Feeds

Israel unmasks spyware ring

Corporate espionage

  • alert
  • submit to reddit

SANS - Survey on application security programs

Just connect your PC to the Internet. That's all it takes, for your worst nightmares to come true - and the Israeli Spyware scandal which broke last week illustrates, better than any amount of preaching, that the real security risk has nothing to do with open access WiFi.

The story, too juicy to be ignored by the IT media, tells of villains who uploaded a virus to the computers of their commercial rivals. Who are these villains?

What they are not, is spotty-faced hackers with a copy of NetStumbler, sitting the the car park trying to find a rogue access point on the corporate LAN. Here's the list of suspects: "Top executives of Israel's leading companies including Cellcom, Yes, Pelephone, Meir Motors, Tami-4, Ace Hardware, Volvo Israel and Amdocs" - they have either been arrested or have been placed under suspicion in the last few days for corporate espionage.

This list also includes several private detective companies run and operated by former IDF officers, reports Joel Leyden - summarising: "If your computer starts to work slowly and you hear your hard drive grinding and working like mad but you see nothing happening on your monitor - you may most likely have an Israel, Syrian, Saudi, Japanese, Chinese or US "shark" spying on your hard drive. It could be the FBI, your mother or the store next door."

There is a risk of being hacked by drive-by wireless geeks. There is also a risk of being struck by lightning. If you cross the road looking up at the sky for thunder-clouds, your chances of being run over approach certainty; the moral therefore is: don't waste money on wireless security consultants until you know you're at least as secure as possible against these spyware exploits.

But there is also a half-full glass: When both junior and senior managers in an organization know of the risk, they will be extra careful not to do anything illegal. It is worth noting the types of organizations in which the Trojan horses were found. None of them is an organization that has real secrets; none of them is a high-tech company from which patents, codes, chemical formulas, software or sophisticated algorithms were stolen. They are all commercial companies and 90 percent of their "secrets" become public knowledge within days, weeks or months in any event. If such companies were to invest less energy in "secrets" and "surprises" that their competitors were preparing, perhaps they would have more time to take better note of what their customers and employees want.

© NewsWireless.Net

Related stories

Deleting spyware: a criminal act?
House passes anti-spyware bills
Spyware wars
MS punts all-in-one security and backup service
Yahoo! has minimal spyware, adware revs streams
Spyware scumbags make $2bn a year

High performance access to file storage

More from The Register

next story
Obama allows NSA to exploit 0-days: report
If the spooks say they need it, they get it
Putin tells Snowden: Russia conducts no US-style mass surveillance
Gov't is too broke for that, Russian prez says
Snowden-inspired crypto-email service Lavaboom launches
German service pays tribute to Lavabit
Mounties always get their man: Heartbleed 'hacker', 19, CUFFED
Canadian teen accused of raiding tax computers using OpenSSL bug
One year on: diplomatic fail as Chinese APT gangs get back to work
Mandiant says past 12 months shows Beijing won't call off its hackers
Heartbleed exploit, inoculation, both released
File under 'this is going to hurt you more than it hurts me'
Arts and crafts store Michaels says 3 million credit cards exposed in breach
Meanwhile, Target investigators prepare for long process in nabbing hackers
prev story

Whitepapers

SANS - Survey on application security programs
In this whitepaper learn about the state of application security programs and practices of 488 surveyed respondents, and discover how mature and effective these programs are.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Top three mobile application threats
Learn about three of the top mobile application security threats facing businesses today and recommendations on how to mitigate the risk.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.