union account information
Information that corporate spies seek includes:

EC-Council
Corporate Espionage: Insider/Outsider
Threat
Adversaries can be
classified into two
basic categories:
Insiders
Insiders such as IT personnel,
contractors, and other
disgruntled employees who can
be lured to be indulged in
espionage activities
Outsiders
Outsiders include attackers of
other organizations

EC-Council
Threat of Corporate Espionage due
to Aggregation of Information
Aggregation of information refers to the practice of
storing all the sensitive data at one location
It may constitute of both an insider as well as an
outsider attack
Insider with access privileges or the one who knows
the location where the credentials are stored, can
create a threat
Outsider who breaks into the network of the
organization can search, aggregate, and relate all the
information, thus leading to espionage

EC-Council
Techniques of Spying
• It is an illegal technique of obtaining trade secrets and
information
• Attackers may get unauthorized access to the system’s
resources using different techniques such as virus,
Trojan, and malware propagation attacks
Hacking:
• Social engineering is defined as a “non-technical kind of
intrusion that relies heavily on human interaction and
often involves tricking other people to break normal
security procedures.”
• It involves threats such as online threat, telephone attack,
waste managing threat, and personal approach
Social Engineering:

EC-Council
Techniques of Spying (cont’d)
• “Dumpster diving is a technique of retrieving sensitive
information from someone else's trash
Dumpster Diving:
• It is the wireless hacking
Whacking:
• Phone eavesdropping is eavesdropping using telephones
• "Electronic eavesdropping is the use of an electronic
transmitting or recording device to monitor conversations
without the consent of the parties"
Phone Eavesdropping:

EC-Council
Techniques of Spying (cont’d)
• The traffic originating from an organization’s network that consists of
web and email services can be used by insiders to pass out
information
Network leakage:
• Cryptography garbles a message in such a way that its meaning is
concealed
• Cryptography techniques may be used by insiders to secretly pass out
information
• Insiders, familiar with the encryption algorithm used in the
organization, may help others in decrypting the confidential
information
Cryptography:
• It is used to conceal the message exchange between two parties
• Insiders can use Steganography techniques to pass out information
Steganography:

EC-Council
Defense Against Corporate Spying
• Controlled Access
• Background investigation of the personnel
• Basic security measures to protect against corporate
spying
You can secure the confidential data of a company
from spies by the following techniques:

EC-Council
Controlled Access
Encrypt the most critical data
Never store the sensitive information of the business on the networked computer
Classify the sensitivity of the data and thus categorize the personnel access rights to
read/write the information
Personnel must be assigned the duties where their need-to-know controls should be
defined
Ensure that the critical data is authenticated and authorized
Store the confidential data on a stand alone computer with no connection to other
computers and the telephone line
Install the anti-virus and password to protect the secured system
Regularly change the password of the confidential files

EC-Council
Background Investigation of the
Personnel
Verify the background of new employees
Physical security check should not be ignored
Monitor the employee’s behavior
Monitor the systems used by employees
Disable the remote access
Make sure that unnecessary account privileges are not allotted to the
normal users
Disable the USB drives in the employee’s network
Enforce a security policy which addresses all concerns of employees

EC-Council
Basic Security Measures to Protect
Against Corporate Spying
Cross-shred all paper documents before trashing them
Secure all dumpsters and post ‘NO TRESPASSING’ signs
Conduct the security awareness training programs for all
employees regularly
Place locks on the computer cases to prevent hardware tampering
Lock the wire closets, server rooms, phone closets, and other
sensitive equipments
Never leave a voice mail message or e-mail broadcast message
that gives an exact business itinerary

EC-Council
Steps to Prevent Corporate
Espionage
• According to the criteria determined, score all assets of the
organization and prioritize them
Understand and prioritize the critical assets:
• Cost-benefit analysis is a typical method of determining the
acceptable level of risk
Define the acceptable level of loss:
• Controlling the access of the employees according to the requirement
of their job
Control access:
• Honeypots and Honeytokens are traps which are set at the system
level and file level for catching intruders or insider threats
Bait: Honeypots and Honeytokens:
corporate
espionage

EC-Council
Steps to Prevent Corporate
Espionage (cont’d)
• It can be used to figure out who is leaking information
to the public or to another entity
Mole detection:
• It controls and detects the insiders by understanding
behavioral patterns
Profiling:
• It involves monitoring of the employees for suspicious
activities
Monitoring:
• It looks for a pattern that is indicative of a problem or
issue
Signature analysis:

EC-Council
Key Findings of U.S Secret Service and
CERT Coordination Center/SEI Study -
2008 on Insider Threat
The majority of insiders were current employees in administrative and
support positions that required limited technical skills
Nearly half of insiders exhibited some inappropriate or concerning
behavior prior to the incident
Financial gain was the motive for most insiders’ illicit cyber activities
In over half the cases, a specific event triggered, or was a contributing
factor in, insiders’ decisions to carry out the incidents
The majority of insiders planned their actions
Most of the insiders had authorized access at the time of their malicious
activity
Access control gaps facilitated most of the insider incidents

EC-Council
Key Findings of U.S Secret Service and
CERT Coordination Center/SEI Study -
2008 on Insider Threat (cont’d)
Half of the insiders exploited weaknesses in established business processes or
controls such as inadequate or poorly enforced policies and procedures for
separation of duties
Insiders were detected and identified by a combination of people, processes, and
technologies
In most cases, insiders faced criminal charges
Most insiders did not anticipate the consequences of their illicit activities
Insider actions affected federal, state, and local government agencies with the
major impact to organizations being fraud resulting from damage to information
or data

EC-Council
Netspionage
“"Netspionage" is defined as network enabled espionage, and in our
information systems world, it is an exciting way of extending the old
practice of competitive intelligence gathering. This new, computerized, and
information-dependent world is heavily dependent on the web, networks,
and software technology. The information gatherers of this new age are
exploiting dependency on technology for personal, corporate, and national
gain.”
-William C. Boni

EC-Council
Investigating Corporate Espionage Cases
Check the points of the possible physical intrusion
Check the CCTV records
Check e-mails and attachments
Check systems for backdoors and Trojans
Check system, firewall, switches, and router’s logs
Screen the logs of the network and employee’s
monitoring tools, if any
Check and recover files that are deleted as it can be a
foundation for the investigation
Seek the help of the law enforcement agencies, if
required

EC-Council
Employee Monitoring: Activity Monitor
• Views remote desktops
• Monitors Internet usage
• Monitors software usage
• Records activity log for all workplaces on the local or shared network location
• Tracks any user’s keystrokes on your screen in real time mode
• Takes snapshots of the remote PC screen on a scheduled basis
• Total control over the networked computers
• Deploys Activity Monitor Agent (the client part of the software) remotely from the
administrator's PC to all computers in your network
• Autodetection of all networked computers with Agent installed
• Automatically downloads and exports log files from all computers on a scheduled basis
• HTML, Excel, and CSV support to export data and reports
Features:
Activity Monitor allows to track how, when, and what a network user performs in any
LAN
The system consists of server and client parts

EC-Council
Activity Monitor: Screenshot

EC-Council
Spector CNE Employee Monitoring
Software
Spector CNE is the leading employee monitoring and
investigating software
It is designed to provide businesses with a complete and
accurate record of all their employees’ PC and Internet
activity
It monitors and conducts investigations on employees
suspected of inappropriate activity
It prevents, reduces, or eliminates problems associated with
Internet and system abuse
It monitors and eliminates leaking of the confidential
Information

EC-Council
Track4Win
• It offers multi-user monitoring (office/corporate LAN and
remote WAN)
• It provides real-time monitoring and Internet tracking
• It offers time tracking for all software applications
• It gives password protection and screen capture from the
remote computers
Features:
Track4Win can monitor all the computer’s activities and Internet use
It keeps track of the visited website addresses and logs work time on
each application

EC-Council
Track4Win: Screenshot 1

EC-Council
Track4Win: Screenshot 2

EC-Council
Spy Tool: SpyBuddy
• Easy to secretly record websites, IRCs, IMs, disk/file
change, and passwords
• Allows to record your online activity, see what people are
doing on YOUR PC, and remotely monitor a machine via
e-mail
Features:
SpyBuddy monitors the PC and tracks every action
It has the functionality to record all AOL/ICQ/MSN/AIM/Yahoo chat
conversations, all websites visited, all windows opened and interacted with, and
every application executed

EC-Council
SpyBuddy: Screenshot

EC-Council
Tool: NetVizor
NetVizor is a powerful network surveillance tool, that allows to monitor the
entire network from one centralized location
It enables to track workstations and individual users who may use multiple PCs
on a network

EC-Council
Tool: Privatefirewall w/Pest Patrol
Privatefirewall is a personal Firewall and intrusion detection application
that prevents the unauthorized access to the PC
It provides solid protection "out of the box" while allowing the advanced
users to create custom configurations

EC-Council
Privatefirewall w/Pest Patrol: Screenshot

EC-Council
Anti Spy Tools
In real time, Internet Spy Filter
blocks spyware, web bugs, worms,
cookies, ads, and scripts to protect
from being profiled and tracked
Spybot - S&D is an adware
and spyware detection and
removal tool

EC-Council
Anti Spy Tool: SpyCop
• Stops Password Theft Dead: It detects spy software that is installed
on your computer to capture passwords
• Keeps Emails Private: It alerts you if emails are being snooped by
spy software
• Kills Instant Message & Chat Spy Software: It keeps online chats
and instant messages safe from prying eyes
Features:
SpyCop finds spy programs such as Spector designed specifically to
record the screen, email, passwords, and much more

EC-Council
SpyCop: Screenshots

EC-Council
Anti Spy Tools (cont’d)
Spyware Terminator is a
full-featured adware and
spyware scanner with real-time
protection
XoftSpySE is a spyware
detection, scanning, and removal
tool, protecting you from the
unwanted Spyware

EC-Council
Spy Sweeper
• Offers real time protection
• Prevents new malware from being installed
• Prevents the unauthorized system changes to your
browser settings, startup programs, and hosts file
• Ability to run spyware scans automatically
Features:
Spy Sweeper safely detects and removes more traces of spyware
including Trojans, adware, keyloggers, and system monitoring tools

EC-Council
Spy Sweeper: Screenshot

EC-Council
Counter Spy
• Ceases spyware before it can install
• Alerts when potential dangers arise
• Provides detailed information if spyware
or adware is found while scanning
Features:
Counter Spy detects and removes adware and spyware from
the system

EC-Council
Counter Spy: Screenshot

EC-Council
SUPERAntiSpyware Professional
• Offers automatic definition updates, real-time protection,
and customizable scan options
• Allows you to restore the various settings which are often
changed by malware programs
• Provides an option to report false positives and scheduled
system scans
Features:
SUPERAntiSpyware Professional scans and protects your computer
for known Spyware, Adware, Malware, Trojans, and Dialers

EC-Council
SUPERAntiSpyware Professional:
Screenshot 1

EC-Council
SUPERAntiSpyware Professional:
Screenshot 2

EC-Council
IMonitorPCPro - Employee Monitoring
Software
IMonitorPCPro monitors the employee's Internet
and computer usage
It runs invisibly and records the user’s activities
It includes website blocking, program usage limits,
chat blocking, and user alerts
It offers detailed activity and summary reports
It is easy to use and configure
It is intuitive and is password protected

EC-Council
IMonitorPCPro: Screenshot

EC-Council
Case Study: HP Chief Accused of
Corporate Spying
Source: http://www.thepeninsulaqatar.com

EC-Council
Case Study: India’s Growing Corporate
Spy Threat
Source: http://www.atimes.com/atimes/South_Asia/IE25Df01.html

EC-Council
Guidelines while Writing Employee
Monitoring Policies
Make sure that the employee’s are aware of what exactly is being monitored
Employee should be briefed with the organization’s policies and procedures
Employees should be made aware of policy violations
Be specific and the policy should be applicable for each and every employee
Terms that are specific should be in bold, underlined, or italicized
Apply provisions that allow for updates to the policy
Policies should adhere to local laws of the land

EC-Council
Summary
The term ‘Corporate espionage’ is used to describe espionage conducted for commercial
purposes on companies, governments, and to determine the activities of competitors
Personal relations, disgruntled employees, and easy money are the main motives behind
corporate spying
The major techniques used for Corporate Spying are Hacking, Social Engineering, Dumpster
Diving, and Phone Eavesdropping
Steps to prevent corporate espionage are understanding and prioritizing critical assets,
defining acceptable level of loss, control access, baits, mole detection, profiling, monitoring,
and signature analysis
Netspionage is defined as network enabled espionage in which knowledge and sensitive
proprietary information are generated, processed, stored, transmitted, and obtained via
networks and computer systems

EC-Council

File000154

Empfohlen

Empfohlen

Weitere ähnliche Inhalte

Was ist angesagt?

Was ist angesagt? (20)

Ähnlich wie File000154

Ähnlich wie File000154 (20)

Mehr von Desmond Devendran

Mehr von Desmond Devendran (20)

Kürzlich hochgeladen

Kürzlich hochgeladen (20)

File000154