news / tech talk

Cyber-Espionage

by Lee LeClair
12/18/2009
As seen in Inside Tucson Business

Cyber-Espionage.  It sounds like something from a Bond movie, doesn't it? It seems like a threat the Defense Department needs to consider but hardly anything that a business owner has to worry about. Yet that may not be true. First let's define the term: cyber-espionage is the practice of obtaining information not intended for the public about or from a company through network or computerized means, often illegally. Ultimately, the goal is to get sensitive information about or from a company through computers and networks.

The information gathered might be direct, like customer details, business strategies, trade secrets, financial information, credit card numbers, etc. or indirect like which computer systems are critical to online sales transactions during Black Friday. The objective could vary from stealing information or harming reputation to business disruption or extortion.

One would typically ask “how likely is this to actually affect my business”? Keep in mind that the virtual world is completely detached from the physical world and a malicious probing program running from asia or eastern Europe is indiscriminate about whether it finds a target in New York or Tucson. These kinds of programs operate automatically and 24x7x365. “Wide net” trolling provides output which is then refined for obtaining credit card information, personal identification information, bank account information, proprietary business information, providing a platform for deeper attack, spam, phishing, or at the very least assimilation into a botnet.

I set up a packet capture system on the outside of my home firewall and was not surprised to find that probes and attacks occur almost constantly. There is no question of “if” your business is being probed and tested constantly, it is. The question is how focused are your attackers on your systems and do you have vulnerable exposures. Home thieves drive through neighborhoods performing high level checks of which houses are likely candidates (poor lighting, no dogs, cheap locks, unlocked fence gates, etc.). They return and check more vulnerable houses more thoroughly for actual breakin. The same applies for businesses, especially small ones.

What can a business owner do to deter or combat this? Well the primary actions are defensive as the probes themselves are extremely difficult to do anything about; the systems performing them are often outside the US and even the ones inside are difficult to track down across state lines and through Internet Service Providers. Beside, cyber-laws and enforcement are barely existent.

First, ensure you have a good firewall with an intelligent administrator that understands exactly what type of traffic goes into and out of your network. Second, ensure that the only systems that are visible to the Internet are limited to necessary systems that are carefully configured to safely perform a limited function. In addition, ensure that visible systems reside in a Demilitarized Zone (DMZ) that does not have internal network access so that if a visible system is compromised, it cannot be used as a platform for deeper attack. Finally, ensure your administrators update visible systems with security patches quickly after they are released; it is critical these systems be kept up-to-date. It is also advisable to periodically perform external checks of your own to ensure that nothing has changed or become vulnerable.

Intrusion detection systems are good tools but provide little benefit on the outside of your network simply because probes are always happening. They are more efficient on the inside of your network, just in front of your main servers as there should be no attacks occurring at that point in your network. And of course tools like these are of no use if a human being isn't monitoring them and on the lookout for suspicious behavior. It's a tough cyberworld out there; one where distance doesn't matter and law enforcement is difficult. Be vigilant and be careful.

Lee Le Clair is the CTO at Ephibian. His Tech Talk column appears the third week of each month in Inside Tucson Business