plik

��Computer Hacking Computer Hacking Forensics Investigator Module XXVII Investigating Corporate Espionage pg Scenario Jim Damman, President of Exel Transportation Services thought that somebody was shoulder-surfing hi for months. Later h li d th t hi b d h ld fi him f th L t he realized that his office had been routinely broken into, and more than 150-million dollars worth of trade secrets were stolen without a visible trace. Damman said that a new start-up competitor in Plano named Total Transportation Services (TTS) used all of his programs and techniques to produce a product and also took away Exel s customers. A computer forensics investigation discovered a conspiracy in which disloyal insiders and former employees hacked into Exel s computer disloyal insiders and former employees hacked into Exel s computer network and stole trade secrets which they gave to TTS. Source: http://cbs11tv.com/seenon/local_story_270212100.html Copyright � by EC-Council All Rights reserved. Reproduction is strictly prohibited EC-Council Module Objective This module will familiarize you with the following: Corporate Espionage Motives Behind Spying Motives Behind Spying Information that Corporate Spies Seek Causes of Corporate Espionage Spying Techniques py g q Defense from Corporate Spying Tools T l Copyright � by EC-Council All Rights reserved. Reproduction is strictly prohibited EC-Council Module Flow I d i M i Behind S i Introduction Motives B hi d Spying T Responsible for Terms R ibl f Which Data to be Sought? Corporate Spying Defense from Spying Techniques Corporate Spying Tools Copyright � by EC-Council All Rights reserved. Reproduction is strictly prohibited EC-Council Case Study Source: http://www.keepmedia.com Copyright � by EC-Council All Rights reserved. Reproduction is strictly prohibited EC-Council Case Study Source: http://news.com.com/ Copyright � by EC-Council All Rights reserved. Reproduction is strictly prohibited EC-Council News Copyright � by EC-Council All Rights reserved. Reproduction is strictly prohibited EC-Council Introduction to Corporate Espionage Espionage is the use of illegal means to "Espionage is the use of illegal means to gather information Term Corporate espionage is used to dib i d t d for describe espionage conducted f commercial purposes on companies, governments, and to determine the activities of competitors ti iti f tit Copyright � by EC-Council All Rights reserved. Reproduction is strictly prohibited EC-Council Motives Behind Spying Motives behind spying include: " Money The main intention of spying is financial gain " Disgruntled Employee A spy is motivated largely by personal, non-ideological hostility towards the country or organization country or organization " Personal relations A spy may also be motivated by A spy may also be motivated by personal connections and relationships Copyright � by EC-Council All Rights reserved. Reproduction is strictly prohibited EC-Council Information that Corporate Spies Seek Information that corporate spies seek includes: " Marketing and new product plans " Source code " Corporate strategies " Corporate strategies " Target markets and prospect information " Usual business methods " Product designs, research, and costs " Alliance and contract arrangements: delivery, pricing, terms " Customer and supplier information " Staffing, operations, wage/salary " Credit records or credit union account information Credit records or credit union account information Copyright � by EC-Council All Rights reserved. Reproduction is strictly prohibited EC-Council Corporate Espionage: Insider/Outsider Threat Threat Adversaries can be classified into two basic categories " Insiders Insiders such as IT personnel, contractors, and other employees who are disgruntled and motivated by money engage in espionage activities " Outsiders Outsiders include hackers of other organizations Copyright � by EC-Council All Rights reserved. Reproduction is strictly prohibited EC-Council Techniques of Spying Spying techniques include: " Hacking It is an illegal technique of obtaining trade secrets and information " Social Engineering Social engineering is defined as a non-technical kind of intrusion that relies heavily on human interaction and often involves tricking other people to break normal security procedures. p Source: searchsecurity.techtarget.com Copyright � by EC-Council All Rights reserved. Reproduction is strictly prohibited EC-Council Techniques Of Spying (cont d) " Dumpster Diving Dumpster diving is looking for treasure in Dumpster diving is looking for treasure in someone else's trash. (A dumpster is a large trash container). In the world of information technology, dumpster diving is a technique used to retrieve information that could be used to retrieve information that could be used to carry out an attack on a computer network Source: http://searchsecurity.techtarget.com/ " Whacking It is wireless hacking " Phone Eavesdropping Eavesdropping using telephones d i i l h "Electronic eavesdropping is the use of an electronic transmitting or recording device to monitor conversations without the consent of the parties" Copyright � by EC-Council All Rights reserved. Reproduction is strictly prohibited EC-Council Defense Against Corporate Spying You can secure confidential data of a company from spies by following techniques: techniques: " Controlled Access Encrypt the most critical data Never store sensitive information of the business on a networked computer Store confidential data on a stand-alone computer with no Store confidential data on a stand alone computer with no connection to other computers or the telephone line Install anti-virus and password protect the secured system Regularly change the password of confidential files " Knowing Personnel Verify the background of new employees Verify the background of new employees Copyright � by EC-Council All Rights reserved. Reproduction is strictly prohibited EC-Council Defense Against Corporate Spying (cont d) (cont d) Basic security measures to protect against corporate spying: " Cross-shred all paper documents before trashing them " Secure all dumpsters and post NO TRESPASSING signs " Conduct security awareness training programs for all employees regularly " Place locks on computer cases to prevent hardware tampering " Lock the wire closets, server rooms, phone closets, and other sensitive equipment " Never leave a voice mail message or email broadcast message that gives an exact business itinerary Copyright � by EC-Council All Rights reserved. Reproduction is strictly prohibited EC-Council Netspionage "Netspionage" as described in the title is defined as network enabled espionage, and in our information systems world, it is an exciting way of & extending th ld ti f titi i t lli th i the old practice of competitive intelligence gathering. This new, computerized and information-dependent world is heavily dependent on the web, networks, and world is heavily dependent on the web, networks, and software technology. The information gatherers of this new age are exploiting [our] dependency on technology for personal, corporate and national gain. Source: http://www.pimall.com/nais/bk.netspionage.html Copyright � by EC-Council All Rights reserved. Reproduction is strictly prohibited EC-Council Investigating Corporate Espionage Cases Check the points of possible physical intrusion Check the CCTV records Check emails and attachments Check systems for backdoors and Trojans Check system, firewall, switches, and router s logs Screen the logs of network and employee monitoring tools if any Seek the help of law enforcement agencies if required Copyright � by EC-Council All Rights reserved. Reproduction is strictly prohibited EC-Council Employee Monitoring: Activity Monitor Activity Monitor allows you to track how, when, and what a network user did in any LAN The system consists of server and client parts Features: " Views remote desktops " Easy Internet usage monitoring E I t t it i " Monitors software usage " Records activity log for all workplaces on the local or shared network location. " Tracks any user s keystrokes on your screen in real time mode T k k t k i l ti d " Takes snapshots of the remote PC screen on a scheduled basis " Total control over the networked computers " Deploys Activity Monitor Agent (the client part of the software) remotely f h d i i ' PC ll i k from the administrator's PC to all computers in your network " Autodetection of all networked computers with Agent installed " Automatically downloads and exports log files from all computers on a scheduled basis " HTML, Excel, CSV support to export data and reports Copyright � by EC-Council All Rights reserved. Reproduction is strictly prohibited EC-Council Activity Monitor: Screenshot Copyright � by EC-Council All Rights reserved. Reproduction is strictly prohibited EC-Council Spy Tool: SpyBuddy SpyBuddy monitors the PC, and tracks every action It has the functionality to record all AOL/ICQ/MSN/AIM/Yahoo chat conversations, all websites visited, all windows opened and interacted with, and every ,p , y application executed Features: " Easy to secretly record websites, IRCs, IMs, Disk/File Change, and Passwords " Allows you to record your online activity, see what people Allows you to record your online activity see what people are doing on YOUR PC, and remotely monitor a machine via email Source: http://www.shareup.com/spyware/spybuddy.html Copyright � by EC-Council All Rights reserved. Reproduction is strictly prohibited EC-Council SpyBuddy: Screenshot Copyright � by EC-Council All Rights reserved. Reproduction is strictly prohibited EC-Council Case Study Source: http://www.thepeninsulaqatar.com Copyright � by EC-Council All Rights reserved. Reproduction is strictly prohibited EC-Council Case Study Source: http://news.com.com Copyright � by EC-Council All Rights reserved. Reproduction is strictly prohibited EC-Council Summary The term Corporate espionage is used to describe espionage conducted for commercial purposes on companies and governments, and to determine the activities of competitors Personal relations, disgruntled employees, and money are the main P l l ti di tl d l d th i motives behind corporate spying The major techniques used for Corporate Spying are Hacking Social The major techniques used for Corporate Spying are Hacking, Social Engineering, Dumpster Diving, and Phone Eavesdropping Netspionage is defined as network-enabled espionage in which pg pg knowledge and sensitive proprietary information are generated, processed, stored, transmitted, and obtained via networks and computer systems Copyright � by EC-Council All Rights reserved. Reproduction is strictly prohibited EC-Council Copyright � by EC-Council All Rights reserved. Reproduction is strictly prohibited EC-Council Copyright � by EC-Council All Rights reserved. Reproduction is strictly prohibited EC-Council

Wyszukiwarka

Podobne podstrony:
CHFI v3 Module 24 Investigating DoS Attacks
CHFI v3 Module 29 Investigating Sexual Harassment Incidents
CHFI v3 Module 33 Blackberry Forensics
module al constants
Psychologia 27 11 2012
function mcrypt module get algo key size
Nuestro Circulo 705 GIBRALTAR 2016 27 de febrero de 2016
Plakat WEGLINIEC Odjazdy wazny od 14 04 27 do 14 06 14
CISCO CCNA Certifications CCNA 2 Module 6
module zipfile
16 (27)
27 Wołyńska Dywizja Piechoty Armii Krajowej
26 27 10 arkusz AON I

więcej podobnych podstron