E-Book, Englisch, 300 Seiten, Format (B × H): 191 mm x 235 mm
Burgess / Power / SYNGRESS Secrets Stolen, Fortunes Lost
1. Auflage 2011
ISBN: 978-0-08-055880-6
Verlag: Morgan Kaufmann
Format: EPUB
Kopierschutz: 6 - ePub Watermark
Preventing Intellectual Property Theft and Economic Espionage in the 21st Century
E-Book, Englisch, 300 Seiten, Format (B × H): 191 mm x 235 mm
ISBN: 978-0-08-055880-6
Verlag: Morgan Kaufmann
Format: EPUB
Kopierschutz: 6 - ePub Watermark
"The threats of economic espionage and intellectual property (IP) theft are global, stealthy, insidious, and increasingly common. According to the U.S. Commerce Department, IP theft is estimated to top $250 billion annually and also costs the United States approximately 750,000 jobs. The International Chamber of Commerce puts the global fiscal loss at more than $600 billion a year.
Secrets Stolen, Fortunes Lost offers both a fascinating journey into the underside of the Information Age, geopolitics, and global economy, shedding new light on corporate hacking, industrial espionage, counterfeiting and piracy, organized crime and related problems, and a comprehensive guide to developing a world-class defense against these threats. You will learn what you need to know about this dynamic global phenomenon (how it happens, what it costs, how to build an effective program to mitigate risk and how corporate culture determines your success), as well as how to deliver the message to the boardroom and the workforce as a whole. This book serves as an invaluable reservoir of ideas and energy to draw on as you develop a winning security strategy to overcome this formidable challenge.
.It's Not Someone Else's Problem: Your Enterprise is at Risk
Identify the dangers associated with intellectual property theft and economic espionage
.The Threat Comes from Many Sources
Describes the types of attackers, threat vectors, and modes of attack
.The Threat is Real
Explore case studies of real-world incidents in stark relief
.How to Defend Your Enterprise
Identify all aspects of a comprehensive program to tackle such threats and risks
.How to Deliver the Message: Awareness and Education
Adaptable content (awareness and education materials, policy language, briefing material, presentations, and assessment tools) that you can incorporate into your security program now"
Zielgruppe
Chief Information Officers, Chief Technology Officers, Chief Security Officers, CFOs, Chief Legal Officers, Information Security Professionals, Risk Managers, Auditors, IT Directors, Business Managers, Analysts, Consultants, Government Agency Officials, Investigators, Law Enforcement
Autoren/Hrsg.
Fachgebiete
Weitere Infos & Material
Your Enterprise At Risk; The Tale of the Targeted Trojan; When Insiders and/or Competitors Target Business; Intellectual Property; When State Entities Target Business? Intellectual Property; When Piracy, Counterfeiting and Organized Crime Target Business; Intellectual Property; Virtual Roundtable on Intellectual Property and Economic Espionage; Elements of a Holistic Program; Case Study: Cisco's Award-Winning Awareness Program; Case Study of A Bold, New Approach in Awareness and Education Meets An Ignoble Fate; Case Study--The Mysterious Social Engineering Attacks on Entity X; Personnel Security; Physical Security-The "Duh" Factor; Information Security; The Intelligent Approach; Protecting Intellectual Property in Crisis Situation; How to Sell Your Intellectual Property Protection Program; Appendices
Chapter 1 The Tale of the Targeted Trojan
Introduction
The Greeks delivered a gift of a wooden horse to the people of Troy. The citizens of Troy accepted the gift, the city fell shortly thereafter, and the term “Trojan Horse” entered the popular lexicon. The maturation of the information age has brought to us a plethora of network-based systems, a multitude of connectivity and information sharing methodologies, and a level of interconnectivity at the enterprise and individual level never experienced before. It is also likely to continue increasing in both scope and complexity (see Figure 1.1). Figure 1.1 Trojan Horse Programs That Target Confidential Information Are Proliferating Rapidly. They Are Not Used Just for Phishing Source: Symantec Internet Security Threat Report, 2007 Without security programs installed and security features turned on, these systems and methodologies are clearly vulnerable. But the sad reality is that even when protected by such security programs, with their various security features activated, these systems continue to be vulnerable to carefully crafted low-profile attack software that will be undetectable by a multitude of defensive products, in part because the majority of these products are designed as signature-based rather than event-based. For such products to be effective in maintaining the security of your system, three events must occur: ¦ The signature of the attack profile must match a known signature profile. ¦ The attack profile must have been seen before by the software manufacturer. ¦ The user must update the software to bring the signature of the attack profile to their system. The Haephrati Case
This tale of the targeted Trojan—a.k.a., the Haephrati case—was active from 2003 to 2005 and came to the public light in January 2006. At that time, we saw the extradition of Michael Haephrati along with his wife Ruth Brier-Haephrati from the UK to Israel, an event that under normal circumstances would not have garnered much attention had they not created, distributed, and utilized some of the most interesting and successful pieces of software specifically designed to steal the intellectual property of the target. Upon arrival in Israel, the couple pled guilty to the charges brought against them and were convicted. This case has turned out to be one of the most expansive and interesting cases of industrial espionage in many years. In late-May 2005, the two Haephratis were arrested by British authorities in London, at the request of Israeli authorities, for having conducted he “unauthorized modification of the contents of a computer.” Put more simply, they were charged with having created and placed a “Trojan” file on a computer, not their own, and having siphoned the contents from the computer. But this puts it too simply. What they really did was create their own cottage industry. They provided an “outsourced” technical capability that provided to the “business subscriber,” a monthly compendium of illicitly obtained correspondence, documents, economic data, and intellectual property from the computer systems of firms targeted by the Haephratis’ subscribers. In essence, provisions of a sophisticated and highly effective outsourced industrial/economic espionage capability were made available to both individuals and enterprises. The Chief Superintendent of the Israel Police National Fraud Unit, Arie Edleman, describing the tool created by Michael Haephrati said, “It not only penetrated the computer and sent material to wherever you wanted, but it also enabled you to completely control it, to change or erase files, for example. It also enabled you to see what was being typed in real time.” He continued, “This is not common software that anti-virus software makers have had to fix.” The When
¦ Initiated circa May 2003 ¦ Discovered circa November 2004 ¦ Neutralized circa May 2005 ¦ Arrested in the UK and then extradited to Israel January 2006 ¦ Convicted and sentenced March 2006 The How
The Hook ¦ Delivered via targeted personal e-mail. ¦ Received an e-mail from an address that looked like one of a known entity, such as the e-mail address gur_r@zahav.net.il, which was read as e-mail address gur-r@zahav.net.il. ¦ The bogus account was identified as being opened by a person who lived in London and charged the fees to their American Express card. ¦ Delivered via targeted commercial e-mail. ¦ Targets received an e-mail message offering a business opportunity. ¦ Those that responded to info@targetdata.biz would receive the Trojan. ¦ The domain targetdata.biz was registered to Haephrati. ¦ Delivered via targeted compact disc. ¦ Target received a compact disc offering a business opportunity. ¦ Those who responded to info@targetdata.biz would receive the Trojan. The Mechanism ¦ While the exact code that Haephrati created and customized for each victim has not been released to the public, a review of relevant security bulletins provides a good indication of how the code functioned. ¦ The Trojan included a key-logger, a store-and-forward capability, and would send documents and pictures to FTP servers (file storage servers) located in Israel, the U.S. and other locales. The investigation turned up dozens of servers located around the globe. The program allowed for Haephrati to remotely control the computer of the unsuspecting victim. In essence, Haephrati was running a well-managed store-and-forward service. They were not relying on botnets or other illicitly acquired infrastructures. They had a business to support and leased their infrastructure. According to the Israeli police, items stolen included marketing plans, employee pay slips, business plans, and details on new products, all of which were passed to rivals. The data included over 11,000 pages of data, which consisted of thousands of pages of “confidential” data (more than 11 gigabytes of material). The Who
Michael Haephrati is the computer programmer who created the original Trojan program, allegedly planted on his in-laws computer so as to provide him the means to harass his former in-laws. According to the press, Ruth Brier-Haephrati saw the business opportunity in selling the capability. In Israel, a number of private investigative firms were identified as being positioned between the Haephratis, the clients, and the victims. Haephrati began creating one-off programs for targeted delivery, based on information acquired about the victim—in other words, they were provided the specific information necessary to craft the tool that would undermine the security apparatus and/or techniques employed by the victim. According to the Israeli police, the capability was also sold to firms outside Israel, none of which have, as of mid-2007, been publicly identified. Thus, it is expected that firms outside Israel have also fallen victim to this type of methodology and specific technology. The Why
As noted earlier, the initial motive was revenge. Haephrati resented his former in-laws and set about to defame them by manipulating information obtained from their computer. The recipient of the Haephratis’ efforts had a simple motive: economic advantage over their competition. The Cost
Haephrati charged each business customer the equivalent of US3500 to create the customized program and make the initial install on the victim’s computer, and another US900/month to maintain the infrastructure used to collect, forward, store, collate, and deliver the illicitly acquired information on a monthly basis. The cost to the recipients was the fee they paid to the intermediary who contracted Haephrati’s services. And what was the cost to the victims? Extreme. They lost their intellectual property, lost business opportunity, and lost the privacy of their employees’ personal data. They also lost go-to-market plans, as well as customer requirements, and they potentially lost the trust of their customers. Table 1.1 lists various items traded on underground servers. Table 1.1 Advertised Prices of Items Traded on Underground Economy Servers Item Advertised Price (US$) U.S.-based credit card with card verification value $1–$6 UK-based credit card with card verification value $2–$12 An identity (including U.S. bank account, credit card, date of birth, and...
