A year ago Phil Fodchuk was called by a Calgary-based energy company which had detected the theft of corporate data from its computer network. Digging into the company?s systems, he traced it to a powerful virus that had begun infecting computers on a specific date and time. He could tell that a USB drive had been plugged into a laptop and that a PDF had been printed. ?That was ground zero of the infection that went to a couple of computers, then went dormant for four months, then activated and went to 14 more computers,? says Fodchuk, a computer forensics expert who spent more than a decade in computer crime divisions, first with the Calgary Police Service and then with the RCMP, before founding Urgentis Digital Crisis Solutions. ?So what happened at that date and time with that USB drive??
He had company executives comb their memories and their calendars. Before long, Fodchuk pieced the story together. There had been a meeting with a team of executives from a foreign company. During the meeting, one of the visitors said he had forgotten to print his PowerPoint presentation. He asked for a coffee break so he could get it printed from his thumb drive. One of the hosts plugged it into a company laptop and printed the presentation.
From there ? taking advantage of simple hospitality ? the virus dug deep into the company?s systems and a whack of data was stolen. ?We think it?s happening elsewhere, not here,? Fodchuk says of corporate espionage. ?But it?s happening here.?
Cyber-based economic espionage has become increasingly sophisticated, grown in frequency and scale and become a concern for governments, IT professionals and security services. Antiterrorist experts in the U.S. have added hacking and illicit use of the Internet to their list of weapons of mass destruction. The director of the FBI, Robert Mueller, has said threats from cyber-espionage will surpass terrorism as the number one threat facing the U.S. But those threats have not, by and large, been given the attention they deserve from industries and individual companies.
?Organizations are very reactive to attacks,? says Salim Hasham, a technology security consultant with PricewaterhouseCoopers. ?They?re not being proactive about this.? He says most organizations are still not prepared for the hyper-connected world in which we live. ?At no time in history have we been this connected and this interdependent,? he says. ?Not understanding the new threats puts organizations behind the curve in terms of protecting information.? Those new horizons are created by bits of code, the most malicious being labelled as ?advanced persistent threats,? or APTs. They?re custom code written for a specific purpose. They won?t be picked up by traditional antivirus tools or stopped by firewalls, and once in your system they can transmute and spread at will. ?In one recent case, an email was sent to employees that looked like it came from senior management,? Hasham says. ?When an employee clicked on a link, it dropped a piece of code, which opened a back door and the attacker was able to install five or six kinds of malicious code. If [the target company] discovers one, it sends a signal to activate another.?
Many Albertan companies are of particular interest to attackers because of the strategic importance of energy. Hasham says he has seen a rise in corporate espionage against energy companies in both Canada and the U.S., but you wouldn?t know it from their behaviour. ?I would say two things about [the oil industry],? he says. ?Companies in it tend to be even further behind the curve than those in most other industries with regards to the need for security, and there is a movement from hacking and controlling software to doing the same with hardware. The technology now exists to take over control of physical infrastructure ? pumps, valves, pipes and centrifuges.? The endgame for the attacker in these cases is either criminal blackmail or, more ominously, the attacker may be a foreign state testing its abilities to disrupt critical infrastructure.
It?s not that evidence of malice can?t be found. Hasham says the one common denominator in all cyber-attacks is that digital traces of the intrusion were present long before the target organization became aware of it. ?In general, organizations are breached somewhere between one and three years before anyone finds out,? Hasham says. A year ago, for example, it came to light that Nortel?s computer system had been breached for 10 years before anyone found out.
The Canadian Security Intelligence Service lists ?information security threats? as one of its priority areas and, most often, it or one of its foreign counterparts first alerts a company to a problem. Agents discover a company?s list of suppliers or other confidential information in some faraway place and let the company know. That?s when Fodchuk is called. ?We?ve commonly come in after that notification,? Fodchuk says, ?when the company is in a bit of a panic.?
Both Fodchuk and Hasham say there tends to be an uptick in espionage activity in the period leading up to a merger or acquisition. ?The acquiring company will want to know the real flow-through rates of [the target company?s] pipelines, and how many of their wellheads are active,? Fodchuk says. He points out that espionage is nothing new in the oil patch. It?s just that the techniques have progressed. ?Years ago a private eye would drive on a road near a wellhead and watch with binoculars to see how many times it went up and down, or they had listening equipment to try and hear the flow of gas.? The methods have migrated to the digital world, where the wellhead is connected to a computer feeding data to the company. ?Why drive out in the middle of nowhere if I can sit here and hack in??
Fodchuk is quick to point out that data theft is not always done through advanced intrusions by state actors and business competitors. Those attacks might get the notoriety, but Fodchuk says 80 per cent of the calls he receives have to do with in-house data theft. ?Your number one threat is still internal. It?s your disgruntled employees,? he says. ?Maybe they?re upset about not getting a bonus or a promotion. They steal either to sell or to set up their own boutique. A lot of times they?re setting up or joining a competitive company.? It could be as simple as an employee sending a bunch of emails to his or her personal account, or plugging a thumb drive into the company computer and running a backup process to save files to the device. In some cases a member of an activist group will infiltrate a company with the sole purpose of harvesting information.
The portion of incidents that are state-sponsored may be smaller, but it?s growing more quickly and is more sophisticated. Of the 20 per cent of calls relating to intrusions by competitors or foreign governments, ?almost all of them are valid concerns,? Fodchuk says. ?Something is being stolen. There is data leaving your company and going across the world.?
It?s difficult to determine the cost of cyber-crime to individual companies and to the broader economy because of a lack of reliable data, but the general consensus is that it is on the rise. One study done by Hewlett-Packard (which, as a vendor of antivirus software, has a specific agenda) suggests that, in the U.S., ?The occurrence of cyber-attacks has more than doubled over a three-year period, while the financial impact has increased by nearly 40 per cent.?
Hasham says the challenges of dealing with cyber-crime begin at the top, where senior managers have little understanding of the information owned by their organization. ?In most cases, senior management assume this is being taken care of by the IT folks,? he says. ?They don?t understand the data they have, its applicability or its criticality to the business, and that means they?re not setting the tone from the top in terms of methods of protecting it.?
Beyond leadership, Hasham says the solution lies in co-operation between intelligence agencies, government and industry. So far, that co-operation has been much more evident in the U.S. and the U.K. than it has in Canada. And within Canada, certain industries have been more active than others. ?Within the financial services industry in Canada, you get the regular meeting of chief security officers and risk officers to talk about their experiences,? he says. Alberta?s most important industry, however, hasn?t met the challenge. ?Within energy, you really don?t see the co-operation,? Hasham says.
Source: http://albertaventure.com/2013/03/cyber-combat/
21 jump street illinois primary results acapulco mexico hines ward robert deniro mexico news the talented mr ripley
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.