Stealing Silicon Valley

pacopico writes "A series of robberies in Silicon Valley have start-ups feeling nervous. According to this report in Businessweek, a couple of networking companies were burgled recently with attempts made to steal their source code. The fear is that virtual attacks have now turned physical and that espionage in the area is on the rise. As a result, companies are now doing more physical penetration testing, including one case in which a guy was mailed in a FedEx box in a bid to try and break into a start-up."

the box was labelled "Supplies"

[themushroom]

And when the staff opened the top, a 4'5" Asian man jumped out and said "Supplies!!"

Did They Do Attack Trees?

[bill_mcgonigle]

C'mon, guys, if you'd have done your attack trees, you'd know that the guy who empties the waste basket can install a keylogger for a day for much less cost than it would take to break your 4096 bit PGP key.

I suppose this story does highlight some changing costs on the nodes, though - if physical penetration is becoming more prevalent, then either the cost of hiring somebody to do it is falling (due to massive unemployment, perhaps?) or the costs of other attacks are rising.

Re:Did They Do Attack Trees?

[cusco]

The cost of doing it is dropping because the tools are getting cheaper, easier to use, and easier to deploy. A local software company got hacked by someone just plugging a wireless router into an unoccupied network port in a conference room and taping it under the table (they think it was a job applicant being interviewed), and then just browsing their network from the parking lot that night. I've heard (second hand) of an office where the janitorial staff plugged a netbook into a port under a desk, let it sniff all network traffic for a couple of days, and then handed it off to whoever hired them. I've seen USB keyloggers advertised for under $100, and some of the newer remote control/viewing software can be autoinstalled and is unnoticeable to the casual user. It just isn't rocket surgery any more.