Tag Archives: IP theft

Security News for the Week Ending May 15, 2020

Pitney Bowes Hit By Ransomware for 2nd Time in 7 Months

Pitney Bowes has verified that it has been hit by a ransomware attack for the second time in 7 months. This time it is the maze ransomware, which steals data before encrypting your systems. Sometimes ransomware hackers leave their hooks in a victim’s system so they can come back later and cause more pain. Again I ask – are you ready? Credit: Computer Weekly

U.S. To Accuse China of Trying To Steal Vaccine Data

The U.S. says – no surprise – that other countries such as China, Vietnam and even South Korea are trying to steal vaccine research, treatments and testing. Other than warning businesses that other countries are trying to steal our stuff, it is not clear what the government can or plans to do. Credit: MSN

Security May Be Victim to Business Downturn

If fairness, all costs have to be justified during a business downturn and security costs are one of those costs.

As companies layoff employees and downsize, security teams are at risk because they don’t tie directly to revenue.

But all you need to do is as a company that had even a small breach and spent, say, $1 million on it, whether saving the salary of that dedicated security team member made sense in hindsight.

The bad news is that the hackers understand this and they will watch for companies that are not paying attention.

Of course, that does not mean that every company is spending every security dollar wisely. Probably not. Credit: WSJ

Ransomware is Getting to be Like Commercial Software with Feature Releases

Something tells me that this is not a good thing, but ransomware software is big business. As a result developers are enhancing their software with new releases. The Sodinokibi (REvil) software has added a new feature that allows it to encrypt files, even if they are open and locked by another process. The ransomware kills the process or processes that are locking the file and then encrypt it, after stealing a copy first. Adding features seems to work for companies like Google and Microsoft…. Credit: Bleeping Computer

FBI Reportedly Asks Apple for Contents of Senator Burr’s iPhone

Senator Burr, is being investigated for selling stocks after he was briefed on the Coronavirus as the chairman of the Senate Intelligence Committee. The FBI asked for his phone, which his attorney gave them. Apparently the FBI was able to get a warrant after they asked Apple for the contents of Burr’s iCloud account. Apple seems to be willing to give the cops your iCloud data, which they can decrypt, if the cops remember to ask in time. It has been reported that in late January and early February, Burr and his wife sold between $600,000 and $1.7 million worth of stock. The market started it’s nosedive around February 20th. Credit: CNet

Facebooktwitterredditlinkedinmailby feather

Security News for the Week Ending April 3, 2020

DoD Concerned Covid Will Cause US IP Loss

In an interesting analysis, Ellen Lord, DoD’s top acquisition official, is concerned that foreign interests (including unfriendly foreign interests) will buy or invest in small U.S. defense subs and steal our tech.  In theory CFIUS and FRRMA should make that harder as the government has the right to nix buyouts if they think they will hurt us, but first they have to know about it.  With Covid potentially impacting the stability of these small companies, the government has its work cut out for it.  Source: Defense Systems

Violating a Web Site’s Terms of Service: Hacking or Not?

The Computer Fraud and Abuse Act (CFAA) was written long before the Internet, but leave it to aggressive prosecutors and companies to use it in a way that was never intended.  But the various federal courts can’t seem to figure out how to interpret it.  The DC federal court has just ruled that using a web site with a legally obtained user account in a way that may violate the web site owner’s terms of service is not hacking and cannot be prosecuted under the CFAA.  Since about half of the federal courts have ruled in each direction on this issue, it is likely to make it up to the Supremes.  This is important both for web site operators and security researchers. Source: Ars Technica

Zoom Does Not Support End to End Encryption, Despite Claims that it Does

In some of Zoom’s documentation, as well as in the client, Zoom says that it supports end to end encryption, but in fact, it does not, at least when video is involved.  I am sure now that it has come out that they lied on their web site, they will likely get sued.  If you think about it, given that they have the ability to record your call, there is no way that it can be end to end encrypted.  The video is encrypted between their data center and you, which is probably good enough for 99% of the planet.  This also means that the fuzz can listen into your call.  Moral of the story, if you are doing something illegal. Or classified.  Don’t discuss it on a public video conference (or audio) service.  There are ways to really do end to end encryption and I have set them up before, but they are neither cheap nor simple.  Source: The Intercept

DoJ Inspector General Says FISA Court Requests Are Suspect

The Department of Justice’s Inspector General says that the FBI has not followed the rules when applying for secret FISA warrants over the last five years.  Given that the whole process is secret, it is not surprising that it is flawed.  Any time the government operates outside the light of day, the opportunity for abuse is there and now, the DoJ IG is questioning 700 warrant requests made over the last 5 years.  The court is basically a rubber stamp since there is no “other side” to any request.  This came to light when Carter Page, a Trump campaign advisor, was the subject of a FISA court wiretap.  This is also at the core of the fight between the House and Senate over the renewal of certain parts of FISA that expired last month.  Source: The Register

California AG Revises CCPA Regulations Again

As the deadline set by the legislature for the enforcement of CCPA lurches closer (July 1), the AG has revised the proposed regulations again.  Among the changes are a re-expansion of the definition of personal information, privacy notice guidance, instructions on responding to data subject requests, clarification/restriction of service provider use of information and a minor clarification of the definition of financial incentives.   See the assessment from law firm ReedSmith here and a copy of the again revised regs here.

Facebooktwitterredditlinkedinmailby feather

Security News for the Week Ending November 1, 2019

Johannesburg, South Africa Attacker Threatens Data Breach

In what I think is going to be the way of the future, hackers compromised Joburg IT systems and threatened to publish data that they stole if the ransom is not paid.  As I write this, the deadline has just passed, they have not paid the ransom, the data is not yet exposed and they think they will have most of the systems back online soon.  While this project seems to be the work of inexperienced hackers (they did not encrypt all of the systems), this does not mean that more experienced hackers won’t try this technique and do a better job of it.  Source: The Register.

China Steals IP to Build C919 Airliner

I keep saying that the biggest threat to U.S. businesses is not credit card fraud but IP theft, such as by the Chinese.  In this case the Chinese wanted to build a passenger jet to compete with Boeing and Airbus.  The plane, in development for almost 10 years, was delayed because the Chinese didn’t actually know how to build it.  SOOOOOO, here comes TURBINE PANDA.  Stupidly, the developer of Turbine Panda came to the US for a security conference, where he was quickly arrested by the FBI.  Now China’s MSS (ministry of State Security) has banned Chinese researchers from attending conferences in the US.  In the meantime, Turbine Panda was  used to compromise US and European airplane parts suppliers so that China could get the tech that they needed to build the C919.  Source: CSO.

 

FCC Plans to Ban Huawei and ZTE Equipment, Force Replacement

The FCC is set to vote on rules banning using Federal Government subsidies to buy Huawei and ZTE equipment  because of their close ties to the Chinese government and another rule that would force telecoms to rip  out existing Chinese equipment.  The cost of replacing existing equipment has been estimated at several billion dollars and the FCC doesn’t have any way to pay for that.  In addition, if telecoms have to use more expensive 5G equipment from other providers, they will have to slow down the deployment of 5G services due to cost.  The options that telecoms have, if that proposal gets approved, is to significantly delay the rollout of the much overhyped 5G cell networks or raise prices.  This disproportionately will affect less densely populated parts of the county (like me, who lives 20 miles from downtown Denver – I cannot currently get any form of broadband Internet or any form of cell service where I live) because carriers will choose to install limited 5G service in highly dense areas where they will get more subscribers to pony up the additional fees for 5G cell plans and those 5G cell phones that often run $1,100 or more.  The U.S. is already pretty much a third world country when it comes to fast , affordable Internet and cell service and this will only reinforce it.  I have no problem banning Chinese firms, Congress just needs to figure out how to pay for this desire.  Source: ARS

 

Domain Registrars Web.com, Network Solutions and Register.Com Hacked

These three registrars – all owned by the same folks – were hacked in AUGUST but the company didn’t figure it out until mid OCTOBER.  The information taken is mild by today’s standards – names, addresses, phone numbers, etc. but no credit cards – they don’t don’t believe (that’s comforting).  Also not compromised were passwords.  If this is accurate, it seems like they segmented the data, which is a good security practice.  Still, if you use one of these services, I would change  my password and make sure that two factor authentication is enabled.  Source:  The Hacker News.

 

Rudy Guiliani Bricked His iPhone;  Asked Apple to Fix It

Reports just surfaced – and so far are not being disputed  – that the Prez’s cybersecurity advisor, personal lawyer and who knows what else, apparently forgot his iPhone password and after 10 tries, locked it up, so he took it to an Apple store in San Francisco and GAVE it to some random Apple tech to reset, and reload from iCloud.  Definitely a super secure situation.  Rudy said that everyone needs help from time to time and compared himself to the dead San Bernadino mass shooter whom the FBI needed help unlocking his iPhone.   I don’t think that would be someone that I would compare myself to.  Source: The Register.

Does Amazon Have a Security Prob?

One report says that an Amazon customer was seeing mysterious fraudulent charges on his account and even after working with Amazon multiple times and resetting everything, the charges kept coming.  After months, he found out that Amazon doesn’t have visibility to non-Amazon branded smart devices that are connected to your account (like a smart TV) and even if you reset your account, those devices can continue to connect and order stuff.  There is a department inside the company that has a special tool that they can use to detect these rogue devices.  If you are seeing mysterious charges that they can’t explain, this could be it.  Source: The Register.Facebooktwitterredditlinkedinmailby feather

Equifax Hack – The Prequel

While we all know about the Equifax breach last year that compromised the data of almost 150 million people and businesses, until today we did not know about the Equifax hack two years earlier.

In the earlier hack, former employees – actually Chinese spies – stole thousands of pages of documents including plans for new products, human resource files, manuals and other information.

Equifax went to the FBI and even the CIA, but did not publicly admit the problem.

That is because there is no law that requires them to disclose the theft of intellectual property although investors may disagree and sue them now that they know.

Equifax later found out that the Chinese had asked 8 companies to help them build a national credit reporting system.

I am sure that is just a coincidence.

So what do you as a business owner need to do?

The first thing is to understand that the theft of intellectual property dwarfs credit card theft and the best we can do is guess at the magnitude because most of it is not reported.

While hackers can break into your company, it is much easier for employees to walk the data out the front door.  That problem is so bad that defense contractors and financial firms are required by law to have insider threat programs.  Understand what a competitor inside the US or internationally might be interested in.  

Implement employee training programs to make sure that employees do not contribute to the problem.

While the insider attack is one part of the problem, the outsider problem is just as big a problem.  To protect against this, you need to implement a full cyber security program – hardening servers, patches, access controls, firewall rules, etc.  

This needs to be part of a formal, documented program.

The most important thing to understand is that it doesn’t always happen to “the other guy”.  Most attacks are attacks of opportunity and small and medium businesses are disproportionately affected – likely because they do not have the sophisticated IT controls and staff that big companies have.

You have two choices – 

Prepare now.

React when an event happens.

I can tell you from experience, preparation is way better.

Information for this post came from Slashdot.

 Facebooktwitterredditlinkedinmailby feather

Industrial Espionage – Much Worse Than Credit Card Breaches

General Keith Alexander, former director of the National Security Agency, said that cyber espionage is the greatest transfer of wealth in history.  In 2012 when he made that statement, the the value of cyber industrial espionage on an annual basis was $338 billion.  Per year.  5 years later I am sure that number is greater.

Of course industrial espionage is not new.  In the early 18th century John Lombe, a British silk spinner went to Italy to steal the technology of an Italian company.  At night, by candlelight, he sketched drawings of the Italian company’s machines that he had managed to get a job working for.  He returned to England with the stolen technology and built a better machine to compete with the Italians.  Industrial espionage is not new.

What is new is the ease with which this can be done.  With everything being connected, you can now steal secrets from half way around the world.  And with cyber security practices at many businesses being a bit lax (there are a few industries for which this is not the case, but they are the exception), it is pretty easy to do.  Even defense, which you think would be secure, is not.  Lockheed lost the technology for the F-35 and now the Chinese make a knockoff and sell it at a fraction of the price.

Unlike credit card or personal information theft which is required to be disclosed, for the most part, stolen intellectual property is kept quiet.  It is embarrassing and would likely make stockholders upset.  What they don’t know won’t hurt them.

As the manufacturing process becomes more computerized, it is a huge leak opportunity.  Traditional IT security solutions sometimes don’t work on the factory floor.  Crooks know that and attack at that weak spot. In the absence of controls, detection and good processes, the crime will go undetected.

Fast forward a couple of centuries.

6 men in Houston were arrested for stealing technology for creating marine foam.  China wanted to increase it’s marine business and this foam is used in building boats due to its special buoyancy.

The Chinese, like John Lombe above, spent years weaseling their way into the company in Houston that makes this.  The crooks sent the info back to China who then had the gall to try and sell it back to the company they stole it from saying they could make it for less.

In the process of stealing the information they kept coming back to the insiders in the U.S. to get more information when their efforts at cloning the process was not working.

Now, except for one guy who is in China, they are all under arrest.  BUT, the technology has already been stolen, so it is not clear how this company can get the genie back in the bottle.  Not clear at all.

Supposedly, this information that was stolen was only known to about a half dozen employees in this company – it was the company’s crown jewels and now the cat is out of the bag.

The company considered buying the stuff from the Chinese knockoff IF the Chinese would give them an exclusive.  SO, rather than go public and be outed, they proposed making a deal with the devil.

When the Chinese started offering this U.S. company’s technology to other companies in the U.S., the company called in the FBI.  That started an investigation and, eventually, the arrest of these 6 engineers. FOUR years later.

Unfortunately, this is one of, likely, thousands of incidents.  Stopping one will NOT stop the hackers.  They just consider that an acceptable loss or collateral damage to the bigger game.

And American companies continue to ignore the warning signs (because, in many cases, there are no warning signs because the companies who got hacked keep the attack quiet).

Think about what happens to your company if you lose control of your intellectual property, whatever that is.

Information for this post came from IIoT World and the Houston Chronicle.Facebooktwitterredditlinkedinmailby feather

Google Sues Uber Over Stolen Documents

Google and Uber are both working on self driving cars, for different reasons.  Google has had a strong lead in the game – until.

Google’s self driving car subsidiary called Waymo says it has spent millions of dollars perfecting the technology for self driving cars.

A former Google employee, Anthony Levandowski, started the self driving truck company called Otto.  Uber, sensing it was behind in the self driving game, bought Levandowski’s company and put him in charge of their effort to create self driving vehicles.

Only one problem.

Google claims that Levandowski “acquired” 14,000 documents from Google prior to leaving and starting what amounts to a competitor.

I’m guessing that Google looked at the Otto technology and figured it looked a little bit too familiar to them.

While this may seem like a game between giants – and it certainly is at one level – it is also a lesson for companies at all levels.

Every company has intellectual property.  Whether it is a customer list, software, business plans, or technical knowhow as is claimed by Google in its lawsuit against Uber, it is cheaper to steal it than to invent it.

While it is impossible to completely stop a person who is intent on stealing your IP, you can make it difficult.

We have one client who has disabled USB flash drives.  Another client who has removed DVD writers from PCs.  You can and likely should restrict access to data based on a need to know and you certainly should have legal agreements in place between the company and employees regarding ownership of information.  You should also be logging, auditing and alerting.

Information theft is not limited to big companies like Uber and Google –  it can affect even tiny companies.

And it even happens to security conscious organizations like the NSA (remember Booz, Allen NSA contractor Edward Snowden)?  Last year Another Booz – NSA contractor, Harold Martin, was arrested – accused of stealing 50 terabytes of information and storing it at his house.  It does not appear he was out to sell it to anyone, he just liked to horde data, although some of it may have been sold or hacked.

The real question is whether you have any information that might be valuable to a competitor.

And what you are doing to make it harder for them to get it.

 

Information for this post came from Wired.Facebooktwitterredditlinkedinmailby feather