BOSTON, Dec. 20 (UPI) — A Massachusetts man was sentenced to six months in prison and fined $25,000 for selling trade secrets of his employer, Akami Technologies Inc.
Elliot Doxer, 43, of Brookline pleaded guilty to one count of foreign economic espionage at a previous hearing. At his sentencing Monday, he also was given an additional six months of house arrest.
Federal prosecutors had sought a 36-month prison term.
During an 18-month period in 2009 and 2010, Doxer believed he was selling details of Akami contracts to an Israeli agent, who actually turned out to be an FBI investigator, Boston Business Journal reported.
A sentencing memorandum written by the government stated he tried to sell Israel “confidential contracts between Akami and the FBI, [Department of Homeland Security], a leading aerospace company and several Department of Defense contractors.” The total value of those contracts was near $10 million.
Doxer also insinuated to an agent that he wanted harm done to the mother of one of his children. “The mother is a terrible human being and has caused me tremendous suffering,” authorities said he told the agent. “Not enough bad things can happen to her, if you know what I mean.”
The security industry expects the number of cyber-espionage attacks to increase in 2012 and the malware used for this purpose to become increasingly sophisticated.
In the past two years there has been a surge in the number of malware-based attacks that resulted in sensitive data being stolen from government agencies, defense contractors, Fortune 500 companies, human rights organizations and other institutions. (See also “How to Remove Malware From Your Windows PC.”)
“I absolutely expect this trend to continue through 2012 and beyond,” said Rik Ferguson, director of security research and communication at security firm Trend Micro. “Espionage activities have, for hundreds of years, taken advantage of cutting-edge technologies to carry out covert operations; 2011 was not the beginning of Internet-facilitated espionage, nor will it be the end,” he added.
Threats like Stuxnet, which is credited with setting back Iran’s nuclear program by several years, or its successor, Duqu, have shocked the security industry with their level of sophistication. Experts believe that they are only the beginning and that more highly advanced malware will be launched in 2012.
“It is quite possible that we will see another of these threats in the near future,” said Gerry Egan, director of security response at Symantec. Duqu was used to gather design documents from companies that manufacture industrial control systems and could be a precursor to future Stuxnet-like industrial sabotage attacks, Egan explained.
“It is likely that new Duqu variations will cause mayhem in early 2012,” said Jeff Hudson, CEO of Venafi, a provider of enterprise key and certificate management solutions. “We have to be on a new state of alert to safeguard our assets and be better prepared to respond when the threat strikes.”
Battles, But Not Cyberwar
However, despite the emergence of Stuxnet and Duqu, security experts don’t believe that the world is actually watching a cyberwar in progress.
“To have any opposing action earn the title of ‘War’, there must be a declared state of conflict, and to my recollection, this has never happened in the case of CyberWar,” said professor John Walker, a member of the Security Advisory Group at ISACA, an organization that certifies IT professionals, via email.
“However, if we were to frame the question relating to ‘CyberConflict’, then I would consider this to be a very different case, where regular aggressive deployment of such capabilities occurs in one form of another in support of either a political or military purpose,” he added.
Countries like the U.S., U.K., Germany, China and India have established specialized teams and centers to defend government assets against cyberattacks and to even retaliate, if necessary. However, determining who is behind Internet-based hostile operations with certainty is impossible most of the time and that’s just one of the problems.
“All countries are wrestling with the question of retaliation,” Gerry Egan said via email. “If a blatant act of cyber war has occurred, how does one country retaliate and to what extent? What is a proportionate response?”
Threats like Stuxnet and Duqu could very well lead to major international cyber-conflicts in the future, but for now companies and governments should be more worried about cyber-espionage attacks that use simpler data exfiltration tools.
These unsophisticated, yet effective, pieces of malware are known in the security industry as Advanced Persistent Threats (APTs) and are usually distributed via social engineering. Operation Aurora, Shady RAT, GhostNet, Night Dragon and Nitro, are all examples of APT attacks reported during the last couple of years that have affected hundreds of organizations worldwide.
Bracing and Training
The number of APT attacks is likely to escalate in 2012 and defending against them requires frequent employee training and more aggressive protection technologies like those based on white-listing, file reputation, and application behavior.
“People still represent the weakest link in security for a large amount of enterprises and that is the reason they are targeted,” Ferguson said. “Training still has an important place in an organization’s security planning but it needs to be ongoing training, not a one-time only event.”
“So far we have been doing a much better job patching software than patching people,” said Amichai Shulman, CTO at security firm Imperva. “I spent time in the military trying to educate people about information security. It didn’t work there and it won’t work anywhere else.”
There should be a shift in protection paradigms and more control should be put around the data source. Restricting which applications can read certain information and detecting anomalous behavior, like sensitive data being accessed at strange hours of the day or being transferred in large quantity, is part of the solution, Shulman believes.
Technologies that can check a file’s reputation, age and regional popularity, before allowing it to be executed on a system can also be used to block APTs that were designed to evade traditional anti-malware detection methods.
“There is no doubt that major organisations need to be far more aware of the potential effects of malware,” said Jeff Hudson. “If this issue isn’t on the agenda of your board right now then the board is negligent,” he concluded.
Investec LOYAL’s thrilling Sydney to Hobart line honours win is under threat after its crew was accused of using an ABC helicopter pilot to spy on rival Wild Oats XI.
The race committee, and not the runner-up, has lodged a protest against the stunning victory – the fourth closest in race history – under a rule which polices outside assistance to boats.
LOYAL was on Wednesday night declared the provisional winner after its captain Anthony Bell was handed the protest documents on crossing the finish line in Hobart.
But the news, delivered by Cruising Yacht Club of Australia Commodore Garry Linacre, stunned the thousands lining the shore around Constitution dock as LOYAL lingered for close to an hour before docking.
A hearing will take place at the Royal Yacht Club of Tasmania at 10am (AEDT) on Thursday.
The race committee, chaired by Tim Cox, alleges the incident occurred at 6.30am on Tuesday, 30 nautical miles south of Merimbula on the NSW south coast.
The protest papers described the incident as: “Audio recording of conversation between ABC helicopter and Investec LOYAL.
“Crewman from Investec LOYAL seeking information from the helicopter of the sail plan in use on Wild Oats XI.
“In particular, information as to whether Wild Oats XI was flying a trysail.”
Linacre said the helicopter pilot would be a witness at the hearing, to be heard by an international panel, and if the protest was upheld the sanctions could include time penalties and even disqualification.
Bell attempted to explain the situation on reaching the shore, saying it was a misunderstanding involving an ABC interview with crewman Michael Coxon, who is also the chief executive of a company that supplies the sails to Wild Oats.
“It was the ABC who actually asked for the interview off us, it wasn’t actually the other way round,” Bell said.
“It was just a question by Michael saying, `oh geez, are they all right and I hope they haven’t broken their mainsail’.
“These things cost a quarter-of-a-million dollars and of course he would be concerned as to his business reputation.”
Bell said he was confident the victory would be confirmed by the panel.
“Michael (Coxon) is probably one of Australia’s most decorated yachtsman and he’s never had a skerrick in his whole career of any protest for improper behaviour,” he said.
“It is a bit anti-climactic.
“One thing that can’t be taken away from us, no matter what happens, no matter what’s said, is we sailed one hell of a race out there.”
LOYAL fought off a thrilling, last-ditch attacking onslaught from Wild Oats on the Derwent River to claim what would have been a first line honours victory for the boat.
Still eyeballing each other as they hit the river, LOYAL saw off some desperate manoeuvring from the five-time winner and race record holder to cross the finish line at 7.14pm (AEDT).
In one of the tightest finishes in the race’s history, LOYAL won with a margin of 3 minutes 8 seconds in a time of 2 days, 6 hours, 14 minutes and 18 seconds.
The ABC posted audio of the conversation between Coxon and its helicopter crew on its website.
Coxon is heard to say: “Can you confirm, does Wild Oats have their trysail up? … What colour is the mainsail they’ve got up?”
He is answered that both sails are grey and replies: “Copy that. That’s great news. Thanks, bye.”
LOS ANGELES (TheWrap.com) – Shots are being fired in the world of the digital camera.
California-based Red Digital Cinema alleges that a former executive at Delaware-based Arri engaged in corporate espionage when he hacked into the email server of a third camera company, according to a complaint Red filed December 21 in U.S. District Court in California.
According to the lawsuit, which was obtained by TheWrap, Red alleges Arri used the hacked emails to give its Alexa camera a competitive advantage over Red’s Epic camera.
Red alleges unfair competition based on email hacking, invasion of privacy, conversion, misappropriation of trade secrets and unlawful trade practices, among other charges.
In September, Michael Bravin, Arri’s ex-VP of market development for digital camera products, pleaded guilty to unlawfully accessing the email server of Band Pro Film Digital while he was employed at Arri.
Bravin, who had previously worked for Band Pro, was charged with computer fraud and email hacking and, following a plea agreement, was sentenced to two years’ probation, among other penalties.
Now, Red says some of the emails Bravin copied had sensitive information about the company’s technology, including the Epic camera. Some of the emails were from Red personnel including founder Jim Jannard, Red also alleges.
At the time of the hacking, Red was allegedly in confidential business discussions with Band Pro, discussing a potential joint venture. Arri employees — including Chief Technology Officer Glenn Kennel and Vice President of Camera Products Bill Russell — were aware Bravin was engaging in the hacking, Red says. Therefore, Arri is liable, according to Red.
“Red is informed and believes, and thereupon alleges, that Bravin saved or forwarded, either directly or verbally, the information obtained from the Band Pro emails to other Arri executives and employees,” the suit says.
Additionally, Red alleges that Arri started a false advertising campaign leading up to the launch of the Alexa camera, and that Bravin — using his real name and a pseudonym — posted on a Red blog, RedUser.net, disparaging the company’s products. Red says one of the Web-blog board’s policies is that users do not use false names.
Red is seeking damages, disgorgement, restitution and injunctive relief. The company is seeking a jury trial.
“It was quite shocking to them, that the vice president of Arri would steal business emails for use at Arri,” lawyer Gregory L. Weeks, who represents Red, told TheWrap.
A representative for Arri did not respond to TheWrap’s request for comment.
Movies including “The Hobbit,” “Prometheus” and “The Girl with the Dragon Tattoo” were shot with Red cameras.
“Hugo,” “Pariah” and “New Year’s Eve” were shot with Arri cameras.
There have been so many examples of cyber espionage that it is now the norm to just accept that it is rampant. MI5 in the UK, the German Chancellery, Titan Rain, GhostNet, the Pentagon email hack, Google Aurora – all are examples of cyber espionage, most on the part of China. But to date no evidence has been put forth other than claims from the injured parties.
Thanks to reporting from Anthony Freed of InfoSecIsland we have learned over the past few days that a group of Indian hackers that align themselves with Anonymous (the catch all movement for hackers these days)  have breached several Indian government servers and uncovered gold. If taken at face value their hacking has revealed
1. The Indian government has source code for Symantec’s AV software, albeit of 2006 vintage.
2. The Indian government is strong arming cell phone manufacturers to provide back doors into their handsets.
3. The Indian government is in possession of confidential internal communications from the US-China Economic and Security Review Commission (USCC).
And now in a new development we learn from Freed:
“Now YamaTough has provided potentially damning evidence that the Indian government is actively engaged in espionage efforts targeting not only the USCC, but potentially thousands of US government networks, ranging from those of federal agencies to systems used by state and municipal entities.”
YamaTough is part of The Lords of Dharmaraja hacking group in India.
You can see the difference between these unfolding events and previous claims of cyber espionage. The exfiltration of terabytes of data on the US Joint Strike Fighter or last March’s theft of “24,000 documents” has never been proved. They are just claims from admittedly credible sources. Thanks to a hacker group in India, InfosecIsland has source material that demonstrates wide spread cyber espionage on the part of the Indian Government which the hackers may publish.
This is a historically significant development for those of us who track cyber espionage.
