Industrial Espionage Attacks

Industrial Espionage Attacks

Henry Dalziel | General Hacking Posts, Information Security Conferences | November 1, 2012

We attended Hacker Halted in Miami which was excellent. One of the speakers was Gianni Gnesa, an Information Security professional from Switzerland. Gianni is CEH certified as well as having many other certifications.

Gianni’s talk was focused on Industrial Espionage and he gave a real example of how an attack took place in (i think it was) Switzerland. By “industrial espionage” we mean a malicious for purely commercial reasons. The opposite I guess would be national or economic espionage.

According to some stats that Gianni shared, since 1999 Fortune 1000 companies have lost more than 45 billion in lost earnings a year. This, by 2011, had risen to 400 billion a year. Clearly a lot of money! Taking this further, Gianni also reinforced the point that a lot of companies do not report the theft in fear of worrying their shareholders and of course, damaging their brand.

The Five Steps Of Industrial Espionage
Gianni outlined five steps. These are:

1. The actual “breaking in” – either into the network or the actual facility
2. Locating the sensitive data or information
3. Copying the data and sending it out of the environment
4. Leaving the network or facility
5. Getting rich or getting caught!

Gianni gave the example of GhostNet. GhostNet was a huge cyber spying operation (the name was given by the west) which was uncovered March 2009 and is defined as being an Advanced Persistent Threat. The cyber attack (and information gathering activities) where all executed from (allegedly) China and the targets were political, economic and media organizations. Amazingly the attack was registered to have taken place in over 100 countries! I mentioned that the cyber attack was allegedly controlled by China because there is little direct incriminating evidence. If you think otherwise please let us know and add to the post! Anyways – GhostNet was something that Gianni referred to in his talk. He mentioned that the attack was primarily executed via social engineering attacks by malicious email actions. His continued saying that all the trade secrets went to China – and that numerous governmental organizations were compromised.

Gianni wrapped up his excellent talk by discussing possible countermeasures. The main of which was to update your software and from an organization’s point of view, to perform numerous and regular penetration tests to check for vulnerabilities. Using Security information and event management, SIEM, was also strongly advised – with possible vendors and tools being HP ArcSight, Novell Sentinel, Tripwire Log Center and Splunk.

Another suggestion was to isolate valuable assets in internal servers that are not connected to the Internet.

Education and training was also highly recommended. Where you at Hacker Halted? Let us know.

Leave a comment or reply below...thanks!