• Print
  • 05 02 2016 429716a-cig-clearchoice-banner-902x177
  • 2toner1-2
  • big-banner-ad_2-sean
  • 7035-overstock-banner-902x177
  • 4toner4
  • mse-big-new-banner-03-17-2016-416616a-tonernews-web-banner-mse-114
  • Video and Film
  • cartridgewebsite-com-big-banner-02-09-07-2016
  • mse-big-banner-new-03-17-2016-416716a-tonernews-web-banner-mse-212


 user 2009-09-09 at 10:34:58 am Views: 58
  • #22582
    Marla Suttenberg had a sinking feeling that a corporate spy was shadowing her.
    March 2008, the owner of Woodcliff Lake, N.J.-based Sapphire Marketing
    was preparing to give a longtime client a generous price cut on
    $134,000 worth of audio/videoconferencing equipment.But before her
    sales rep could extend the offer, her chief rival, David Goldenberg,
    then regional vice president of sales for AMX, a Dallas-based
    conferencing systems maker, sent the client an e-mail disparaging
    Sapphire and offering a steeper AMX discount.”I felt sick to my
    stomach,” Suttenberg recalls. To pull that off, someone had to have
    infiltrated Sapphire’s internal e-mail, she thought at the time.She was
    right. A few days later, Goldenberg, 48, of Oceanside, N.Y., was
    arrested. He subsequently pleaded guilty to felony wiretapping for
    tampering with Sapphire’s e-mail. He was sentenced last month to three
    months probation and ordered to undergo counseling. “There was nothing
    sophisticated about me getting into their e-mail,” he said in an
    interview. “Honestly, I had no idea that it was illegal.”

    espionage using very simple tactics — much of it carried out by trusted
    insiders, familiar business acquaintances, even janitors — is surging.
    That’s because businesses large and small are collecting and storing
    more data than ever before. What’s more, companies are blithely
    allowing broad access to this data via nifty Internet services and cool
    digital devices.”Having more sensitive information being seen by more
    people and accessed on more devices drives up risk significantly,” says
    Kurt Johnson, vice president at Courion, a supplier of identity
    management systems.The slumping economy doesn’t help. “Mass layoffs
    have increased internal threat levels dramatically,” says Grant Evans,
    CEO of ActivIdentity, which makes smart cards and security
    tokens.Employees worried about job security face rising temptations to
    seek out and hoard proprietary data that could help boost their job
    performance, or at least make them more marketable should they get laid
    off, says Adam Bosnian, vice president at Cyber-Ark Software, another
    identity management systems supplier.

    Of the 400 information
    technology pros who participated in a recent Cyber-Ark survey, 74% said
    they knew how to circumvent security to access sensitive data, and 35%
    admitted doing so without permission. Among the most commonly targeted
    items: customer databases, e-mail controls and CEO
    passwords.Cellphones, digital cameras and USB dongles come with vast
    memory — enough to store data that a few years ago might have required
    a stack of CDs, says Nick Newman, computer crimes specialist at the
    non-profit National White Collar Crime Center. Web services, such as
    Hotmail, Yahoo Mail and Gmail, and popular social networks, such as
    Facebook and Twitter, make terrific free tools for transferring and
    storing pilfered data anonymously.”If you create an environment where
    your employees can walk freely out the door with unencrypted,
    proprietary data, it’s only a matter of time before someone actually
    does it,” says Sam Masiello, vice president at messaging and browser
    security firm MX Logic.

    Lax passwords a danger

    exposure redoubles at companies that are lax about passwords. Last
    week, a hacker pilfered sensitive Twitter business documents and
    released them publicly. Twitter co-founder Biz Stone said in a
    statement that the hacker got in by figuring out the log-on of a
    Twitter employee who used the same non-unique password for several
    online accounts.”The unauthorized extraction of information is epidemic
    and essentially unstoppable,” says Phil Lieberman, CEO of Lieberman
    Software, which makes password security systems.

    caper illustrates just how easy it can be. In an interview, he said it
    all began in September 2007 when one of the sales reps who reported to
    him at AMX jumped ship to rival Sapphire, the sales arm of Crestron
    Electronics, a Rockleigh, N.J.-based maker of conferencing systems.
    Goldenberg says he inspected the company laptop turned in by the
    departing rep and found an e-mail from Sapphire welcoming the new
    recruit.The message, he says, included the Web address to Sapphire’s
    e-mail server and the recruit’s new e-mail address and password.
    Goldenberg says he logged on as the recruit and quickly figured out the
    log-ons of three other employees. Like the recruit, they used their
    first name as part of their e-mail address — and as their password.”He
    didn’t go searching for this,” says Dean Schneider, Goldenberg’s
    attorney. “It basically hit him in the face.”

    For each e-mail
    account, Goldenberg activated a feature to forward copies of all
    incoming messages to a fresh Gmail account he created. He then spent
    long hours and days on end poring over Sapphire e-mail, says Bergen
    County prosecutor Brian Lynch. “It was voyeuristic,” says Lynch.
    “That’s why we recommended counseling.”Court records show Goldenberg
    may have initially gained access to Sapphire’s e-mail months earlier
    than he claims.”Admittedly some of our people’s passwords probably were
    not as strong as they should have been,” Suttenberg says. “But just
    because you have a cheap lock doesn’t mean it’s legal to pick the
    lock.”The customer whom Goldenberg tried to steal contacted Sapphire to
    inquire how Goldenberg knew specifics about Sapphire’s discount before
    he did. Suttenberg talked the customer into sticking with Sapphire.”He
    was too blatant,” she says of Goldenberg.

    A new system
    has since scrapped the bare-bones e-mail service supplied by her local
    Internet service provider, which cost her a few hundred dollars a
    month. She now pays thousands of dollars a month for an in-house
    Microsoft Exchange e-mail server brimming with security features. She
    also instructed her 10 employees to change their e-mail account
    passwords frequently and to avoid passwords “that your co-workers and
    contacts can figure out.”

    While Suttenberg has buttoned up
    Sapphire, millions of small-business owners — and plenty of big
    corporations — continue to make it easy for larcenous insiders. With
    the exception of highly regulated banking and health care companies,
    most businesses are just beginning to discuss how to repel insider
    intrusions, security experts say.The basics include taking stock of how
    sensitive information is conveyed, collected and stored — and strictly
    controlling who has access to it. “We’re seeing 70% to 80% of breaches
    originating from the inside,” says Vladimir Chernavsky, president of
    DeviceLock, which makes systems that restrict data transfers.
    “Companies need to enforce security policies and make sure employees
    know there are severe consequences to a breach.”

    Spy toys
    then there are the janitors and groundskeepers to worry about, says
    J.D. LeaSure, a Virginia Beach counter-surveillance specialist. LeaSure
    makes his living conducting “sweeps” that ferret out miniature
    listening bugs and video cameras hidden in executive suites, conference
    rooms and other settings.Insider intruders, he says, have come to see
    value in making audio and video recordings of certain closed-door
    discussions. They need only do a Web search on the phrase “spy bug,”
    and a trove of eavesdropping and peeping-Tom gadgetry that would
    impress James Bond turns up. LeaSure calls them “spy-shop toys.”One of
    the latest: an ordinary-looking USB cable. You plug one end into a
    printer or other peripheral device and the other end into the
    computer’s USB port. Nothing looks amiss, and the cable operates
    normally. But it also houses a sensitive microphone and antenna that
    continually transmits a UHF audio signal to a receiver that can be up
    to 160 feet away. “You can hear every whisper within the confines of
    the room,”‘ says LeaSure.There are dime-size “contact bugs,”
    which anyone could stick to the outside of a conference room window and
    matchbox-size “SIM bugs,” or listen-only cellphones that don’t ring or
    light up, that can be activated by a phone call an hour, a week or a
    month later.

    Another readily available gadget looks like a
    luminescent jawbreaker. It is really a motion-activated video camera
    and digital video recorder capable of capturing 33 hours of activity.
    All one needs to do is perch it where it won’t be noticed on a Monday
    and retrieve it on a Friday.LeaSure recently did a security sweep of
    the CEO’s office at a publicly traded corporation in the Southeast,
    which he declined to name because of client confidentiality. There, he
    found an innocuous-looking ballpoint pen in a cup with a handful of
    other pens and pencils. The pen wrote beautifully. It also contained a
    voice-activated audio recorder with 2 gigabytes of memory.LeaSure
    set up a hidden surveillance camera and caught the janitor swapping out
    a fresh pen recorder every third day. The janitor was fired, with no
    other repercussions, after disclosing the identity of the insider who
    put her up to it.That person stopped spying after being threatened with
    legal action, says LeaSure, but nothing else was done. “The principal
    did not want the stockholders or press getting a hold of the fact that
    company secrets were leaked because of what that would do to the
    company’s stock price,” he says.