Slashdot Mirror
Spyware for Corporate Espionage
therufus writes "Late in July, an e-mail that hit employee in-boxes at a British credit card and finance company carried a secret payload--spyware capable of recording confidential corporate data and sending it over the Net."
Some enterprising cracker is going to encapsulate a key logger into a piece of spyware, it is going to have a logic bomb in it so it will self destruct (the purpose to gather info and then leave no trace) , it will record passwords and other info, and that info will be sent back to some third party possibly a hostile government.
/dev/null.
It's going to happen. Here's why it's troublesome and mod me down if you must but our operation has a blind allegiance to Redmond and the IM folks are not particularly bright. We have had network problems in the past. China has opted to bet the farm on Linux after seeing the Windows Source Code.
As one of the few Linux developers here, I fear a nightmare is coming. I would really welcome any ideas that anyone has about how we combat this or put our minds at ease.
Redmond related flames go to
I work for a Fortune 500 financial institution. We have very stringent requirements for our customer information. For instance, if any bank manager decides to take any client information to work over the weekend, he/she must get approval from 25% of the clients that he will work on. This is according to FCC regulations especially if said bank manager is using a wireless router with Verizon.
We also frown upon expedient use of inter-office e-mail for non-productive purposes. We found that the best way to rationalize our procedures is to make the frequent example of an employee who refuses to follow the rules.
Another point where we emphasize data security is in the discardation process of obsolete hardware. We make sure that any media has been de-magnetized (in case of floppies and CDs), exposed to ultraviolet light in case of Hard disk drives, or combusted for tape media.
So far our security record has been 100% according to our internal auditing firm.
Which is nice.
maybe if more companies get hit by these things, more BIG companies, more pressure might be applied to help solve the problem, more tougher laws? Higher fines?
And it has to be more than the USA that makes these laws, we need Asia and Europe to follow and nail these people.
My question is about sneaks. There are software packages that sneak spyware onto systems currently, but little is published about how to prevent this from happening. New technology circumvents anti-spyware using .Net and other features that hide the programs running. Similar uses for .Net is used by Counterstrike hacks, for cheating.
My guess is that while we keep putting energy toward blocking spyware, and detecting it, the same energy is being put toward inventing it. Is this a battle between good and evil? It would seem so.
Generally, I run anti-spyware programs on a frequent basis, but is it enough? Likely not. A watchdog organization, at the governmental level, is required, not just a committee. Committees come and go, but their findings should go toward an ethical standards legal department, or some kind of funded watchdog that has a declaration of what an ethical software package is, and what crosses the line. Penalties involving more than fines are in order, too, or you get people who just want to break even or make some dough, but are willing to risk fines. Espionage is illegal. Maybe that law applies, but IANAL...
The problem here is at several different levels. You can no longer expect nowadays to be protected by simply closing your doors to the outside world (ie. protecting your computer against outside attacks), but you also have to learn how to protect your computer from internal attacks. The risk of having a program already installed in your computer trying to access your data is quite higher these days than it was a few years ago, and for this very reason corporations should spend more time trying to develop encrypted systems for data storage and tighter policies aimed at improving their security systems.
It's also necessary to protect your data against your very own employees when they are not supposed to be able to see it. And I can say that often this is not the case.
Another important and necessary step is to instruct people using computers to work on security. And this is often not the case either.
Diego Rey
diegoT
But the problem is that *all* of those questions are moot in the world of laptops and VPNs. It is MUCH harder to defend against virii (et alia) from the inside of the network.
.vbs, .exe, et alia attachments? (Including to other employees, obviously.)
And who is going to tell the CEO that he can't bring his laptop (that his kid infected twelve ways from Sunday last night) into the office? Or that he can't *send*
Likewise, VPNs are a *wonderful* tool. The convenience of being able to transparently access corporate resources remotely is unbeatable. And a lot of VPN software even prevents personal internet connections while the VPN is active, to prevent backdoor routing into the corporate network.
If the client computer is already infected, however, none of that amounts to a hill of beans. It becomes exactly the same scenario as taking the laptop into the office, only more dangerous -- the home VPN machine may have a full-time 'net connection, and has a better chance of being infected already.
In short, if you really don't know the answers to your questions, you probably haven't supported a lot of senior management types.
If you're not living on the edge, you're just taking up space!
The one problem with this is salescritters. They expect to get emails from unknown folks...those are called sales leads. Of course, salescritters are also notorious for being fools (no, your customers will never write to say "I LOVE YOU"), but your attitude ignores that some people need to open emails that come from unknown sources.
1. I block all executable email at the server but PHBs will not let me block .zip files.
2. After two managers complained that they couldn't install any of software that they wanted because they didn't have Admin priviledges, the PHBs decided that everyone should have Admin rights so they could install anything that they want "within reason."
I just felt like sharing.
The Tools Of Ignorance wanna be a tool?
Well we know that a lot of these get around even secured networks because of the users. However, in most of these networks there is a competent admin who runs a firewall, but can't run ad-aware on every machine constantly (and if that were feasible, damage might already be done in one user session).
So here's my idea, which maybe is already done but if it is I'd like to hear more about it. Have the firewall maintain grey-listed domains/IP's, essentially running a quick spyware check on outgoing traffic. I don't think this would be a huge CPU load, as most traffic is incoming, not outgoing, in most offices. But I know I would like the routing machine in my office to send me a quick note if it suspects that IP 192.168.xxx.xxx has some spyware on it so I can check it out.
Seems like a simple enough idea... it wouldn't even have to be done real-time as by the time an admin got the note, real-time action could not be taken. But a router could use some spare CPU cycles to check its log's latest outgoing packets for at least some known activity.
Perhaps there is even a pattern of activity spyware reports through that a Bayesian-like filter would be able to catch and alert us of suspicious activity.
When we go home from work, we all know that despite how we have users that simply open email and click attachments like nuts no matter what we say. At the same time, these people have skills that our offices need. Perhaps this would be a good added layer of protection to prevent spyware form staying around long enough to cause damage.
The only thing more dangerous than a file named -rf is renaming it -rf\ /
Two years ago I was working for a major bank's international head office, and the security there was paranoidal. It was a sys-admins dream come true.
for the last time people, I am "frodo from middle eaRTH", not "middle eaST".
How about delaying the delivery of suspicious attachents by half an hour? If you get 10 emails (not necessarily the same addressee) with the same attachment within half an hour then declare it a virus/worm and do not deliver it. If no other copy arrives within half an hour then it is likely to be safe to deliver.
:-).
So just replace the attachment with a message stating that the attachment will be delivered in half an hour. If you get a call from the CEO then you'll know that the attachment was legit and you can forward it right when he calls
--Laci
Vendors routinely give out free stuff at conferences, and one of the popular ones these days (actually halfway useful!) is a free 32mb USB key. And of course, every such key comes with plug-n-pray drivers so you can plug it in and start writing to it.
They could easily include some network code in the driver that sends every document you write on the key to the company that sold the device. Of course, obscure this process: send only during idle periods; encrypt the document; send the files to some anonymous file dump in Malaysia or something that's only known and accessible by the company...
Since these devices are routinely given freely to corporate representatives, this might net a high percentage of corporate documents, some of which might be valuable.
- David Stein
Computer over. Virus = very yes.
The connection he's trying to make is that when KaZaA spreads spyware to 10s of millions of people, it is largely ignored by the /. crowd. Most comments come to KaZaA's defence, saying Sharman Networks is the white knight trumpeting P2P legitimacy in the face of the 800lb gorilla (RIAA/MPAA), and could do no wrong. Then when an article comes up about Spyware distribution, which usually occurs through less-than-obvious installation on the back of programs like KaZaA, /. comments latch on to the less-common mechanism of email exploitation and are quick to blame Microsoft.
Compare the earlier thread about KaZaA with this one. There is very little critism of KaZaA's spyware distribution (if any), and more just back and forth with the same tired arguments about P2P legitimacy (I'm not saying they're not valid, I've just heard them all a million times). This thread has little or no mention of KaZaA (except for the parent post and subsequent replies), and more talk about poor email client design.
"Now gluttony and exploitation serves eight!" - TV's Frank
If, for whatever reason, you decide to boot to the console and run all of your programs in Xfree86 (and I do believe that some people do this, for what reasons I do not know), then you can know, because everything that's running is open source. OS X's core is open source, it's just the GUI layer that isn't.
Mod down posts with a "Free Mac Mini/iPod" sig, they're spam!
I don't know about other networks, but the classified network at LLNL is quite securly locked down. Seperate computers, seperate network. The cables don't even run through the same conduit. The computers have to be on opposite sides of the room. There are no floppy or CD drives on the secure network. The hard drives for any machine on the secure network go into the repositories (read: big strong safes) when not in ACTIVE use. Employees aren't allowed RF devices with batteries on the site (none of the new palms with RF in them) and cell phones are only permitted if the batteries are out and in a different pocket. These guys take security seriously. A lot more seriously than most corporations. I think many comments are by people who are criticizing from the outside. Perhaps some other arm of the government which runs unsecure networks, but these ones are cracked WAY down...