Category: Information Protection

Background
The proliferation of counterfeit and pirated goods poses considerable challenges for legitimate trade and the sustainable development of the world economy. Trade in these counterfeit and pirated goods causes significant financial losses for right holders and legitimate businesses. It also hinders sustainable economic development in both developed and developing countries and, in some cases, represents a health or safety risk to consumers.

As a result, in October 2007, the United States, the European Community, Switzerland and Japan simultaneously announced that they would negotiate a new intellectual property enforcement treaty, the Anti-Counterfeiting Trade Agreement, or ACTA. ACTA represents a significant achievement in the fight against the infringement of intellectual property rights, particularly against the proliferation of counterfeiting and piracy on a global scale, and provides a mechanism for the parties to work together in a more collaborative manner to achieve the common goal of effective Intellectual Property Rights (IPR) enforcement. When it enters into force with all participants, ACTA will formalize the legal foundation for a first-of-its-kind alliance of trading partners, representing more than half of world trade.

Read the rest of this entry »

A targeted scam or “Spear Phishing” attack making the rounds today invokes the National Security Agency and takes advantage of recent news about a hack of RSA’s two-factor security tokens. Cyveillance has now captured examples and reports of several variants of this email, most sent under the subject lines “Token Code Update” or “Security Token Update”. Read the rest of this entry »

In a previous blog, our CTO, Manoj Srivastava, discussed how the methodology of modern cyber crooks has evolved, how adept they are today at exploiting the human instinct to trust. Read the rest of this entry »

Image reproduced with permission from Agent-X.

When Cyveillance cyber security experts speak at industry events and client meetings, the conversation almost inevitably turns to social media. Large businesses want to embrace social media websites like Facebook, Foursquare, and Twitter while avoiding the public relations blunders that social media sites easily make possible. Marketing departments see huge opportunities while legal and security departments foresee dangers and headaches on the way. Who is right?

Of course they are both correct. However, in order for both to be satisfied, a middle ground that must be found. The question is how to find the balance between risk and reward. Finding that balance will vary for each organization but one thing is certain: no organization can afford is to do nothing, hoping that common sense will prevent indiscretions by employees.

Here at Cyveillance we have seen far too many cases of employees disclosing confidential information online that should never reach the public. As Batman explains in the cartoon from Australian artist Agent-X above, some employees feel compelled to make unwise disclosures online. Indeed, one can find serious breaches of sensitive information with implications for national security without a lot of work.

So relying on the common sense of employees is not a very safe or wise strategy. At some point an employee will make a comment online that is not desirable from a PR or security standpoint. It happens sooner in larger organizations but inevitably it happens to most out there.

Worse, while such mistakes are never acceptable, some employees can honestly claim that they did not know they were not supposed to talk about work on their Facebook, Twitter, or other social networking sites. Sure, they should have known, but they have that defense because their employer never got around to developing a social media policy and educating their employees about it.

This is not breaking news. Many organizations, whether public or private, know they need a policy but are at a standstill while legal, marketing, IT, and security departments figure out who has what responsibilities. That is, if they’ve even had inter-departmental meetings on the topic to begin with.

The important thing is to have something in front of employees as soon as possible, calling it an “interim social media policy” if necessary. Tweak it as circumstances change, but do not wait idly in the meantime. Given the speed of communication on through social media, no one can afford to wait.

If you’d like assistance developing social media policy for your organization, don’t hesitate to contact us. Cyveillance specializes in helping you minimize the damage that can occur to your organization by inappropriate disclosures of sensitive or confidential information on the Internet.

The public disclosure of 77,000 documents describing the war in Afghanistan in unsettling detail … A follow-up release of nearly 400,000 docs related to the Iraq war … Then, in November, the revelation of classified correspondence between the U.S. State Department and its diplomats throughout the world … These and other controversial actions involving WikiLeaks make it clear that confidential information can easily find its way into unauthorized hands. And there’s a reasonable chance that those hands are going to get right on a computer keypad and press “send” to distribute the information, no matter what kind of security you have in place. But the good news? You can position yourself to minimize risk.

First, focus on training all members of your organization on the threats that are out there, so they’re in a better position to deal with potential data loss. Second, proactively monitor for the inevitable loss of confidential information. This monitoring – whether in-house or via an outside vendor – greatly increases the chances of identifying your compromised data before any real damage can occur.

The truth is, it doesn’t matter if your organization is a huge target like a government agency or a Fortune 50 company, criminals are out there looking for a way to get their hands on your data. It may sound cliché, but your best defense is a good offense. You may not always stop information from getting out. But when it does, you’ll be in a better position to stay off the front page.

Among the many services we offer our clients, Cyveillance monitors the internet for important client documents that are meant to be kept inside an organization. Nearly every day we find examples of valuable intellectual property posted on the internet where it can be used by competitors and fraudsters. Even foreign governments seeking industry secrets to assist their own defense and technology industries can find sensitive documents posted online.

Yesterday CBS News ran a story titled Digital Photocopiers Loaded with Secrets. It described how the common digital copy machines used today can be a serious threat to an organization’s security because they often create and save digital versions of the documents they scan onto the copier’s own internal hard drive. These copiers are often leased by office supply firms to offices, and when the copiers are eventually returned, the data stored on the hard drive goes out the door with the copier to unknown destinations.

Investigators with CBS bought four previously used copy machines and uncovered highly sensitive documents on every one of them. The copiers contained criminal records, sensitive architectural blueprints, and even consumer health records. As reporter Armen Keteylan described the situation, “If you’re in the identity theft business, this has to be some kind of pot of gold.”

While the copiers examined in the CBS story appeared to originate in the New York area, imagine what would have been found if they examined copy machines from the nation’s capitol. The story underscores the importance of end-to-end security of high-value documents and sensitive information within an organization. Even in the unlikely scenario of perfect information protection compliance by employees if the copier that leaves the building contains an archive of recent years’ documents, the organization has been breached.

Today’s threat landscape is more risky than ever. Organizations need to think more like their competitors, fraudsters, and agents overseas if they have any hope of keeping their data secure. Otherwise, like the document-laden copiers in the CBS story being shipped from New Jersey to Argentina and Singapore we will continue to give away our one of our most valuable assets.

Docstoc is an online document sharing service that allows users to upload files like Microsoft Office documents, text files, and pdf files and share them with the greater internet community. Launched in November 2007, the service has become very popular as a way to find and distribute content in those formats and now offers more than 13 million documents.

In May 2009 Docstoc offered DocCash, announced as “a service where users can now make money by uploading documents to Docstoc”. In the DocCash program, users are compensated a portion of all Google AdSense earnings generated when the documents they uploaded to Docstoc are viewed. The service expressly prohibits the uploading and sharing of documents when the user does not own copyright, and will remove content and even ban users who violate the policy when brought to their attention. However, this environment is ripe for copyright abuse, far too easy and inviting for those individuals looking to make a quick dollar.

Take for example the following Docstoc user profiles, all publically available. For each user account, we made note of the number of documents they uploaded as of this writing and the time elapsed between that user’s first and last upload (also as of this writing).

Example 1′s profile page

Example 1
Number of documents: 4,033
Time between first and last file uploaded: less than 24 hours. All files uploaded on March 3, 2010.

Example 2′s profile page

Example 2
Number of documents: 3,683
Time between first and last file uploaded: less than 24 hours. All files uploaded on March 7, 2010.

Example 3′s profile page

Example 3
Number of documents: 4,283
Time between first and last file uploaded: less than 24 hours. All files uploaded on March 7, 2010.

Example 4′s profile page

Example 4
Number of documents: 17,142
Time between first and last file uploaded: 4 days, from November 26, 2009 to December 30, 2009.

Although very remotely possible, it is very unlikely that the owners of these accounts own the copyright to such large amounts of content. It is more likely that these account owners scraped search engine results pages for queries like filetype:doc or filetype:pdf and then took advantage of Docstoc’s API to upload files in an automated manner, allowing for the volume of content to be posted so quickly.

In fact, Cyveillance has uncovered significant number of documents posted through DocStoc that include copyright statements of those other than the account owners. It is critical for brand and copyright owners to vigorously protect their intellectual property and, when identified, pursue the offenders. If not, brand equity is at risk in addition to the potential loss of common copyright protection as their content becomes public domain.

In the following two examples, the account owners attempt to earn money by uploading vast amounts of content to the site. In this case however, it appears the account owners have scraped content from different sources across the web, stitched small parts bits to form meaningless paragraphs on a single topic, and uploaded the content as a rich text file to Docstoc. The spammer is likely hoping that esoteric content, although of low value (or no value), will generate traffic from long tail search queries.

Example 5′s profile page

Example 5
Number of documents: 64,166
Time between first and last file uploaded: 6 days, from March 9, 2010 to March 15, 2010.

Example 6′s profile page

Example 6
Number of documents: 2,510
Time between first and last file uploaded: 6 days, from February 25, 2010 to today.

Like youtube.com, blogspot.com, and other sites where content can be added by users, spam and the display of copyrighted content is an issue. The situation is made even worse when uploading such content is incented with cash to upload content. Like the other services mentioned, Docstoc has come of age but is responsible to offer an environment that clearly discourages copyright abuse and should take strong steps to ensure the content uploaded by its users is not in violation of their own policies. Otherwise they will become known as a passive accomplice in copyright abuse and spam generation.

To minimize the chance that one’s own content that should not be made public is copied from one’s website and posted by others in services like Docstoc, Cyveillance recommends that companies regularly check to make sure that their sensitive internal documents as well as public, but copyrighted documents are not posted online by others, including their vendors, partners, or employees. As we encourage with our own customers brand and copyright owners need to take an aggressive posture in their own protection otherwise their own investments are diminished.

Cyveillance is extremely excited to become the latest addition to QinetiQ North America http://www.cyveillance.com/web/news/press_rel/2009/2009-05-06.asp. Cyveillance’s record growth, quality service, outstanding technology and single focus on Cyber Intelligence made for a perfect match to QinetiQ’s security and intelligence practice. The new combined entity will deliver exceptional Internet Risk and Threat Intelligence solutions and serve the worldwide commercial and government markets. Cyveillance will have access to QinetiQ’s resources and infrastructure to support our continued expansion and an increased ability to deliver new, innovative solutions.

By the marketplace reaction, many share our excitement. One posting in particular from Nick Selby at The 451 Group clearly grasped the larger picture and strategic value of cyber intelligence to today’s enterprise. Read his post here.

http://blogs.the451group.com/security/2009/05/06/some-context-around-the-cyveillance-acquisition/

You can see more story links here:

http://www.cyveillance.com/web/news/in_the_news.asp