Menu
Navigation

Global articles on espionage, spying, bugs, and other interesting topics.

Keep abreast of the espionage threats facing your organisation.

Man sent to prison for economic espionage

BOSTON, Dec. 20 (UPI) — A Massachusetts man was sentenced to six months in prison and fined $25,000 for selling trade secrets of his employer, Akami Technologies Inc.

Elliot Doxer, 43, of Brookline pleaded guilty to one count of foreign economic espionage at a previous hearing. At his sentencing Monday, he also was given an additional six months of house arrest.

Federal prosecutors had sought a 36-month prison term.

During an 18-month period in 2009 and 2010, Doxer believed he was selling details of Akami contracts to an Israeli agent, who actually turned out to be an FBI investigator, Boston Business Journal reported.

A sentencing memorandum written by the government stated he tried to sell Israel “confidential contracts between Akami and the FBI, [Department of Homeland Security], a leading aerospace company and several Department of Defense contractors.” The total value of those contracts was near $10 million.

Doxer also insinuated to an agent that he wanted harm done to the mother of one of his children. “The mother is a terrible human being and has caused me tremendous suffering,” authorities said he told the agent. “Not enough bad things can happen to her, if you know what I mean.”


2012 Will See Rise in Cyber-Espionage and Malware, Experts Say

The security industry expects the number of cyber-espionage attacks to increase in 2012 and the malware used for this purpose to become increasingly sophisticated.

In the past two years there has been a surge in the number of malware-based attacks that resulted in sensitive data being stolen from government agencies, defense contractors, Fortune 500 companies, human rights organizations and other institutions. (See also “How to Remove Malware From Your Windows PC.”)

“I absolutely expect this trend to continue through 2012 and beyond,” said Rik Ferguson, director of security research and communication at security firm Trend Micro. “Espionage activities have, for hundreds of years, taken advantage of cutting-edge technologies to carry out covert operations; 2011 was not the beginning of Internet-facilitated espionage, nor will it be the end,” he added.

Threats like Stuxnet, which is credited with setting back Iran’s nuclear program by several years, or its successor, Duqu, have shocked the security industry with their level of sophistication. Experts believe that they are only the beginning and that more highly advanced malware will be launched in 2012.

“It is quite possible that we will see another of these threats in the near future,” said Gerry Egan, director of security response at Symantec. Duqu was used to gather design documents from companies that manufacture industrial control systems and could be a precursor to future Stuxnet-like industrial sabotage attacks, Egan explained.

“It is likely that new Duqu variations will cause mayhem in early 2012,” said Jeff Hudson, CEO of Venafi, a provider of enterprise key and certificate management solutions. “We have to be on a new state of alert to safeguard our assets and be better prepared to respond when the threat strikes.”

Battles, But Not Cyberwar

However, despite the emergence of Stuxnet and Duqu, security experts don’t believe that the world is actually watching a cyberwar in progress.

“To have any opposing action earn the title of ‘War’, there must be a declared state of conflict, and to my recollection, this has never happened in the case of CyberWar,” said professor John Walker, a member of the Security Advisory Group at ISACA, an organization that certifies IT professionals, via email.

“However, if we were to frame the question relating to ‘CyberConflict’, then I would consider this to be a very different case, where regular aggressive deployment of such capabilities occurs in one form of another in support of either a political or military purpose,” he added.

Countries like the U.S., U.K., Germany, China and India have established specialized teams and centers to defend government assets against cyberattacks and to even retaliate, if necessary. However, determining who is behind Internet-based hostile operations with certainty is impossible most of the time and that’s just one of the problems.

“All countries are wrestling with the question of retaliation,” Gerry Egan said via email. “If a blatant act of cyber war has occurred, how does one country retaliate and to what extent? What is a proportionate response?”

Threats like Stuxnet and Duqu could very well lead to major international cyber-conflicts in the future, but for now companies and governments should be more worried about cyber-espionage attacks that use simpler data exfiltration tools.

These unsophisticated, yet effective, pieces of malware are known in the security industry as Advanced Persistent Threats (APTs) and are usually distributed via social engineering. Operation Aurora, Shady RAT, GhostNet, Night Dragon and Nitro, are all examples of APT attacks reported during the last couple of years that have affected hundreds of organizations worldwide.

Bracing and Training

The number of APT attacks is likely to escalate in 2012 and defending against them requires frequent employee training and more aggressive protection technologies like those based on white-listing, file reputation, and application behavior.

“People still represent the weakest link in security for a large amount of enterprises and that is the reason they are targeted,” Ferguson said. “Training still has an important place in an organization’s security planning but it needs to be ongoing training, not a one-time only event.”

“So far we have been doing a much better job patching software than patching people,” said Amichai Shulman, CTO at security firm Imperva. “I spent time in the military trying to educate people about information security. It didn’t work there and it won’t work anywhere else.”

There should be a shift in protection paradigms and more control should be put around the data source. Restricting which applications can read certain information and detecting anomalous behavior, like sensitive data being accessed at strange hours of the day or being transferred in large quantity, is part of the solution, Shulman believes.

Technologies that can check a file’s reputation, age and regional popularity, before allowing it to be executed on a system can also be used to block APTs that were designed to evade traditional anti-malware detection methods.

“There is no doubt that major organisations need to be far more aware of the potential effects of malware,” said Jeff Hudson. “If this issue isn’t on the agenda of your board right now then the board is negligent,” he concluded.


Movie-camera maker accuses rival of corporate espionage

LOS ANGELES (TheWrap.com) – Shots are being fired in the world of the digital camera.

California-based Red Digital Cinema alleges that a former executive at Delaware-based Arri engaged in corporate espionage when he hacked into the email server of a third camera company, according to a complaint Red filed December 21 in U.S. District Court in California.

According to the lawsuit, which was obtained by TheWrap, Red alleges Arri used the hacked emails to give its Alexa camera a competitive advantage over Red’s Epic camera.

Red alleges unfair competition based on email hacking, invasion of privacy, conversion, misappropriation of trade secrets and unlawful trade practices, among other charges.

In September, Michael Bravin, Arri’s ex-VP of market development for digital camera products, pleaded guilty to unlawfully accessing the email server of Band Pro Film Digital while he was employed at Arri.

Bravin, who had previously worked for Band Pro, was charged with computer fraud and email hacking and, following a plea agreement, was sentenced to two years’ probation, among other penalties.

Now, Red says some of the emails Bravin copied had sensitive information about the company’s technology, including the Epic camera. Some of the emails were from Red personnel including founder Jim Jannard, Red also alleges.

At the time of the hacking, Red was allegedly in confidential business discussions with Band Pro, discussing a potential joint venture. Arri employees — including Chief Technology Officer Glenn Kennel and Vice President of Camera Products Bill Russell — were aware Bravin was engaging in the hacking, Red says. Therefore, Arri is liable, according to Red.

“Red is informed and believes, and thereupon alleges, that Bravin saved or forwarded, either directly or verbally, the information obtained from the Band Pro emails to other Arri executives and employees,” the suit says.

Additionally, Red alleges that Arri started a false advertising campaign leading up to the launch of the Alexa camera, and that Bravin — using his real name and a pseudonym — posted on a Red blog, RedUser.net, disparaging the company’s products. Red says one of the Web-blog board’s policies is that users do not use false names.

Red is seeking damages, disgorgement, restitution and injunctive relief. The company is seeking a jury trial.

“It was quite shocking to them, that the vice president of Arri would steal business emails for use at Arri,” lawyer Gregory L. Weeks, who represents Red, told TheWrap.

A representative for Arri did not respond to TheWrap’s request for comment.

Movies including “The Hobbit,” “Prometheus” and “The Girl with the Dragon Tattoo” were shot with Red cameras.

“Hugo,” “Pariah” and “New Year’s Eve” were shot with Arri cameras.


First documented case of cyber espionage?

There have been so many examples of cyber espionage that it is now the norm to just accept that it is rampant.  MI5 in the UK, the German Chancellery, Titan Rain, GhostNet, the Pentagon email hack,  Google Aurora – all are examples of  cyber espionage, most on the part of China.  But to date no evidence has been put forth other than claims from the injured parties.

Thanks to reporting  from Anthony Freed of InfoSecIsland we have learned over the past few days that a group of Indian hackers that align themselves with Anonymous (the catch all movement for hackers these days)   have breached several Indian government servers and uncovered gold.  If taken at face value their hacking has revealed

1. The Indian government has source code for Symantec’s AV software, albeit of 2006 vintage.

2. The Indian government is strong arming cell phone manufacturers to provide back doors into their handsets.

3. The Indian government is in possession of confidential internal communications from the US-China Economic and Security Review Commission (USCC).

And now in a new development we learn from Freed:

“Now YamaTough has provided potentially damning evidence that the Indian government is actively engaged in espionage efforts targeting not only the USCC, but potentially thousands of US government networks, ranging from those of federal agencies to systems used by state and municipal entities.”

YamaTough is part of The Lords of Dharmaraja hacking group in India.

You can see the difference between these unfolding events and previous claims of cyber espionage.  The exfiltration of terabytes of data on the US Joint Strike Fighter or last March’s theft of “24,000 documents” has never been proved. They are just claims from admittedly credible sources.  Thanks to a hacker group in India, InfosecIsland has source material that demonstrates wide spread cyber espionage on the part of the Indian Government which the hackers may publish.

This is a historically significant development for those of us who track cyber espionage.

 


Army charges AK soldier with attempted espionage

ANCHORAGE, Alaska (AP) — The U.S. Army charged an Alaska-based soldier Monday with attempted espionage, saying he communicated and transmitted national defense information to someone he believed was a foreign intelligence agent.

According to the charges, 22-year-old Spc. William Colton Millay of Owensboro, Ky., intended to aid a foreign nation.

“Millay had access to the information through the course of his normal duties both stateside and on a previous deployment, and although the information was unclassified, Millay believed that it could be used to the advantage of a foreign nation,” according to a description of the charges released by Army officials.

Officials would not identify the country Millay believed the so-called agent represented or if their investigation involved a sting operation. Millay was assigned to a combat tour in Iraq from December 2009 to July 2010, and he served in Korea, according to information provided by the Army.

Read More