Secrets Stolen, Fortunes Lost offers both a fascinating journey into the underside of the Information Age, geopolitics, and global economy, shedding new light on corporate hacking, industrial espionage, counterfeiting and piracy, organized crime and related problems, and a comprehensive guide to developing a world-class defense against these threats. You will learn what you need to know about this dynamic global phenomenon (how it happens, what it costs, how to build an effective program to mitigate risk and how corporate culture determines your success), as well as how to deliver the message to the boardroom and the workforce as a whole. This book serves as an invaluable reservoir of ideas and energy to draw on as you develop a winning security strategy to overcome this formidable challenge.
.It's Not Someone Else's Problem: Your Enterprise is at Risk
Identify the dangers associated with intellectual property theft and economic espionage
.The Threat Comes from Many Sources
Describes the types of attackers, threat vectors, and modes of attack
.The Threat is Real
Explore case studies of real-world incidents in stark relief
.How to Defend Your Enterprise
Identify all aspects of a comprehensive program to tackle such threats and risks
.How to Deliver the Message: Awareness and Education
Adaptable content (awareness and education materials, policy language, briefing material, presentations, and assessment tools) that you can incorporate into your security program now"
The threats of economic espionage and intellectual property (IP) theft are global, stealthy, insidious, and increasingly common. According to the U.S. Commerce Department, IP theft is estimated to top $250 billion annually and also costs the United States approximately 750,000 jobs. The International Chamber of Commerce puts the global fiscal loss at more than $600 billion a year.Secrets Stolen, Fortunes Lost offers both a fascinating journey into the underside of the Information Age, geopolitics, and global economy, shedding new light on corporate hacking, industrial espionage, counterfeiting and piracy, organized crime and related problems, and a comprehensive guide to developing a world-class defense against these threats. You will learn what you need to know about this dynamic global phenomenon (how it happens, what it costs, how to build an effective program to mitigate risk and how corporate culture determines your success), as well as how to deliver the message to the boardroom and the workforce as a whole. This book serves as an invaluable reservoir of ideas and energy to draw on as you develop a winning security strategy to overcome this formidable challenge. It's Not "e;Someone Else's? Problem: Your Enterprise is at Risk Identify the dangers associated with intellectual property theft and economic espionage The Threat Comes from Many Sources Describes the types of attackers, threat vectors, and modes of attack The Threat is Real Explore case studies of real-world incidents in stark relief How to Defend Your Enterprise Identify all aspects of a comprehensive program to tackle such threats and risks How to Deliver the Message: Awareness and Education Adaptable content (awareness and education materials, policy language, briefing material, presentations, and assessment tools) that you can incorporate into your security program now
Front Cover 1
Secrets Stolen, Fortunes Lost 2
Copyright Page 4
Authors 6
Contents 8
Introduction 14
Part 1: The Challenge 22
Chapter 1: The Tale of the Targeted Trojan 24
Introduction 25
The Haephrati Case 26
The When 27
The How 27
The Hook 27
The Mechanism 27
The Who 28
The Why 28
The Cost 28
The Discovery 29
The Scope 30
Alleged Intermediary Clients 30
Alleged End-Recipients 30
Companies Identified as Victims 31
Related U.S./UK Advisories 32
UK - National Infrastructure Security Coordination Centre (NISCC) 32
U.S. - The Department of Homeland Security (DHS) 33
Chapter 2: When Insiders and/or Competitors Target a Business's Intellectual Property 36
Introduction 37
Lightwave Microsystems 37
America Online 39
Casiano Communications 40
Corning and PicVue 41
Avery Dennison and Four Pillars 43
Lexar Media and Toshiba 45
SigmaTel and Citroen 48
3 dGEO - China 50
Chapter 3: When State Entities Target a Business's Intellectual Property 52
Introduction 53
Airbus and Saudi Arabian Airlines 54
Russian Intelligence and Japanese Trade Secrets 54
Japan and the Cleveland Clinic Foundation 57
China and Russia: TsNIIMASH-Export 59
Overt Nation State Attempts: India, Venezuela, Brazil, and Others 60
Current and Future Threats to Economic Security 62
Chapter 4: When Piracy, Counterfeiting, and Organized Crime Target a Business's Intellectual Property 66
Introduction 67
Technology Counterfeiting 71
The Apparel Industry 73
The Entertainment Industry 74
Chapter 5: Virtual Roundtable on Intellectual Property and Economic Espionage 78
Introduction 79
The Legal Perspective: Naomi Fine 81
The OpSec Perspective: Keith Rhodes 86
The Professional Investigator's Perspective: Ed Stroz 91
The DoD Cyber Sleuth's Perspective: James Christy 98
The Security and Privacy Consultant's Perspective: Rebecca Herold 102
Part 2: The Strategy 108
Chapter 6: Elements of a Holistic Program 110
Introduction 111
False Memes Lead People the Wrong Way 111
From the Industrial Age to the Information Age 112
Chapter 7: Case Study: Cisco's Award-Winning Awareness Program 118
Introduction 119
What Is This Scenario? 121
The Message Is the Medium: Be a Security Champion 123
The Message 123
When Your Message Reaches the Employees They Become Your Messengers 126
Staying on Message 127
It Takes More Than Compelling Content and Hard Work 130
Lessons Learned 131
Chapter 8: Case Study: A Bold New Approach in Awareness and Education Meets an Ignoble Fate 134
Introduction 135
The Mission, the Medium, the Message 135
Meaningful Content and Persuasive Delivery 135
Investment and Empowerment 137
Three-Phase Approach 137
Phase I: Engage Everyone Economically and Effectively 138
Phase II: A Rising Tide Lifts All the Boats 140
Phase III: Deliver Vital Intelligence and Early Warning to the Executive 141
Don't Be Surprised If... 142
Chapter 9: Case Study: The Mysterious Social Engineering Attacks on Entity Y 148
Introduction 149
Fundamentals of Social Engineering Attacks 150
The Mysterious Social Engineering Attacks on Entity Y 154
Guidance for the Workforce 156
How to Recognize Elicitation 156
How to Handle the Caller 157
How to Report the Incident 157
General User-Oriented Guidance on How to Detect and Defeat Social Engineering 158
Chapter 10: Personnel Security 160
Introduction 161
Coming and Going: Guidelines for Background Checks and Termination Procedures 164
Two Important Caveats 175
And Everywhere in between: Guidelines for Travel Security and Executive Protection Programs 175
Chapter 11: Physical Security: The "Duh" Factor 182
Introduction 183
Chapter 12: Information Security 208
Introduction 209
Chapter 13: The Intelligent Approach 248
Introduction 249
The Intelligence Function As an Internal Early Warning System 251
What Happens to a Million Grains of Sand in a Perfect Storm? 253
The Partnership Issue Is a Daunting Force-Multiplier, Double-Edged Sword 255
Chapter 14: Protecting Intellectual Property in a Crisis Situation 258
Introduction 259
Chapter 15: How to Sell Your Intellectual Property Protection Program 268
Introduction 269
Questions to Ask and People to Approach 271
What Is Your Business Differentiation from Your Competitors? 272
Whom Do You Have to Protect These Differentiators From? 273
What Are the Probabilities in Terms of Likely Attackers, Targets, and Objectives? 275
If the Competition Obtained or Tampered with Your Intellectual Property, What Harm Would Be Done? 276
What Security Measures Would Be Cost-Effective and Business-Enabling? 276
Notes on Figure 15.1 278
Notes on Figure 15.2 278
Executives and Board Members 278
Research and Development 278
Manufacturing 279
Sales and Marketing 279
Human Resources 279
Operations 280
Risk Identification 280
Implications of IP loss 281
Notes on Figure 15.3 282
Implementation Plan 282
Potential Inhibitors 282
Identified Milestones 282
Notes on Figure 15.4 283
Notes on Figure 15.5 284
Executive Commitment 284
Business Value Statement 284
Notes 284
Chapter 16: Conclusion 286
Protect Your IP 287
Appendix A: Baseline Controls for Information Security Mapped to ISO 288
Appendix B: Leveraging Your Tax Dollar 310
Domestic 311
Department of Justice (DOJ) 311
Department of Homeland Security (DHS) 313
International 315
Department of Commerce (DOC) 315
Department of State (DOS) 315
Appendix C: Notes on Cyber Forensics 318
Digital Evidence: Volume 319
Digital Evidence: Searches/Legal 320
Digital Evidence: Cell Phones 321
Digital Evidence: Accreditation 322
Definitions 323
Digital Evidence: Digital Forensics Intelligence 323
Appendix D: U.S. International Trade Commission Section 337 Process 326
Appendix E: U.S. Trade Representative's 2007 Special 301 Watch List 360
Appendix F: U.S. Department of Justice Checklist for Reporting a Theft of Trade Secrets Offense 364
Index 370
The Tale of the Targeted Trojan
Introduction
The Greeks delivered a gift of a wooden horse to the people of Troy. The citizens of Troy accepted the gift, the city fell shortly thereafter, and the term “Trojan Horse” entered the popular lexicon.
The maturation of the information age has brought to us a plethora of network-based systems, a multitude of connectivity and information sharing methodologies, and a level of interconnectivity at the enterprise and individual level never experienced before. It is also likely to continue increasing in both scope and complexity (see Figure 1.1).
Without security programs installed and security features turned on, these systems and methodologies are clearly vulnerable. But the sad reality is that even when protected by such security programs, with their various security features activated, these systems continue to be vulnerable to carefully crafted low-profile attack software that will be undetectable by a multitude of defensive products, in part because the majority of these products are designed as signature-based rather than event-based.
For such products to be effective in maintaining the security of your system, three events must occur:
■ The signature of the attack profile must match a known signature profile.
■ The attack profile must have been seen before by the software manufacturer.
■ The user must update the software to bring the signature of the attack profile to their system.
The Haephrati Case
This tale of the targeted Trojan—a.k.a., the Haephrati case—was active from 2003 to 2005 and came to the public light in January 2006.
At that time, we saw the extradition of Michael Haephrati along with his wife Ruth Brier-Haephrati from the UK to Israel, an event that under normal circumstances would not have garnered much attention had they not created, distributed, and utilized some of the most interesting and successful pieces of software specifically designed to steal the intellectual property of the target. Upon arrival in Israel, the couple pled guilty to the charges brought against them and were convicted. This case has turned out to be one of the most expansive and interesting cases of industrial espionage in many years.
In late-May 2005, the two Haephratis were arrested by British authorities in London, at the request of Israeli authorities, for having conducted he “unauthorized modification of the contents of a computer.” Put more simply, they were charged with having created and placed a “Trojan” file on a computer, not their own, and having siphoned the contents from the computer. But this puts it too simply. What they really did was create their own cottage industry. They provided an “outsourced” technical capability that provided to the “business subscriber,” a monthly compendium of illicitly obtained correspondence, documents, economic data, and intellectual property from the computer systems of firms targeted by the Haephratis’ subscribers.
In essence, provisions of a sophisticated and highly effective outsourced industrial/economic espionage capability were made available to both individuals and enterprises. The Chief Superintendent of the Israel Police National Fraud Unit, Arie Edleman, describing the tool created by Michael Haephrati said, “It not only penetrated the computer and sent material to wherever you wanted, but it also enabled you to completely control it, to change or erase files, for example. It also enabled you to see what was being typed in real time.” He continued, “This is not common software that anti-virus software makers have had to fix.”
The When
■ Initiated circa May 2003
■ Discovered circa November 2004
■ Neutralized circa May 2005
■ Arrested in the UK and then extradited to Israel January 2006
■ Convicted and sentenced March 2006
The How
The Hook
■ Delivered via targeted personal e-mail.
■ Received an e-mail from an address that looked like one of a known entity, such as the e-mail address gur_r@zahav.net.il, which was read as e-mail address gur-r@zahav.net.il.
■ The bogus account was identified as being opened by a person who lived in London and charged the fees to their American Express card.
■ Delivered via targeted commercial e-mail.
■ Targets received an e-mail message offering a business opportunity.
■ Those that responded to info@targetdata.biz would receive the Trojan.
■ The domain targetdata.biz was registered to Haephrati.
■ Delivered via targeted compact disc.
■ Target received a compact disc offering a business opportunity.
■ Those who responded to info@targetdata.biz would receive the Trojan.
The Mechanism
■ While the exact code that Haephrati created and customized for each victim has not been released to the public, a review of relevant security bulletins provides a good indication of how the code functioned.
■ The Trojan included a key-logger, a store-and-forward capability, and would send documents and pictures to FTP servers (file storage servers) located in Israel, the U.S. and other locales. The investigation turned up dozens of servers located around the globe. The program allowed for Haephrati to remotely control the computer of the unsuspecting victim. In essence, Haephrati was running a well-managed store-and-forward service. They were not relying on botnets or other illicitly acquired infrastructures. They had a business to support and leased their infrastructure. According to the Israeli police, items stolen included marketing plans, employee pay slips, business plans, and details on new products, all of which were passed to rivals. The data included over 11,000 pages of data, which consisted of thousands of pages of “confidential” data (more than 11 gigabytes of material).
The Who
Michael Haephrati is the computer programmer who created the original Trojan program, allegedly planted on his in-laws computer so as to provide him the means to harass his former in-laws. According to the press, Ruth Brier-Haephrati saw the business opportunity in selling the capability. In Israel, a number of private investigative firms were identified as being positioned between the Haephratis, the clients, and the victims. Haephrati began creating one-off programs for targeted delivery, based on information acquired about the victim—in other words, they were provided the specific information necessary to craft the tool that would undermine the security apparatus and/or techniques employed by the victim. According to the Israeli police, the capability was also sold to firms outside Israel, none of which have, as of mid-2007, been publicly identified. Thus, it is expected that firms outside Israel have also fallen victim to this type of methodology and specific technology.
The Why
As noted earlier, the initial motive was revenge. Haephrati resented his former in-laws and set about to defame them by manipulating information obtained from their computer. The recipient of the Haephratis’ efforts had a simple motive: economic advantage over their competition.
The Cost
Haephrati charged each business customer the equivalent of US3500 to create the customized program and make the initial install on the victim’s computer, and another US900/month to maintain the infrastructure used to collect, forward, store, collate, and deliver the illicitly acquired information on a monthly basis. The cost to the recipients was the fee they paid to the intermediary who contracted Haephrati’s services. And what was the cost to the victims? Extreme. They lost their intellectual property, lost business opportunity, and lost the privacy of their employees’ personal data. They also lost go-to-market plans, as well as customer requirements, and they potentially lost the trust of their customers. Table 1.1 lists various items traded on underground servers.
Table 1.1
Advertised Prices of Items Traded on Underground Economy Servers
| Item | Advertised Price (US$) |
| U.S.-based credit card with card verification value | $1–$6 |
| UK-based credit card with card verification value | $2–$12 |
| An identity (including U.S. bank account, credit card, date of birth, and... |
| Erscheint lt. Verlag | 31.8.2011 |
|---|---|
| Sprache | englisch |
| Themenwelt | Sachbuch/Ratgeber |
| Informatik ► Netzwerke ► Sicherheit / Firewall | |
| Recht / Steuern ► EU / Internationales Recht | |
| Recht / Steuern ► Strafrecht ► Kriminologie | |
| Recht / Steuern ► Wirtschaftsrecht ► Urheberrecht | |
| Sozialwissenschaften | |
| Wirtschaft ► Betriebswirtschaft / Management ► Unternehmensführung / Management | |
| ISBN-10 | 0-08-055880-1 / 0080558801 |
| ISBN-13 | 978-0-08-055880-6 / 9780080558806 |
| Haben Sie eine Frage zum Produkt? |
PDF (Adobe DRM)Größe: 2,3 MB
Kopierschutz: Adobe-DRM
Adobe-DRM ist ein Kopierschutz, der das eBook vor Mißbrauch schützen soll. Dabei wird das eBook bereits beim Download auf Ihre persönliche Adobe-ID autorisiert. Lesen können Sie das eBook dann nur auf den Geräten, welche ebenfalls auf Ihre Adobe-ID registriert sind.
Details zum Adobe-DRM
Dateiformat: PDF (Portable Document Format)
Mit einem festen Seitenlayout eignet sich die PDF besonders für Fachbücher mit Spalten, Tabellen und Abbildungen. Eine PDF kann auf fast allen Geräten angezeigt werden, ist aber für kleine Displays (Smartphone, eReader) nur eingeschränkt geeignet.
Systemvoraussetzungen:
PC/Mac: Mit einem PC oder Mac können Sie dieses eBook lesen. Sie benötigen eine
eReader: Dieses eBook kann mit (fast) allen eBook-Readern gelesen werden. Mit dem amazon-Kindle ist es aber nicht kompatibel.
Smartphone/Tablet: Egal ob Apple oder Android, dieses eBook können Sie lesen. Sie benötigen eine
Geräteliste und zusätzliche Hinweise
Zusätzliches Feature: Online Lesen
Dieses eBook können Sie zusätzlich zum Download auch online im Webbrowser lesen.
Buying eBooks from abroad
For tax law reasons we can sell eBooks just within Germany and Switzerland. Regrettably we cannot fulfill eBook-orders from other countries.
EPUB (Adobe DRM)Größe: 12,9 MB
Kopierschutz: Adobe-DRM
Adobe-DRM ist ein Kopierschutz, der das eBook vor Mißbrauch schützen soll. Dabei wird das eBook bereits beim Download auf Ihre persönliche Adobe-ID autorisiert. Lesen können Sie das eBook dann nur auf den Geräten, welche ebenfalls auf Ihre Adobe-ID registriert sind.
Details zum Adobe-DRM
Dateiformat: EPUB (Electronic Publication)
EPUB ist ein offener Standard für eBooks und eignet sich besonders zur Darstellung von Belletristik und Sachbüchern. Der Fließtext wird dynamisch an die Display- und Schriftgröße angepasst. Auch für mobile Lesegeräte ist EPUB daher gut geeignet.
Systemvoraussetzungen:
PC/Mac: Mit einem PC oder Mac können Sie dieses eBook lesen. Sie benötigen eine
eReader: Dieses eBook kann mit (fast) allen eBook-Readern gelesen werden. Mit dem amazon-Kindle ist es aber nicht kompatibel.
Smartphone/Tablet: Egal ob Apple oder Android, dieses eBook können Sie lesen. Sie benötigen eine
Geräteliste und zusätzliche Hinweise
Zusätzliches Feature: Online Lesen
Dieses eBook können Sie zusätzlich zum Download auch online im Webbrowser lesen.
Buying eBooks from abroad
For tax law reasons we can sell eBooks just within Germany and Switzerland. Regrettably we cannot fulfill eBook-orders from other countries.
aus dem Bereich
