Corporate espionage is a business almost as old as corporations, but thanks to the Internet revolution it has a new business model: cybercrime. A new report from McAfee illustrates how intellectual property and trade secrets are becoming the primary target for hackers, and providing the currency that fuels the cyber underground.
The recent attack against RSA–resulting in the compromise of sensitive data related to the SecurID two-factor authentication that many corporations rely on to guard against unauthorized access and protect data–is an example of how even the very companies that we trust to help guard against corporate espionage are not invulnerable themselves. Hacked SecurID tokens could be used as a stepping stone to more serious corporate espionage.
“Cybercriminals have shifted their focus from physical assets to data driven properties, such as trade secrets or product planning documents,” said Simon Hunt, vice president and chief technology officer, endpoint security at McAfee. “We’ve seen significant attacks targeting this type of information. Sophisticated attacks such as s Operation Aurora, and even unsophisticated attacks like Night Dragon, have infiltrated some of the of the largest, and seemingly most protected corporations in the world. Criminals are targeting corporate intellectual capital and they are often succeeding.”
Personal information–names, addresses, birth dates–are still hot commodities for identity theft, and financial details–credit card numbers, bank account passwords–are big business as well. Don’t hold your breath waiting for botnets and other malware to stop trying to steal those types of data. But, hacking into corporate networks and stealing intellectual capital is generally safer and more lucrative.
For one thing, financial and healthcare organizations which are frequently the target of such data breaches, are also the most vigilant at detecting them. Combine that with the fact that most states have data breach notification laws requiring companies to disclose when data involving personal details or account information of individuals is involved, and it becomes increasingly difficult to fly under the radar and avoid having law enforcement agencies involved.
But, if a hacker instead steals the marketing plans and financial projections from one company, and sells it on the cyber underground to that company’s biggest competitor, there is less risk of alarm bells going off. Organizations don’t like to announce publicly that they have been hacked–so if there are no data breach notification laws compelling them to do so, odds are fair that the theft will be kept on the down low even if it is discovered.
Evolving trends such as the migration to the cloud, and the exodus from the internal network to mobile gadgets make the task of protecting corporate intellectual property that much more difficult. Think of a bank. When all of the money is stored in a steel vault inside the building, it is relatively easy to contain and protect it. Now, give that same money to hundreds of people to carry with them as they wander about, and make it accessible digitally from the Internet as well, and you can see that it is a much more complex issue to secure it.
IT admins need to take proactive steps to assess risk and implement appropriate security controls and defenses, and be vigilant about monitoring for suspicious and malicious behavior. You may not have the secret recipe for Coca Cola on your company file server (you don’t, do you?), but the data you do have is of value to your competitors, and could prove lucrative on the cyber underground.
PARIS (Reuters) – France’s intelligence services have unearthed a case of suspected industrial espionage at an engine subsidiary of French aerospace and defense firm Safran, Le Monde newspaper said in its weekend edition.
A Safran spokeswoman declined to comment on Sunday when contacted by Reuters about the report, which spoke of a Chinese link.
The newspaper said investigators had placed about 10 people in custody as they dig for information about a 2010 attack on the computer networks of Safran subsidiary Turbomeca, which makes helicopter engines.
It said hackers broke into the computer networks and gained access to sensitive information about propeller systems at Turbomeca, as well as Safran documents containing information about billing and the cost of various company projects.
The computer break-ins took place during the first eight months of 2010 and may have involved help from company insiders, Le Monde reported it was told by an unnamed judicial source.
French magistrates in Nanterre have been following up on the preliminary information unearthed by the domestic intelligence services (DCRI), the newspaper said.
While the Safran spokeswoman contacted by Reuters declined to comment, Le Monde said it had contacted the firm and been told: “All we know of is a minor case in 2009 that concerned Turbomeca.”
Turbomeca says on its website it is the leading helicopter engine supplier in China, with one in two helicopters there equipped with a Turbomeca engine or licensed product.
It also says it co-operates with Chinese firms Harbin Aircraft Industries Group, Changhe Aircraft Industry Group and the helicopter-making divisions of China’s Aviation Industry Corp, the state-owned aircraft maker.
Safran is roughly 30-percent owned by the French state, which is still smarting after another case of supposed espionage at carmaker Renault that turned out to be a case of fraud.
Suspicions of industrial espionage at Renault — which also involved a suspected Chinese link in the early days — were deflated last month when the case turned out to be one of fraud and Renault executives apologized to three executives it had fired.
(Reporting by Brian Love and Cyril Altmeyer; Editing by Sophie Hares)
IOWA CITY, Iowa (AP) — The University of Iowa has launched an investigation after employees at a medical clinic complained their supervisors hid a baby monitor to eavesdrop on them.
John Stellmach, president of a union that represents university employees, said Department of Urology workers discovered the monitor hidden on a shelf near a reception area on Monday. He says it would have picked up chatter by five secretaries and clerical workers.
Stellmach says managers explained the monitor was being used to determine whether secretaries were chatting too much and it was removed after they complained. He says employees feel their privacy was violated by the monitoring, which may have also picked up confidential medical information.
UI Vice President for Strategic Communication Tysen Kendig said Tuesday that human resources officials are leading the investigation.
Quebec is sending its new anti-corruption squad to unearth dirt at Montreal city hall, an investigation that has set off a ping-pong round of finger-pointing between the Charest government and Montreal’s mayor.
The Public Security Minister announced Wednesday that Quebec’s anti-corruption unit will set its sights on Montreal in the wake of startling disclosures of spying and illegal computer hacking against an elected official.
“There is profound concern about what’s going on,” Public Security Minister Robert Dutil said in Quebec City. “The allegations of recent days are not acceptable. We cannot tolerate the weakening of an institution like the city of Montreal.”
The succession of scandals has eroded the mayor’s standing and led to a poisonous atmosphere at city hall. But hours after Quebec’s announcement, a defiant Mr. Tremblay pushed back, saying the tumult was the result of his campaign to clean house.
“I said that I would clean up, and when you clean up, it bothers people,” the mayor told a City Hall press conference. “I’m not worried. Our books are open.”
The mayor, irritated that Mr. Dutil didn’t phone him before announcing the provincial probe, shot back with some house-cleaning advice of his own. He said what’s really needed in Quebec is a provincial inquiry into corruption in the construction industry – an oft-repeated call in Quebec that Premier Jean Charest has refused to heed.
“That’s where the real problem is,” the mayor said. “Not just in Montreal, but in Quebec.”
The tit-for-tat jabs did little to dissipate the less-than-stellar image of the body politic. It’s all the more surprising because Mr. Tremblay is a former provincial Liberal cabinet minister.
The investigation into Montreal’s affairs marks the maiden assignment for the Liberal government’s anti-corruption squad, which was created in February and became a Canadian first. Headed by long-time civil servant Robert Lafrenière, it already includes about 100 of the eventual 189 people on the team, and will make its report public.
After reading the NY Times account of David Sokol’s trading in Lubrizol just prior to pitching the stock to his boss, Warren Buffett , it seems crystal clear that Sokol engaged in insider trading.
But why should anyone be surprised by this? In my view Buffett and Berkshire have always been the ultimate insiders. Because of Warren’s status as a living investment legend he has access to all kinds of information average Joe investors only read about weeks later in the financial papers. I assume that having “insider” access is part of the culture at Berkshire, just as it is at big money hedge funds.
For example at the depths of the financial crisis, it was Buffett that got the call from Goldman Sachs offering him a sweet deal on 10% yielding $5 billion in preferred stock. Buffett also got a load of stock warrants.
Who get’s to buy $5 billion in Goldman Sach’s preferreds with a junk bond yield? No one but Berkshire Hathaway. Warren got a similarly sweet deal from General Electric at the depths of the financial crisis.
At the time of the Goldman purchase, in the Fall of 2008, Warren was being asked to lend a big vote of confidence to the American financial system by making a big investment in the world’s best known investment bank. Buffett’s profit on the whole Goldman rescue, including preferred dividends and stock warrant profits, will be north of $3.7 billion. Not a bad ROI for a $5 billion cash outlay. It’s the kind of profits you would expect “insiders” to make, not average Joe investors.
So as Raj Rajaratnam’s trial plays out in the media, investors should keep in mind that in the clubby moneyed world of giant hedge funds ( Berkshire is the probably biggest and most successful quasi-hedge fund ever), insider trading is pretty much commonplace. The smart money guys get information earlier than the rest of us, they act on it and make huge profits.