Israel unmasks spyware ring
PrintCorporate espionage
Posted in Software & Security, 31st May 2005 08:52 GMT
Free whitepaper – Managing desktop software for fun and profit
Just connect your PC to the Internet. That's all it takes, for your worst nightmares to come true - and the Israeli Spyware scandal which broke last week illustrates, better than any amount of preaching, that the real security risk has nothing to do with open access WiFi.
The story, too juicy to be ignored by the IT media, tells of villains who uploaded a virus to the computers of their commercial rivals. Who are these villains?
What they are not, is spotty-faced hackers with a copy of NetStumbler, sitting the the car park trying to find a rogue access point on the corporate LAN. Here's the list of suspects: "Top executives of Israel's leading companies including Cellcom, Yes, Pelephone, Meir Motors, Tami-4, Ace Hardware, Volvo Israel and Amdocs" - they have either been arrested or have been placed under suspicion in the last few days for corporate espionage.
This list also includes several private detective companies run and operated by former IDF officers, reports Joel Leyden - summarising: "If your computer starts to work slowly and you hear your hard drive grinding and working like mad but you see nothing happening on your monitor - you may most likely have an Israel, Syrian, Saudi, Japanese, Chinese or US "shark" spying on your hard drive. It could be the FBI, your mother or the store next door."
There is a risk of being hacked by drive-by wireless geeks. There is also a risk of being struck by lightning. If you cross the road looking up at the sky for thunder-clouds, your chances of being run over approach certainty; the moral therefore is: don't waste money on wireless security consultants until you know you're at least as secure as possible against these spyware exploits.
But there is also a half-full glass: When both junior and senior managers in an organization know of the risk, they will be extra careful not to do anything illegal. It is worth noting the types of organizations in which the Trojan horses were found. None of them is an organization that has real secrets; none of them is a high-tech company from which patents, codes, chemical formulas, software or sophisticated algorithms were stolen. They are all commercial companies and 90 percent of their "secrets" become public knowledge within days, weeks or months in any event. If such companies were to invest less energy in "secrets" and "surprises" that their competitors were preparing, perhaps they would have more time to take better note of what their customers and employees want.
Related stories
Deleting spyware: a criminal act?
House passes anti-spyware bills
Spyware wars
MS punts all-in-one security and backup service
Yahoo! has minimal spyware, adware revs streams
Spyware scumbags make $2bn a year
The Register Agile Data Center Summit
What Exchange can't do - and Dell can
New storage architectures make SSDs more cost-effective
Dell PowerEdge R710 solution with VMware ESX vs. Dell PowerEdge 2850 solution
Sign up, sign up for The Register IT security newsletter
Microsoft's Windows 7 price gamble - and why it's flawed
Managing Desktop Software for fun and profit
Intel's flash new SSDs hit by bugs