Spyware for Corporate Espionage

← Back to Stories (view on slashdot.org)

Spyware for Corporate Espionage

Posted by michael on Thursday November 20, 2003 @03:31AM from the outlook-deemed-harmful dept.

therufus writes "Late in July, an e-mail that hit employee in-boxes at a British credit card and finance company carried a secret payload--spyware capable of recording confidential corporate data and sending it over the Net."

12 of 216 comments (clear)

Min score:

Reason:

Sort:

Nothing new... by Anonymous Coward · 2003-11-20 03:34 · Score: 5, Funny

Most of my company's data already goes right to our competitors already. What with our fancy new wireless network. Check it out - SSID: linksys, no wep, no wpa...
Here's our nightmare scenario in the military.... by i_want_you_to_throw_ · 2003-11-20 03:35 · Score: 5, Interesting

Some enterprising cracker is going to encapsulate a key logger into a piece of spyware, it is going to have a logic bomb in it so it will self destruct (the purpose to gather info and then leave no trace) , it will record passwords and other info, and that info will be sent back to some third party possibly a hostile government.

It's going to happen. Here's why it's troublesome and mod me down if you must but our operation has a blind allegiance to Redmond and the IM folks are not particularly bright. We have had network problems in the past. China has opted to bet the farm on Linux after seeing the Windows Source Code.

As one of the few Linux developers here, I fear a nightmare is coming. I would really welcome any ideas that anyone has about how we combat this or put our minds at ease.

Redmond related flames go to /dev/null.
Is anyone surprised? by blankinthefill · 2003-11-20 03:40 · Score: 4, Insightful

I'm not. This is the logical conclusion (Or beginning) to the "virus age" that we've been experiencing. And I think the articale is wrong in some respects, like their thinking that the script kiddies and such are long gone. They are still here, and are having nore effect than ever as they modify already dangerous viruses, making it harder to block and stop them. And tell me, when has broad ranging legislation really helped anyone? Untill it's proven effective, I will remain wary of anything of the sort.
Questions... by frodo+from+middle+ea · 2003-11-20 03:41 · Score: 4, Insightful
Pardon my ignorance, but...
- What kind of stupid sys-admin allows .vbs, .js , .exe, .sws attachements thru the corporate email ?
- What kind of idiot sys-admin would allow the corporate users , to run their PCs with admin previleges , so that any unwanted junk s/w be installed on their PCs ?
- Which genius allows unrestricted access to confidential corporate data to its users ?
- Why do the corporate firewalls not block out-bound traffic to all ports but a select few HTTP/SSL ect ?
--
for the last time people, I am "frodo from middle eaRTH", not "middle eaST".
1. Re:Questions... by jdreed1024 · 2003-11-20 03:55 · Score: 5, Insightful
  
  What kind of stupid sys-admin allows .vbs, .js , .exe, .sws attachements thru the corporate email ?
  The sys-admin who is told by the CEO to remove the e-mail blocks, because someone wants to e-mail him a self-extracing zip file (.exe).
  What kind of idiot sys-admin would allow the corporate users , to run their PCs with admin previleges , so that any unwanted junk s/w be installed on their PCs ?
  The sys-admin who gets in trouble when he yelled at Bobby the Intern (who happens to be the CTO's nephew) for installing Kazaa on his machine. Ditto for the sys-admin who was told to turn the PHB's account into an Administrator account so he could install MS Entertainment Pack.
  Which genius allows unrestricted access to confidential corporate data to its users ?
  The genius who tried to secure the confidential corporate data with X.509 certificates and/or passwords, but was then told to remove them, because the VIPs were complaining about having to remember too many passwords.
  Why do the corporate firewalls not block out-bound traffic to all ports but a select few HTTP/SSL ect ?
  Because then the PHB can't use AIM to chat with his friends.
  Seriously, I worked as a sys-admin in an environment like this. You wouldn't believe the number of safety procedures that the CEO/CTO/PHB wanted to circumvent to make life easier for themselves. Unless you have a CTO who understands security and will stand up to the rest of the VIPs, you're doomed. Completely and utterly doomed.
  I attempted to implement the passwd changing program with cracklib support to prevent users from picking stupid passwords. That lasted about a week before I was told to take it away.
  There was a brief period of time where we went around and killed off IE on the desktop machines, because there were too many damn vulnerabilities. That lasted about 2 weeks before the CEO told us that the researchers couldn't use "this Netscape thing".
  Repeat for many other events. Bottom line is anyone who is not a sys-admin knows two things: routine and usability. However, implementing propert security requires changing at least one of those, if not both. And therein lies the problem.
  
  --
  There is no sig, there is only Zuul.
2. Re:Questions... by Samus · 2003-11-20 04:03 · Score: 4, Informative
  
  Why do the corporate firewalls not block out-bound traffic to all ports but a select few HTTP/SSL etc?
  I think any decent sized corporation with a firewall admin does this already. The problem starts when you have protocols designed to circumvent firewall security. SOAP is nothing really but rpc over http on port 80. You can block whatever ports you want but as long as you have an outbound port opening somebody can find a way to use it.
  
  What kind of idiot sys-admin would allow the corporate users , to run their PCs with admin previleges , so that any unwanted junk s/w be installed on their PCs ?
  
  Again it doesn't really matter. All the buffer overflow exploits that have happened recently didn't make a check to a security manager to see if they could install a piece of software. Nimda, code red etc just installed themselves.
  
  What kind of stupid sys-admin allows .vbs, .js , .exe, .sws attachements thru the corporate email ?
  If you haven't seen the list of attachments outlook 2003 won't let you send you'll laugh your ass off when you do. Its basically any document that you can create with a Microsoft tool with a few of their competitors thrown in for good measure(pdf!?). I still think people will find ways to socially engineer their way around that one.
  Which genius allows unrestricted access to confidential corporate data to its users ?
  
  Doesn't really matter. If the pc of someone who is authorized to view that data is comprimised the cracker gets the keys to the kingdom.
  
  --
  In Republican America phones tap you.
3. Re:Questions... by frodo+from+middle+ea · 2003-11-20 04:18 · Score: 4, Interesting
  I can sympathise with you , but you do realise that you are working (or have worked) for one idiot CEO.
  Two years ago I was working for a major bank's international head office, and the security there was paranoidal. It was a sys-admins dream come true.
  
  No internet access, except for only those who need it. only http and https allowed.
  
  No FTP or telnet, only ssh allowed, and ssh server , configured to allow access only from a very restricted subdomain
  
  All system/sys DB accounts disabled after initial setup. No database with customer data could go live unless the system/sys a/cs were disabled
  
  Audit loggig of every data that goes in-out
  
  Root password split btween 3 persons, i.e. all three have to be present to log in as root..priceless
  
  A new password generated for every previleged a/c login. i.e. password valid for only one login
  --
  for the last time people, I am "frodo from middle eaRTH", not "middle eaST".
Re:Here is an idea. by binaryDigit · 2003-11-20 03:46 · Score: 4, Insightful

Don't open Emails that you have no clue who they came from. This is just common sense.

That line of defense fails when only 1 person forgets this fact (or as a permutation of the following) and the "virus/worm" spreads itself by having the from address of the newly infected person. Plus, it doesn't take a lot of effort to find out who the IT or some other higher up in a company is and use their name as the sender of the email.
BS !! by AftanGustur · 2003-11-20 03:51 · Score: 4, Insightful

Don't open Emails that you have no clue who they came from. This is just common sense
Come one, grow up, we're no longer 6 years old and there is no good reason why we should be forced to live in fear of our emails !!
If a email can do all kinds of bad stuff to your computer, it is the fault of the one who wrote the email software, period..
Don't try to blame the victim because he was simply using the software for what is it supposed to do ...

--
echo '[q]sa[ln0=aln80~Psnlbx]16isb572CCB9AE9DB03273snlbxq' |dc
This happens quite a lot by nodwick · 2003-11-20 03:53 · Score: 4, Insightful

There's an article in Dvorak's column in this month's PC Magazine (near the middle) describing how a day trader used a key logger to steal someone's brokerage password via a similar scheme. From the article:
Using an alias, Dinh began prowling around in an online stock-chat forum, until he got the e-mail addresses of some of the traders. Using yet another alias, he then e-mailed these folks the key-logging backdoor, claiming in a long letter that he was beta-testing a new stock-charting software system and wondering whether they could help.
Apparently, one unsuspecting sucker executed the software and wasn't suspicious when it didn't really do anything. Now Dinh had a backdoor and simply key-logged until he found the guy's online brokerage information and password. He could buy and sell from the guy's account.
Apparently he used the other account as a dump for derivatives that he needed to offload quickly. Of course the person in the story should obviously have been more careful about clicking on attachments, but one lesson here is that as people become increasingly wired, the value of logins and passwords is becoming high enough that stealing those is as valuable or more than credit card numbers. This is especially true if you think about how much you can do financially online -- many people use the Internet almost exclusively for bill payments, stock transactions, money transfers, etc.
idiots always open attachments... by gamlidek · 2003-11-20 04:22 · Score: 4, Insightful

*Yawn* So what? Idiots will always open email attachments from unknown recipients and ultimately execute some sort of hidden code on their machine mainly because they can't figure out how to turn that stuff off or stop clicking on everything they see. I'd love to blame M$ here, but it really is the techno-weenies that do it to themselves by pretending they know how to use a computer, yet no matter how many times they're told "don't open attachments" they do it anyway. I love it when the email software is set up to autoexecute this stuff by default so they don't even know about it. RTFM, people!

-gam

--
"In theory, theory and practice are the same; in practice, they are not."
Re:Here's our nightmare scenario in the military.. by zeux · 2003-11-20 04:34 · Score: 5, Insightful

China has opted to bet the farm on Linux after seeing the Windows Source Code.

I think that China choose Linux not because of Windows source code but because Windows is the product of an American company.

But maybe I'm wrong.

--
Iraq: war to save the U