A goo friend of mine and I were talking this weekend and the topic came up of corporate (and beyond) cyber espionage only just starting to be a force. I really believe that as more and more people have insecurity skills and our society continues to become more digitally dependent on information as our lifeblood in business, corporate espionage (which really has always been around) will only become more and more prevalent.
I wonder how many corporations (truly!) think it would be moral/immoral to:
1) Do some cyber “recon” at tradeshows on your competitors. Or maybe just DoS them during their demos? (active and passive attacks)
2) Hire some group to perform a DoS against a competitor’s website/service during a particularly important moment.
3) Perform recon to continually footprint and find systems and sensitive information. Do you know how often a company can give away new projects just by their public DNS entries?
4) Perform dumpster diving regularly?
5) Feel ok with profiling and possibly probing employees home networks (particularly wireless)? Think c-levels and remote sales, for starters.
6) Send malicious emails to targeted persons in a rival company hoping to root the system? Do you know how quickly someone running as local admin can have a malicious program installed which can then sniff and or grab email account passwords for very important people and then send it back to someone who can log into webmail whenever they want?
7) Try to guess some webmail passwords of important people?
8) Pay for someone who has information about a rival because this person just sits at major airports and attempts wireless attacks against travelers, looking for juicy connections and info to sell?
I really think this is only going to get worse and much more commonplace. Besides, much of this stuff is still way too easy to perform, and in a way that is still way too anonymous. And I think anyone who has been online any amount of time knows that laws are more “easily” broken when you’re not standing in front of a police officer. Physical presence is a barrier that most often protects our physical safety, but that deterrent is completely absent online.