Your Cyber Intelligence Source

Among the many services we offer our clients, Cyveillance monitors the internet for important client documents that are meant to be kept inside an organization. Nearly every day we find examples of valuable intellectual property posted on the internet where it can be used by competitors and fraudsters. Even foreign governments seeking industry secrets to assist their own defense and technology industries can find sensitive documents posted online.

Yesterday CBS News ran a story titled Digital Photocopiers Loaded with Secrets. It described how the common digital copy machines used today can be a serious threat to an organization’s security because they often create and save digital versions of the documents they scan onto the copier’s own internal hard drive. These copiers are often leased by office supply firms to offices, and when the copiers are eventually returned, the data stored on the hard drive goes out the door with the copier to unknown destinations.

Investigators with CBS bought four previously used copy machines and uncovered highly sensitive documents on every one of them. The copiers contained criminal records, sensitive architectural blueprints, and even consumer health records. As reporter Armen Keteylan described the situation, “If you’re in the identity theft business, this has to be some kind of pot of gold.”

While the copiers examined in the CBS story appeared to originate in the New York area, imagine what would have been found if they examined copy machines from the nation’s capitol. The story underscores the importance of end-to-end security of high-value documents and sensitive information within an organization. Even in the unlikely scenario of perfect information protection compliance by employees if the copier that leaves the building contains an archive of recent years’ documents, the organization has been breached.

Today’s threat landscape is more risky than ever. Organizations need to think more like their competitors, fraudsters, and agents overseas if they have any hope of keeping their data secure. Otherwise, like the document-laden copiers in the CBS story being shipped from New Jersey to Argentina and Singapore we will continue to give away our one of our most valuable assets.

Docstoc is an online document sharing service that allows users to upload files like Microsoft Office documents, text files, and pdf files and share them with the greater internet community. Launched in November 2007, the service has become very popular as a way to find and distribute content in those formats and now offers more than 13 million documents.

In May 2009 Docstoc offered DocCash, announced as “a service where users can now make money by uploading documents to Docstoc”. In the DocCash program, users are compensated a portion of all Google AdSense earnings generated when the documents they uploaded to Docstoc are viewed. The service expressly prohibits the uploading and sharing of documents when the user does not own copyright, and will remove content and even ban users who violate the policy when brought to their attention. However, this environment is ripe for copyright abuse, far too easy and inviting for those individuals looking to make a quick dollar.

Take for example the following Docstoc user profiles, all publically available. For each user account, we made note of the number of documents they uploaded as of this writing and the time elapsed between that user’s first and last upload (also as of this writing).

Example 1′s profile page

Example 1
Number of documents: 4,033
Time between first and last file uploaded: less than 24 hours. All files uploaded on March 3, 2010.

Example 2′s profile page

Example 2
Number of documents: 3,683
Time between first and last file uploaded: less than 24 hours. All files uploaded on March 7, 2010.

Example 3′s profile page

Example 3
Number of documents: 4,283
Time between first and last file uploaded: less than 24 hours. All files uploaded on March 7, 2010.

Example 4′s profile page

Example 4
Number of documents: 17,142
Time between first and last file uploaded: 4 days, from November 26, 2009 to December 30, 2009.

Although very remotely possible, it is very unlikely that the owners of these accounts own the copyright to such large amounts of content. It is more likely that these account owners scraped search engine results pages for queries like filetype:doc or filetype:pdf and then took advantage of Docstoc’s API to upload files in an automated manner, allowing for the volume of content to be posted so quickly.

In fact, Cyveillance has uncovered significant number of documents posted through DocStoc that include copyright statements of those other than the account owners. It is critical for brand and copyright owners to vigorously protect their intellectual property and, when identified, pursue the offenders. If not, brand equity is at risk in addition to the potential loss of common copyright protection as their content becomes public domain.

In the following two examples, the account owners attempt to earn money by uploading vast amounts of content to the site. In this case however, it appears the account owners have scraped content from different sources across the web, stitched small parts bits to form meaningless paragraphs on a single topic, and uploaded the content as a rich text file to Docstoc. The spammer is likely hoping that esoteric content, although of low value (or no value), will generate traffic from long tail search queries.

Example 5′s profile page

Example 5
Number of documents: 64,166
Time between first and last file uploaded: 6 days, from March 9, 2010 to March 15, 2010.

Example 6′s profile page

Example 6
Number of documents: 2,510
Time between first and last file uploaded: 6 days, from February 25, 2010 to today.

Like youtube.com, blogspot.com, and other sites where content can be added by users, spam and the display of copyrighted content is an issue. The situation is made even worse when uploading such content is incented with cash to upload content. Like the other services mentioned, Docstoc has come of age but is responsible to offer an environment that clearly discourages copyright abuse and should take strong steps to ensure the content uploaded by its users is not in violation of their own policies. Otherwise they will become known as a passive accomplice in copyright abuse and spam generation.

To minimize the chance that one’s own content that should not be made public is copied from one’s website and posted by others in services like Docstoc, Cyveillance recommends that companies regularly check to make sure that their sensitive internal documents as well as public, but copyrighted documents are not posted online by others, including their vendors, partners, or employees. As we encourage with our own customers brand and copyright owners need to take an aggressive posture in their own protection otherwise their own investments are diminished.

Cyveillance is extremely excited to become the latest addition to QinetiQ North America http://www.cyveillance.com/web/news/press_rel/2009/2009-05-06.asp. Cyveillance’s record growth, quality service, outstanding technology and single focus on Cyber Intelligence made for a perfect match to QinetiQ’s security and intelligence practice. The new combined entity will deliver exceptional Internet Risk and Threat Intelligence solutions and serve the worldwide commercial and government markets. Cyveillance will have access to QinetiQ’s resources and infrastructure to support our continued expansion and an increased ability to deliver new, innovative solutions.

By the marketplace reaction, many share our excitement. One posting in particular from Nick Selby at The 451 Group clearly grasped the larger picture and strategic value of cyber intelligence to today’s enterprise. Read his post here.

http://blogs.the451group.com/security/2009/05/06/some-context-around-the-cyveillance-acquisition/

You can see more story links here:

http://www.cyveillance.com/web/news/in_the_news.asp