Slashdot Mirror
Spyware for Corporate Espionage
therufus writes "Late in July, an e-mail that hit employee in-boxes at a British credit card and finance company carried a secret payload--spyware capable of recording confidential corporate data and sending it over the Net."
Most of my company's data already goes right to our competitors already. What with our fancy new wireless network. Check it out - SSID: linksys, no wep, no wpa...
Don't open Emails that you have no clue who they came from. This is just common sense.
Some enterprising cracker is going to encapsulate a key logger into a piece of spyware, it is going to have a logic bomb in it so it will self destruct (the purpose to gather info and then leave no trace) , it will record passwords and other info, and that info will be sent back to some third party possibly a hostile government.
/dev/null.
It's going to happen. Here's why it's troublesome and mod me down if you must but our operation has a blind allegiance to Redmond and the IM folks are not particularly bright. We have had network problems in the past. China has opted to bet the farm on Linux after seeing the Windows Source Code.
As one of the few Linux developers here, I fear a nightmare is coming. I would really welcome any ideas that anyone has about how we combat this or put our minds at ease.
Redmond related flames go to
Designing a spyware program: $153
Bulk emailing said program: $35
Obtaining thousands of credit card numbers: Priceless
Dubbed the Consortium Of Anti-Spyware Technology Vendors and led by the creators of the popular Ad-Aware and Pest Patrol software programs, the group is trying to create standard definitions of "spyware," "adware" and other pests, and give best-practices recommendations to the companies that want to avoid being blocked by their software.(emphasis added)
Once again, the main technical problem lies with Windows. Spyware is just another form of malware, which takes advantage of defects in the operating system to gain access.
I would hope that the Consortium Of Anti-Spyware Technology Vendors would promote Linux, Mac and other operating systems that are better equipped to rebuff malware attacks.
Ruby on Rails Screencast
I work for a Fortune 500 financial institution. We have very stringent requirements for our customer information. For instance, if any bank manager decides to take any client information to work over the weekend, he/she must get approval from 25% of the clients that he will work on. This is according to FCC regulations especially if said bank manager is using a wireless router with Verizon.
We also frown upon expedient use of inter-office e-mail for non-productive purposes. We found that the best way to rationalize our procedures is to make the frequent example of an employee who refuses to follow the rules.
Another point where we emphasize data security is in the discardation process of obsolete hardware. We make sure that any media has been de-magnetized (in case of floppies and CDs), exposed to ultraviolet light in case of Hard disk drives, or combusted for tape media.
So far our security record has been 100% according to our internal auditing firm.
Which is nice.
maybe if more companies get hit by these things, more BIG companies, more pressure might be applied to help solve the problem, more tougher laws? Higher fines?
And it has to be more than the USA that makes these laws, we need Asia and Europe to follow and nail these people.
My question is about sneaks. There are software packages that sneak spyware onto systems currently, but little is published about how to prevent this from happening. New technology circumvents anti-spyware using .Net and other features that hide the programs running. Similar uses for .Net is used by Counterstrike hacks, for cheating.
My guess is that while we keep putting energy toward blocking spyware, and detecting it, the same energy is being put toward inventing it. Is this a battle between good and evil? It would seem so.
Generally, I run anti-spyware programs on a frequent basis, but is it enough? Likely not. A watchdog organization, at the governmental level, is required, not just a committee. Committees come and go, but their findings should go toward an ethical standards legal department, or some kind of funded watchdog that has a declaration of what an ethical software package is, and what crosses the line. Penalties involving more than fines are in order, too, or you get people who just want to break even or make some dough, but are willing to risk fines. Espionage is illegal. Maybe that law applies, but IANAL...
I'm not. This is the logical conclusion (Or beginning) to the "virus age" that we've been experiencing. And I think the articale is wrong in some respects, like their thinking that the script kiddies and such are long gone. They are still here, and are having nore effect than ever as they modify already dangerous viruses, making it harder to block and stop them. And tell me, when has broad ranging legislation really helped anyone? Untill it's proven effective, I will remain wary of anything of the sort.
for the last time people, I am "frodo from middle eaRTH", not "middle eaST".
See? Bad things do happen to bad people!
Don't open Emails that you have no clue who they came from. This is just common sense
Come one, grow up, we're no longer 6 years old and there is no good reason why we should be forced to live in fear of our emails !!
If a email can do all kinds of bad stuff to your computer, it is the fault of the one who wrote the email software, period..
Don't try to blame the victim because he was simply using the software for what is it supposed to do ...
echo '[q]sa[ln0=aln80~Psnlbx]16isb572CCB9AE9DB03273snlbxq' |dc
The problem here is at several different levels. You can no longer expect nowadays to be protected by simply closing your doors to the outside world (ie. protecting your computer against outside attacks), but you also have to learn how to protect your computer from internal attacks. The risk of having a program already installed in your computer trying to access your data is quite higher these days than it was a few years ago, and for this very reason corporations should spend more time trying to develop encrypted systems for data storage and tighter policies aimed at improving their security systems.
It's also necessary to protect your data against your very own employees when they are not supposed to be able to see it. And I can say that often this is not the case.
Another important and necessary step is to instruct people using computers to work on security. And this is often not the case either.
Diego Rey
diegoT
As a sysadmin that has been dealing with security issues in financial and other corporate settings for well over a decade, I can tell you that the fear-factor on kiddies with their viruses starts to fade over time. However, what I've noticed happening is that people are coming to accept these relatively benign viruses, root-kits, etc as a fact of life, and they seem to be forgetting that where kiddie-hack-of-the-week can succede there WILL ALWAYS BE a small, but worrisome number of clueful people exploiting the opening.
Most often those people are insiders, so you have the added worry that things like firewalls are useless (do you sniff email for viruses on internal mail? do you have unpatched servers that only intenal users have access to?), and they may be able to convince others that you think you can trust to look the other way.
Security is one of those ugly balancing acts. Ultimately, it's a losing game because once a determined cracker with a clue sets their sights on you, you're done for. No amount of security is sufficient... really (yes, even a gasketted vault with armed guards CAN be cracked). The key is risk-vs-reward and always trying to make sure that some poor clueless bastard out there is an easier target than you.
Well we know that a lot of these get around even secured networks because of the users. However, in most of these networks there is a competent admin who runs a firewall, but can't run ad-aware on every machine constantly (and if that were feasible, damage might already be done in one user session).
So here's my idea, which maybe is already done but if it is I'd like to hear more about it. Have the firewall maintain grey-listed domains/IP's, essentially running a quick spyware check on outgoing traffic. I don't think this would be a huge CPU load, as most traffic is incoming, not outgoing, in most offices. But I know I would like the routing machine in my office to send me a quick note if it suspects that IP 192.168.xxx.xxx has some spyware on it so I can check it out.
Seems like a simple enough idea... it wouldn't even have to be done real-time as by the time an admin got the note, real-time action could not be taken. But a router could use some spare CPU cycles to check its log's latest outgoing packets for at least some known activity.
Perhaps there is even a pattern of activity spyware reports through that a Bayesian-like filter would be able to catch and alert us of suspicious activity.
When we go home from work, we all know that despite how we have users that simply open email and click attachments like nuts no matter what we say. At the same time, these people have skills that our offices need. Perhaps this would be a good added layer of protection to prevent spyware form staying around long enough to cause damage.
The only thing more dangerous than a file named -rf is renaming it -rf\ /
*Yawn* So what? Idiots will always open email attachments from unknown recipients and ultimately execute some sort of hidden code on their machine mainly because they can't figure out how to turn that stuff off or stop clicking on everything they see. I'd love to blame M$ here, but it really is the techno-weenies that do it to themselves by pretending they know how to use a computer, yet no matter how many times they're told "don't open attachments" they do it anyway. I love it when the email software is set up to autoexecute this stuff by default so they don't even know about it. RTFM, people!
-gam
"In theory, theory and practice are the same; in practice, they are not."
I think that China choose Linux not because of Windows source code but because Windows is the product of an American company.
But maybe I'm wrong.
Iraq: war to save the U
Are you talking about the US Millitary? Siprnet is rather closely watched, computers are audited for unauthorized applications, people get in serious trouble for installing unauthorized software on a secure network machine. It isnt connected to the internet. Ever.
And if you're not talking about siprnet, then that machine/person/network just really isn't important enough to worry about - from a national security perspective.
meh.
Vendors routinely give out free stuff at conferences, and one of the popular ones these days (actually halfway useful!) is a free 32mb USB key. And of course, every such key comes with plug-n-pray drivers so you can plug it in and start writing to it.
They could easily include some network code in the driver that sends every document you write on the key to the company that sold the device. Of course, obscure this process: send only during idle periods; encrypt the document; send the files to some anonymous file dump in Malaysia or something that's only known and accessible by the company...
Since these devices are routinely given freely to corporate representatives, this might net a high percentage of corporate documents, some of which might be valuable.
- David Stein
Computer over. Virus = very yes.