Slashdot Mirror
Spyware for Corporate Espionage
therufus writes "Late in July, an e-mail that hit employee in-boxes at a British credit card and finance company carried a secret payload--spyware capable of recording confidential corporate data and sending it over the Net."
Most of my company's data already goes right to our competitors already. What with our fancy new wireless network. Check it out - SSID: linksys, no wep, no wpa...
Don't open Emails that you have no clue who they came from. This is just common sense.
Some enterprising cracker is going to encapsulate a key logger into a piece of spyware, it is going to have a logic bomb in it so it will self destruct (the purpose to gather info and then leave no trace) , it will record passwords and other info, and that info will be sent back to some third party possibly a hostile government.
/dev/null.
It's going to happen. Here's why it's troublesome and mod me down if you must but our operation has a blind allegiance to Redmond and the IM folks are not particularly bright. We have had network problems in the past. China has opted to bet the farm on Linux after seeing the Windows Source Code.
As one of the few Linux developers here, I fear a nightmare is coming. I would really welcome any ideas that anyone has about how we combat this or put our minds at ease.
Redmond related flames go to
Designing a spyware program: $153
Bulk emailing said program: $35
Obtaining thousands of credit card numbers: Priceless
Dubbed the Consortium Of Anti-Spyware Technology Vendors and led by the creators of the popular Ad-Aware and Pest Patrol software programs, the group is trying to create standard definitions of "spyware," "adware" and other pests, and give best-practices recommendations to the companies that want to avoid being blocked by their software.(emphasis added)
Once again, the main technical problem lies with Windows. Spyware is just another form of malware, which takes advantage of defects in the operating system to gain access.
I would hope that the Consortium Of Anti-Spyware Technology Vendors would promote Linux, Mac and other operating systems that are better equipped to rebuff malware attacks.
Ruby on Rails Screencast
I work for a Fortune 500 financial institution. We have very stringent requirements for our customer information. For instance, if any bank manager decides to take any client information to work over the weekend, he/she must get approval from 25% of the clients that he will work on. This is according to FCC regulations especially if said bank manager is using a wireless router with Verizon.
We also frown upon expedient use of inter-office e-mail for non-productive purposes. We found that the best way to rationalize our procedures is to make the frequent example of an employee who refuses to follow the rules.
Another point where we emphasize data security is in the discardation process of obsolete hardware. We make sure that any media has been de-magnetized (in case of floppies and CDs), exposed to ultraviolet light in case of Hard disk drives, or combusted for tape media.
So far our security record has been 100% according to our internal auditing firm.
Which is nice.
maybe if more companies get hit by these things, more BIG companies, more pressure might be applied to help solve the problem, more tougher laws? Higher fines?
And it has to be more than the USA that makes these laws, we need Asia and Europe to follow and nail these people.
My question is about sneaks. There are software packages that sneak spyware onto systems currently, but little is published about how to prevent this from happening. New technology circumvents anti-spyware using .Net and other features that hide the programs running. Similar uses for .Net is used by Counterstrike hacks, for cheating.
My guess is that while we keep putting energy toward blocking spyware, and detecting it, the same energy is being put toward inventing it. Is this a battle between good and evil? It would seem so.
Generally, I run anti-spyware programs on a frequent basis, but is it enough? Likely not. A watchdog organization, at the governmental level, is required, not just a committee. Committees come and go, but their findings should go toward an ethical standards legal department, or some kind of funded watchdog that has a declaration of what an ethical software package is, and what crosses the line. Penalties involving more than fines are in order, too, or you get people who just want to break even or make some dough, but are willing to risk fines. Espionage is illegal. Maybe that law applies, but IANAL...
I'm not. This is the logical conclusion (Or beginning) to the "virus age" that we've been experiencing. And I think the articale is wrong in some respects, like their thinking that the script kiddies and such are long gone. They are still here, and are having nore effect than ever as they modify already dangerous viruses, making it harder to block and stop them. And tell me, when has broad ranging legislation really helped anyone? Untill it's proven effective, I will remain wary of anything of the sort.
for the last time people, I am "frodo from middle eaRTH", not "middle eaST".
See? Bad things do happen to bad people!
I second that, it would not be too hard to either write the key logger or the logic bomb - for that matter it would not nessecary need to destroy the entire program, just anything that can be used to track back to the oginator. The biggest problem in preventing something such would be to control the vectors through which it could be introduced to the network (i.e. Users running e-mail attactments), because once the program is on the network the damage has been done.
Don't open Emails that you have no clue who they came from. This is just common sense
Come one, grow up, we're no longer 6 years old and there is no good reason why we should be forced to live in fear of our emails !!
If a email can do all kinds of bad stuff to your computer, it is the fault of the one who wrote the email software, period..
Don't try to blame the victim because he was simply using the software for what is it supposed to do ...
echo '[q]sa[ln0=aln80~Psnlbx]16isb572CCB9AE9DB03273snlbxq' |dc
Microsoft is now focussing on security, so there's no need to worry any more :-)
Since we're 110% confident that all those dedicated knowledgeable MS administrators will be keeping up-to-date with all the patches, and that with the new focus, MS software will soon be completely immune to viruses, who cares about any of this stuff ?
Simon.
[removes tongue from cheek]
Physicists get Hadrons!
The problem here is at several different levels. You can no longer expect nowadays to be protected by simply closing your doors to the outside world (ie. protecting your computer against outside attacks), but you also have to learn how to protect your computer from internal attacks. The risk of having a program already installed in your computer trying to access your data is quite higher these days than it was a few years ago, and for this very reason corporations should spend more time trying to develop encrypted systems for data storage and tighter policies aimed at improving their security systems.
It's also necessary to protect your data against your very own employees when they are not supposed to be able to see it. And I can say that often this is not the case.
Another important and necessary step is to instruct people using computers to work on security. And this is often not the case either.
Diego Rey
diegoT
As a sysadmin that has been dealing with security issues in financial and other corporate settings for well over a decade, I can tell you that the fear-factor on kiddies with their viruses starts to fade over time. However, what I've noticed happening is that people are coming to accept these relatively benign viruses, root-kits, etc as a fact of life, and they seem to be forgetting that where kiddie-hack-of-the-week can succede there WILL ALWAYS BE a small, but worrisome number of clueful people exploiting the opening.
Most often those people are insiders, so you have the added worry that things like firewalls are useless (do you sniff email for viruses on internal mail? do you have unpatched servers that only intenal users have access to?), and they may be able to convince others that you think you can trust to look the other way.
Security is one of those ugly balancing acts. Ultimately, it's a losing game because once a determined cracker with a clue sets their sights on you, you're done for. No amount of security is sufficient... really (yes, even a gasketted vault with armed guards CAN be cracked). The key is risk-vs-reward and always trying to make sure that some poor clueless bastard out there is an easier target than you.
Well we know that a lot of these get around even secured networks because of the users. However, in most of these networks there is a competent admin who runs a firewall, but can't run ad-aware on every machine constantly (and if that were feasible, damage might already be done in one user session).
So here's my idea, which maybe is already done but if it is I'd like to hear more about it. Have the firewall maintain grey-listed domains/IP's, essentially running a quick spyware check on outgoing traffic. I don't think this would be a huge CPU load, as most traffic is incoming, not outgoing, in most offices. But I know I would like the routing machine in my office to send me a quick note if it suspects that IP 192.168.xxx.xxx has some spyware on it so I can check it out.
Seems like a simple enough idea... it wouldn't even have to be done real-time as by the time an admin got the note, real-time action could not be taken. But a router could use some spare CPU cycles to check its log's latest outgoing packets for at least some known activity.
Perhaps there is even a pattern of activity spyware reports through that a Bayesian-like filter would be able to catch and alert us of suspicious activity.
When we go home from work, we all know that despite how we have users that simply open email and click attachments like nuts no matter what we say. At the same time, these people have skills that our offices need. Perhaps this would be a good added layer of protection to prevent spyware form staying around long enough to cause damage.
The only thing more dangerous than a file named -rf is renaming it -rf\ /
The only thing that's news here is that someone caught it. God knows how much information is redistributed / modified this way (there are at least a dozen similar methods I can think of personally that any self-respecting spy, corporate or otherwise, must be using). That this one was caught just shows that people that aren't professionals are getting into the game.
I have the pessimistic view that anything you know that someone else knows must be public knowledge (certainly to any member of the public that cares to know). The trick is, if you know they know, how do minimize the damage from the notions of a "secret" or "confidentiality" becoming extinct?
God forbid we do develop telepathy like some sci-fi prophesied evolutionary advance.
At least for those with Windows boxes. My two favorites:
Spybot S&D It's free and it "innouculates." Regular updates too.
Spywareblaster. A little reduncancy, and it has a nice Flash killing tool as well.
Honorable mention:
Peer Guardian. In addition to RIAA IP address killing, it prevents loading of DoubleClick ads and snoopware. Regular blocklist updates, and IP addy's may be manually added.
Slashdot "libertarians": Small government for me, big government for those I disagree with. -1, I disagree with you
*Yawn* So what? Idiots will always open email attachments from unknown recipients and ultimately execute some sort of hidden code on their machine mainly because they can't figure out how to turn that stuff off or stop clicking on everything they see. I'd love to blame M$ here, but it really is the techno-weenies that do it to themselves by pretending they know how to use a computer, yet no matter how many times they're told "don't open attachments" they do it anyway. I love it when the email software is set up to autoexecute this stuff by default so they don't even know about it. RTFM, people!
-gam
"In theory, theory and practice are the same; in practice, they are not."
I think that China choose Linux not because of Windows source code but because Windows is the product of an American company.
But maybe I'm wrong.
Iraq: war to save the U
Are you talking about the US Millitary? Siprnet is rather closely watched, computers are audited for unauthorized applications, people get in serious trouble for installing unauthorized software on a secure network machine. It isnt connected to the internet. Ever.
And if you're not talking about siprnet, then that machine/person/network just really isn't important enough to worry about - from a national security perspective.
meh.
In the security context, Kazaa is actually much more to blame than Microsoft. Kazaa installs New.Net and other intrusive applications that compromise the privacy of their users. It is true that Microsoft Media Player and Windows Update also collect data on the habits of the userbase, but AFAIK their software isn't quite so intrusive.
In the context of preserving intellectual property, Kazaa is to blame to some extent, but perhaps less so than Microsoft, Cisco, the phone companies and other infrastructure providers. Kazaa couldn't exist without a high-speed digital network with pervasive, ubiquitous connectivity. Kazaa is really only the "last mile" of a journey across a continent - because the infrastructure exists, destroying Napster and its derivatives simply causes the network to evolve a more rugged replacement - because the effort to evolve a new Napster is almost trivial.
In any case, Microsoft could do some very public things to improve security:
To date, Microsoft has done nothing more than some enthusiastic chest-thumping about security. They have not seriously engaged a solution, and they are losing sales as a consequence.
Vendors routinely give out free stuff at conferences, and one of the popular ones these days (actually halfway useful!) is a free 32mb USB key. And of course, every such key comes with plug-n-pray drivers so you can plug it in and start writing to it.
They could easily include some network code in the driver that sends every document you write on the key to the company that sold the device. Of course, obscure this process: send only during idle periods; encrypt the document; send the files to some anonymous file dump in Malaysia or something that's only known and accessible by the company...
Since these devices are routinely given freely to corporate representatives, this might net a high percentage of corporate documents, some of which might be valuable.
- David Stein
Computer over. Virus = very yes.
The advantage of completely wiping the key logger is that if you destroy the evidence that they've been hacked, they'll never raise their suspicions, and you're much more likely to get away with whatever you're going to use those passwords for.
Otherwise some administrator browses through someone's machine two months later, trying to figure out why it's so slow, and says "oh, shit..." - and then security clamps down like a {pick useful crude metaphor here}. It's far easier to slip in when noone's the wiser.
-Hentai [in vita non pacem est]
We have had network problems in the past. China has opted to bet the farm on Linux after seeing the Windows Source Code.
Even worse, maybe China never intended to use Windows but just wanted the source so that they might discover more vulnerabilities.
If, for whatever reason, you decide to boot to the console and run all of your programs in Xfree86 (and I do believe that some people do this, for what reasons I do not know), then you can know, because everything that's running is open source. OS X's core is open source, it's just the GUI layer that isn't.
Mod down posts with a "Free Mac Mini/iPod" sig, they're spam!
I disagree...it is MUCH better to have the entire program destroyed and no trace left whatsoever that the key logger/trojan/whatever you want to call it was there. That way a post mortem could not determine whether a specific machine was compromised.
What would be scarier to you if you were in charge of machines with valuable data on them - a warning that said there was a potential breach, and check here, here and here to see if you were affected, or a warning that said there was a potential breach, however there is no way to determine whether you were affected or not? The latter situation certainly sounds scarier to me (if I acutally had anything that mattered on my PC)
Send your stolen information encrypted to a USENET group, and pick it up there. No connection traceable that way. And no one but you can read it. And out of the millions of messages...who else would know were to find it. Especially if you bounced it through some nym servers or mixmaster servers around the world a few times.
Light travels faster than sound. This is why some people appear bright until you hear them speak.........
Gator does not make AD-Aware. Lavasoft makes AD-Aware.
You might be thinking of Spyware Nuker, which was spun off of the company (Lions' Pride Enterprises) that made the "Yo Mama Osama" spyware.
Caveat Emptor is not a business model.