Describe the main similarities and differences between corporate espionage offen

Question

Describe the main similarities and differences between corporate espionage offenders who are so-called “insiders” and those who are so-called “outsiders”. In your discussion, include the main effects, incidence of, and potential costs associated with each type of corporate espionage.From the e-Activity, identify one to two (1-2) types or incident(s) of the white collar crime that you have selected. Next, explain the primary manner in which the incident(s) that you have identified fit into the category of white collar crime.

Explanation / Answer

CORPORATE ESPIONAGE :

Corporate espionage involves any theft of proprietary business information through spying ,deception, particularly the theft of "trade secrets." Trade secrets encompass any proprietary information that produces value to commercial enterprise because it provides competitive advantages on business rivals. The informational targets to be stolen through corporate espionage schemes are wide and varied, including the detailed customer lists, product specifications, research and development data, computerized source codes, memoranda of detailing corporate strategies, pricing lists, and technology and computer data.

Corporate espionage is threat to any business whose livelihood depends on information. The information sought after could be client lists, supplier agreements, personnel records, research documents, prototype plans for new product or service. Any of this information could be of great financial benefit to scrupulous individual or competitor, while having a devastating financial effect on a company. Just any information gathered from a company could be used to commit scams, credit card fraud, blackmail, extortion or just plain malice against seventy percent company or people who work there. A customer lists, for example, could be sold to competitor or used by sales person to start his own company there by effecting profitability of victim company.

Corporate espionage is hardly new threat. Today, it is estimated that of average enterprise's value is held in its information (source: Trends in Proprietary Information Loss, American Society for Industrial Security and PricewaterhouseCoopers, 1999). How well is our enterprise protected against new breed of spies?

Many of today's most successful enterprises have been hit hard by electronic espionage incidents and number is climbing. In 1999, Fortune 1000 companies reported a total of $45bn in losses due to corporate espionage

Internet technologies certainly breed proprietary and or confidential information theft. IT managers must work to protect the company by adequately securing network and setting effective policy. Most valuable information today is contained in electronic form and since those computers are networked, online or otherwise accessible through wires, IT manager plays a key role in defending the enterprise against espionage activities - and stopping activities when they are discovered. While the corporate espionage incidents can likely not be eradicated, enterprises can modify security strategies to minimise incidents and losses resulting from those incidents.

Before modifying your security strategy, it is helpful to understand difference between internal and external corporate espionage incidents, as well how they are facilitated by different technologies.

Insiders: our worst enemy:

According to industry surveys, including 2000 Computer Crime Report by the FBI and the Computer Security Institute, insiders are considered to be biggest threat to corporate security. Seventy one percent of companies surveyed experience unauthorised access by the insiders. That figure does not report what is the specific percentage of incidents involved proprietary data theft. However, it does imply that there is a considerable vulnerability to insider espionage.

Direct insider threats:

There are three major types of direct insider threats, which will facilitate corporate espionage:

1)Bribery: Employees may be approached directly by outside corporate intelligence agents offering cash to provide them with the proprietary or confidential data.

2)Social engineering: The manipulation of network administrator or other IT personnel to divulge information, such as logon or other authentication information, which can be used to obtain access to the sensitive information.

3) Group collusion: When several employees band together to use their collective knowledge and privileges to gain access to the information.

Methods used to obtain the data include the employee's own access privileges, which may enable them to access proprietary or confidential information. Also, since employees have physical access to organization, employees may logon using another employee's computer or steal a laptop to gain access to other network resources.

Data wire tapping and back-up tape theft are also common physical espionage methods. Insider spies may spoof another user's information to the request and receive the information via e-mail attachments that otherwise would not be e-mailed to user. Other social engineering techniques, including requesting logon information or password changes from the IT help desks for another user or sharing logon information between employees facilitate insider corporate espionage.

Indirect insider assistance to espionage via the Internet

A major indirect insider threat to the corporate information is online user activity. Usenet groups are a common source of online vulnerability. If many employees from single enterprise are frequently participating in Usenet groups, intelligence agents can collect information and analyse it to reveal much information, possibly even uncovering confidential information.

From the technical side, Usenet posts reveal information about the users' systems, which can aid the hacking activities to gain access to information. Information that can be revealed in the post from an employee whose company is using a proxy server-even to a small extent-include the origination of message, the operating system and the software running on the system. That information may be used by outsiders to gain the access to your network or exploit the user's system.

Even on-line shopping can provide intelligence agents with the kernels of information that can later be leveraged to obtain confidential or proprietary information. One recently publicised example is the Amazon.com's 'Purchase Circles.' Amazon.com tracks purchases and other metrics about groups, such as the enterprises, with more than 200 customers. That information could be used by corporate intelligence agents to obtain the competitive information about enterprises, which should be kept private.

Intruder alert: external spies

Corporate espionage conducted by outsiders is more publicised than the insider threats, especially because network safeguards for the external spies are similar to any hacker safeguard. Vulnerabilities in our network that enable outsiders to gain access to network will enable them to eventually access the proprietary information that they seek.

For external spies, common methods of gaining access to proprietary data include:

1. Password cracking. Several freely available password cracking programs, including BO2K and SATAN, help hackers to gain access to networks. Most password analysers are limited to simple combinations of dictionary words and the numerical combinations. Brute-force password cracking programs will try every password combination until it discovers right one. For the determined spy, rather than the thrill hacker, this would be a preferred method. To close this vulnerability, there are obvious safeguards: Make strong passwords including 8-15 characters with an alphanumeric combination, change passwords for every 30 days and lockout passwords forever after three bad attempts.

2. Backdoors and Trojan Horses. Programs can be executed on the user's computer to enable an outsider to gain control of that computer, and gain further network access. NetBus, Back Orifice and, BO2K can all be used to capture data from victim's computer and send it to a remote location. BO2K has been enhanced so that it can disguise itself once it has been installed on user's computer. Generally, backdoors are e-mailed to the user downloaded from Web site, disguised as benign e-mail attachment or program. Once the attached file is opened, it installs itself on user's computer without their knowledge or consent. Other backdoors enable snoopers to record all keystrokes input on user's computer, enabling the spy to capture proprietary data or authentication information, which will enable the access to proprietary data.

3. Packet 'sniffing' uses program or device that monitors data travelling over a network, enabling the spies to steal information. Intrusion detection solutions may assist IT managers identify and stop sniffing on their network.

4. Social engineering is a nontechnical approach to obtaining information stored on our network. It may include contacting employees in an attempt to receive the sensitive documents over e-mail. For example, imagine that a top executive's assistant gets a call from someone who claims to be assistant of an important contact. The caller wants her to re-send the document that was not received. The assistant probably has access to the boss's computer and quickly e-mails document. That scenario illustrates a common technique for modern corporate spies. It is easy for spies to talk in their way into obtaining nuggets of information from employees, which can be used to gain greater access within organisation. Help desk employees are often targeted by social engineers in an attempt to learn about the network structure and to gain the access. While social engineering cannot be managed by IT, at least employees can understand varying techniques that are used to gain the network access or to obtain sensitive information. Protecting documents with file passwords and/or encryption can also minimise the threat of social engineers.

Minimising vulnerabilities that lead to data theft

Network vulnerabilities that could lead to the information leakage include your web presence, users' e-mail and Internet activities, our intranet and access privileges. Though not primarily concerning IT, physical methods including laptop theft and the data wire tapping may also be used. In order to safeguard against internal information exploitation or accidental leakage to the outside spies via the network, the enterprise must evaluate and classify information assets, then the work to implement policies and solutions that help to minimise unauthorised access to that data.

Solutions that should be employed include:

* e-mail and the Internet traffic should be monitored to help prevent the transaction of sensitive data over the network. Internet content filtering helps to limit the access to websites that could compromise corporate privacy. e-mail filtering can stop e-mail transmission of the sensitive data, including authentication or proprietary information.

* Comprehensive anti-virus solutions, which include the scanning for Trojan Horses, will help to eliminate corporate espionage - and the resulting in data theft - through backdoor methods.

* Intrusion detection software will enable only those authorised to gain access to the restricted areas of the network. IT can be alerted to attempted intrusions and take an appropriate action.

* Vulnerability assessment solutions will help IT to better to understand the security architecture and the vulnerabilities of each component within that structure. It will help the IT managers audit their network, as well as develop and improve safeguards.

* Policy implementation will help IT develop solid set of rules for configuring networks. Policies can also help establish user access rules, so that you can better monitor the activity for potential breaches. On the user side, it will ensure that the appropriate use of the enterprise network resources is understood. Policies help establish incident handling procedures.

In a competitive marketplace where information is priceless commodity, espionage is not likely to go away. Many experts predict that espionage will be on rise, especially with the Internet and electronic, James Bond-like technologies available to anyone. Comprehensive network security programs should address growing threat of content theft. Though espionage cannot be eliminated, implementing the network safeguards will at least minimise electronic proprietary information loss.

TYPES OF WHITE COLLAR CRIME:

Where computer hackers steal information sources contained on computers such as: bank information, credit cards, and the proprietary information.

Counterfeiting:

Occurs when someone copies or imitates an item without having been authorized to do that and passes copy off for the genuine or original item. Counterfeiting is most often associated with money however can also be associated with the designer clothing, handbags and watches.

Credit Card Fraud:

The unauthorized use of credit card to obtain goods of value.

Currency Schemes:

The practice of speculating on future value of currencies.

When a person who has been entrusted with the money or property appropriates it for his or her own use and benefit.

Related Questions

Navigate

• Browse (All)
• Browse D
• Subjects

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.