A goo friend of mine and I were talking this weekend and the topic came up of corporate (and beyond) cyber espionage only just starting to be a force. I really believe that as more and more people have insecurity skills and our society continues to become more digitally dependent on information as our lifeblood in business, corporate espionage (which really has always been around) will only become more and more prevalent.
I wonder how many corporations (truly!) think it would be moral/immoral to:
1) Do some cyber “recon” at tradeshows on your competitors. Or maybe just DoS them during their demos? (active and passive attacks)
2) Hire some group to perform a DoS against a competitor’s website/service during a particularly important moment.
3) Perform recon to continually footprint and find systems and sensitive information. Do you know how often a company can give away new projects just by their public DNS entries?
4) Perform dumpster diving regularly?
5) Feel ok with profiling and possibly probing employees home networks (particularly wireless)? Think c-levels and remote sales, for starters.
6) Send malicious emails to targeted persons in a rival company hoping to root the system? Do you know how quickly someone running as local admin can have a malicious program installed which can then sniff and or grab email account passwords for very important people and then send it back to someone who can log into webmail whenever they want?
7) Try to guess some webmail passwords of important people?
8) Pay for someone who has information about a rival because this person just sits at major airports and attempts wireless attacks against travelers, looking for juicy connections and info to sell?
I really think this is only going to get worse and much more commonplace. Besides, much of this stuff is still way too easy to perform, and in a way that is still way too anonymous. And I think anyone who has been online any amount of time knows that laws are more “easily” broken when you’re not standing in front of a police officer. Physical presence is a barrier that most often protects our physical safety, but that deterrent is completely absent online.
Let me pose this thought to you…suppose that corporate espionage has been on-going for some time, in a variety of capacities. However, from a cyber- or digital perspective, it simply has not been detected. Visibility into networks and systems is so minimal at this point, that it’s unlikely that a lot of what’s going on isn’t seen.
I think you are absolutely correct! I’ve only worked at two smallish Internet companies in my short career, but I can tell you that unless an attacker was very noisy or services went down, neither company had too much chance of noticing or detecting potential issues by anything other than dumb luck. No one looks at FTP access logs, Windows/Domain event logs (even those with auditing turned on), dropped firewall hits, network monitoring trends, or indepth IDS/IPS logs.
I try to, but those tasks ultimately fall by the wayside to the other fires to put out, every time.
I still just feel we need, collectively, more real people and real eyeballs checking out logs, alerts, firewall bounces, audits, and so on. Basically your typical NSM activities.
But yes, definitely, I think there are way more incidents going on than we will ever hear about in a) the news or even b) our inner circles of confidantes. They’re just not being noticed.