corporate espionage tricks and tools

For Christmas, Andrew Hay linked over to a SANS paper by Shane W. Robinson, Corporate Espionage 201. Excellent little paper, and I thought I’d pull some info out and post it.

The idea of using Netgear XE102 devices to deliver ethernet over electrical lines is interesting, but I didn’t know it had gotten this far. For under $100, one can get a pair of these and start experimenting. Pretty soon we’re going to need some electrical outlet monitoring devices to listen for these signals being passed…

Silex has a SecurePrint device which will hold print jobs until the requestor walks over to the shared printer and is authenticated via their fingerprint. This seems to run around $500, which is a bit expensive for me to buy as a simple home toy, but might be justifiable if you can get dedicated printers out from HR/execs/managers/account managers and get them to securely use a workgroup printer. Still, if there is any issue with workground printers holding possibly confidential information in their print tills for too long, or grubby fingers picking up other people’s pages, this could be pretty useful.

DriveLock does what it sounds like it would do, especially when paired with the context of mobile laptops: locks down ports and drives. No idea how much this runs or even how truly effective it might be in a corporate setting, but I know we and many others are still wrestling with how to tackle device security on this level.

TrackStick is a GPS logger which can be attached to a car, left to log the driver’s travels, and then loaded into GoogleEarth or other programs. Just a small hop below real-time GPS locating technology. Can be found on Amazon for roughly $200, and others can be found by searching for “vehicle tracking.” I guess parents can use this to track their kids, eh? Jealous adults can track their significant others, and corporate spies can use this to profile assets. I wonder if the old concept of a surveillance society included the idea that everyone can surveil everyone else!

The LogiCube Sonix or Forensic Talon will provide fast media/drive duplication for well over $1000. Until encryption becomes widely used, it can be very exciting (or sobering) to think about what can all happen to a media device in an unintended party’s hands..

And to drive home the need for device port security, you can get a wristband that looks a heckuva lot like the “Be Strong” wristbands, but packs a USB port inside it. Load up your favorite USB-capable distro…