Industry Today: The World of Manufacturing

Login/
Site Registration
Printer Friendly Page
 Date:10/30/2009

 

News & Views
Attack of the Employees
The world of industrial espionage calls for a new form of sleuthing to uncover computer hackers, unscrupulous employees and disgruntled job seekers.

Armed with a laptop, a car and a significant grudge, the so-called “Wi-Fi Spoofer” managed to terrorize the C-suites of a U.S. business and evade federal investigators for more than two years.

By exploiting a weakness in the company’s computer network, the elusive hacker was able to make it appear that company executives were sending embarrassing and inappropriate e-mail messages to clients. Annoyed clients grew tired of the company’s inability to put a stop to the messages and took their business elsewhere. With damages mounting rapidly, the company’s hard-earned reputation was on the line.

Welcome to the new world of industrial espionage, where the business world’s increasing reliance on electronic networks has created a scenario that exposes countless companies to such an attack. Invariably, it’s the kind of threat that few companies appreciate until it happens to them. Such electronic attacks and network intrusions have become the weapon of choice in industrial espionage, whether the perpetrator is a disgruntled employee or spurned job-seeker, a rival seeking to steal trade secrets for a competitive edge, an insider selling proprietary information or a hacker on the other side of the globe bent on extortion.

Take a look at some examples:

The International Hacker

A global Internet services company’s network called Stroz Friedberg after discovering a curious abnormality in a spell-check file on a webmail server. An in-depth forensic analysis and computer security threat assessment discovered a highly sophisticated computer intrusion through a back door to the network linked to a well-known Asian hacker. Forensic investigators found hacker tools stashed on the server, including password-cracking and anti-forensics applications. All of these tools were eradicated and the backdoor closed.

Rivals Stealing the Deal

A company was alarmed when it lost an important government contract to an out-of-nowhere startup that was staffed entirely by employees who had recently left the company. Based on forensic examinations of the former employees’ computers, Stroz Friedberg investigators established that the former employees had accessed and copied proprietary information shortly before leaving the company. The probe further revealed that the suspects had used this information to create the winning bid, allowing the company to win back its important contract.

The Bad Employee

When a large construction company noticed a $3 million discrepancy in its balance sheet, Stroz Friedberg investigators uncovered a complex scheme in which an employee was altering vendor checks, inflating monthly expenses to clients and creating false invoices for a fictitious company. Investigators also found that this employee had been arrested previously for a similar scheme. The employee subsequently pled guilty to multiple charges of forgery and grand larceny.

Selling stolen property to competitors

When a major U.S. wholesaler noticed the loss of $2 million in inventory, Stroz Friedberg investigators linked the losses to a trusted supervisor and his brother. The pair had not only stolen the products but was also reselling the goods to rival competitors. Investigators also discovered a second scheme in which the supervisor exploited weaknesses in the company’s inventory controls and submitted $600,000 in fictitious invoices.

Any business vulnerable
There are a range of motives behind network intrusions and industrial and economic espionage. Certain industries like energy and the pharmaceutical sectors are targeted for external attacks aimed at stealing valuable research-and-development data stored on networks. But they’re hardly alone in this vulnerability, and any business that uses computer networks to store such proprietary information is potentially vulnerable. It may sound like something out of a cloak-and-dagger thriller, but some industries are so cutthroat that competitors hire computer-intrusion rings to gather information from rivals.

Meanwhile, freelance hackers target businesses for pure profit. A hacker might gain access to a company’s personal information, then send a snapshot of the stolen material and demand money in exchange for its return. Many times, it’s an insider employee who is stealing trade secrets and using them for personal gain.

While the motivations and techniques vary, an investigation often begins when businesses notice unusual network activity or just have a sense that something’s not quite right. Computer forensics investigators are often called in at that point to perform a network assessment, which can result in peace of mind that the network security is sound or in the shocking discovery of a significant security vulnerability.

In the case of the Wi-Fi Spoofer, the company turned to investigators at Stroz Friedberg after two frustrating years passed and the intrusions showed no signs of abating. The team of investigators analyzed the company’s computer network for access points that would allow unauthorized access to confidential and proprietary information. Searching for such security holes is a standard technique in digital forensics and an example of how it is always much easier and cost-effective to take steps to prevent security breaches than to try to respond after an intrusion has occurred. But the probe didn’t stop there.

Stroz Friedberg forensic investigators ruled out an internal suspect and began following the hacker’s electronic trail. The industrial saboteur was able to cover his electronic footprints by hijacking unprotected wireless access points – a technique known as “war driving” – literally cruising through neighborhoods with a notebook computer and wireless modem and tapping into unprotected Wi-Fi hotspots, moving on before his activities could be traced. Investigators also determined that he had sent spoofed e-mails from university computer labs using false or stolen student accounts.

Based on interviews with competitors and former employees, plus forensic computer analysis and the use of a clinical psychologist with expertise in developing profiles, the Stroz team identified a primary suspect as a disgruntled job applicant. This suspect was also traced to threatening e-mails that had been sent previously to a sister company.

The team began a carefully orchestrated dialogue with the suspect and confirmed that he was indeed the hacker responsible for the offensive e-mails. After a series of carefully calibrated exchanges designed to gauge his motivations, the suspect issued a multi-million dollar extortion demand and threatened to unleash a devastating computer attack. Armed with this information, the FBI executed a search warrant on his house and seized numerous firearms, explosives and chemicals, as well as a recipe for the production of a deadly toxin. He later pleaded guilty to statutory violations relating to online extortion and weapons of mass destruction.

A company may never face such a determined and sophisticated attacker, but every business should take basic steps to ensure that electronic networks are not unnecessarily vulnerable. Time and again, these cases prove that prevention is much more practical and effective than responding to a crisis after it occurs. The last decade has seen a transformation in the way businesses of all type store electronic information, keeping more records in electronic format, often with more personal information than ever before. The existence of this stored material is an enormous asset and powerful tool for the business world, but it exposes companies to risks that in many ways the business world still does not appreciate.

Erin Nealy Cox is a deputy general counsel and managing director at Stroz Friedberg LLC. A former assistant U.S. Attorney who also served as the office’s Computer Hacking and Intellectual Property Coordinator, Ms. Nealy Cox oversees the firm’s Dallas operations and works with clients in the areas of digital forensics, cybercrime investigations, data breach response, and electronic discovery processing. Go to www.strozfriedberg.com.