As a result, in October 2007, the United States, the European Community, Switzerland and Japan simultaneously announced that they would negotiate a new intellectual property enforcement treaty, the Anti-Counterfeiting Trade Agreement, or ACTA. ACTA represents a significant achievement in the fight against the infringement of intellectual property rights, particularly against the proliferation of counterfeiting and piracy on a global scale, and provides a mechanism for the parties to work together in a more collaborative manner to achieve the common goal of effective Intellectual Property Rights (IPR) enforcement. When it enters into force with all participants, ACTA will formalize the legal foundation for a first-of-its-kind alliance of trading partners, representing more than half of world trade.

Highlights

• On Saturday, October 1, 2011, Representatives of the U.S., Japan, Australia, Canada, the E.U., South Korea, Mexico, Morocco, New Zealand, Singapore and Switzerland met in Japan for the signing ceremony for the Anti-Counterfeiting Trade Agreement (ACTA).
• ACTA – initially designed to be a treaty, thus requiring Senate ratification in the U.S. — will likely be an “executive agreement” that cannot alter or supersede U.S. law. Fortunately, ACTA is consistent with existing U.S. law and does not require any change to U.S. law prior to implementation in the United States. In particular, ACTA is consistent with U.S. copyright, patent, and trademark laws. For example, the application of injunctive relief as provided for in the Digital Millennium Copyright Act (17 USC §512j) and other provisions of U.S. law is consistent with and implements the obligations of ACTA. The United States may therefore enter into and carry out the requirements of the Agreement under existing legal authority, just as it has done with other trade agreements.
• ACTA provides for: (1) enhanced international cooperation; (2) promotion of sound enforcement practices; and (3) a legal framework for IPR enforcement in the areas of criminal enforcement, enforcement at the border, civil and administrative actions, and distribution of IPR infringing material on the Internet. Listed below are the most notable provisions:
  • ACTA will require that border enforcement authorities be empowered to act on their own initiative (“ex officio”) against both imports and exports of counterfeit and pirated goods.
  • ACTA will require that criminal authorities be able to act on their own initiative in piracy and counterfeiting cases, rather than waiting for a complaint.
  • ACTA will further clarify existing international requirements for the availability of criminal penalties when piracy or counterfeiting is carried out for commercial advantage.
  • ACTA will require criminal remedies for the importation or use of labels or packaging for counterfeit goods
  • ACTA will include new rules on criminal seizure and destruction of counterfeit goods, seizure of the equipment and materials used in their manufacture, and seizure of the criminal proceeds from piracy and counterfeiting offenses.
  • ACTA will clarify existing international requirements to protect against circumvention of digital security technologies (such as passwords or encryption).
  • ACTA will require parties to address copyright piracy on digital networks, while preserving principles such as freedom of expression, fair process, and privacy.
  • ACTA will enhance the international framework for civil enforcement provisions dealing with issues such as damages, provisional measures, recovery of costs and attorneys’ fees, and destruction of infringing goods.
• With respect to the legal framework, ACTA establishes a strengthened standard, as demonstrated in the highlighted parts above, that builds on the minimum standards of the WTO Agreement on Trade-Related Aspects of Intellectual Property Rights (TRIPS). This marks a considerable improvement in international trade norms for effectively combating the global proliferation of commercial-scale counterfeiting and piracy in the 21st Century.
• What ACTA is NOT about:
  • Seizing portable music players and laptops at the border
  • Extending the term of protection for copyrights
  • Preventing “parallel” imports
  • Filtering internet traffic for infringing copyright works
  • Limiting access to generic pharmaceuticals
  • Reducing the court’s involvement in determining infringement
  • Weakening privacy laws
  • Lowering evidentiary standards for injunctions
  • Freezing bank accounts of suspected infringers
• Not all participants are completely satisfied with the final version of ACTA. Critics in the E.U. have suggested the trade agreement doesn’t comply with Europe’s data privacy laws, and have questioned its compatibility with E.U. law.

Commentary

Critics claim that ACTA has several features that raise significant potential concerns for consumers’ privacy and civil liberties, for innovation and the free flow of information on the Internet, for legitimate commerce, and for developing countries’ ability to choose policy options that best suit their domestic priorities and their level of economic development.

Additionally, the secrecy of the negotiation process has left the public with many concerns and questions. Gigi Sohn, Public Knowledge’s president and co-founder, called the ACTA negotiations an “extremely flawed” process. “ACTA should have been considered a treaty, and subject to public Senate debate and ratification or, in the alternative, debated in an open and transparent international forum such as the World Intellectual Property Organization,” she said. “Instead, public interest groups and the tech industry had to expend enormous resources to force the process open to permit public views to be presented and considered.”

The Impact

Although this agreement does not change U.S .law, it will alter international law. Companies engaging in business on an international level will need to educate themselves on the effects of ACTA. Critics of ACTA in the U.S. have said the treaty could allow foreign organizations to target U.S. companies and websites that don’t comply with overseas copyright laws. The truth of this statement has not been proven. However, ACTA leaves the door open for countries to introduce the so-called “three-strikes rule”, which would see Internet users cut off if they download copyrighted material, as national authorities would be able to order the ISPs to disclose personal information. This concern about the privatization of enforcement has the potential to impact the operations of U.S. companies.

The sender name is spoofed to appear to come from “protection@nsa.security.gov” and the links go to national-security-agency.com, a domain that was just registered yesterday. This attack is a perfect example of how deeply spear-phishers understand the psychology of social engineering users. It invokes the authority of a respected and mysterious government agency, it uses fear of being hacked or getting “in trouble” at work to prompt action, and it takes advantage of current events in the form of the widely reported (i.e. verifiable fact) and recent RSA token hack. This is a potent cocktail of logic, emotion and authority to manipulate the user into a desired action, and is typical of today’s advanced Phishers.

Here are some of the tips that can help you spot scams like this one:

1. Supposed needs for patches, security updates and vulnerability fixes are a favorite technique of scammers and phishers. Even if the message appears to come from someone in your own company, treat all such requests as suspicious and verify with your IT team by voice or fresh email to the actual IT person who supports you.
2. Treat ANY email that tells you to download something as malicious until proven otherwise. Again, contact your IT team before installing anything on your system.
3. Hover (but do NOT click) your mouse over all links in the email. The true destination of the link will pop up next to your mouse pointer. If you’ve never heard of the site, treat it as dangerous. Does the site in the link address match the site in the sender’s email address? If it does not, be suspicious. Is the pop up destination different from the URL shown in the visible text of the email, what we call a bait-and-switch link? If so, this is a major warning.
4. Finally, any link that ends in .zip or .exe should be treated as extremely hazardous and not clicked on.

And here’s another troubling wrinkle: These criminals aren’t gaining access to networks to exclusively steal money anymore. No, these days, your network’s data commands the big dollar signs.

To protect themselves, those overseeing enterprises must dispense of badly outdated stereotypes about would-be intruders. Especially the one in which the hacker is some pimply faced kid pecking away solo in his parents’ basement. This kid has grown up, now a member of a thriving, sophisticated organized crime ring – possibly with deep connections to international syndicates or rogue nations in Eastern Europe, the Middle East or Asia.

The mob once dealt in liquor, gambling and other vices. Now, it’s all about the black market for information. The organized cyber-crime syndicate could be on retainer to obtain secrets from the Pentagon or U.S. Department of State. Or the data of interest could be the molecular blueprint of a pharmaceutical company’s developing wonder drug – a valuable “purchase” for a competitor. Or a food retailer may be willing to pay a small fortune for details on the expansion plans of a rival. It could be one of these or any number of countless scenarios in which information commands an asking price.

Once the terms of an agreement are reached between the buyer and the criminal ring, the strategies of intrusion are deployed. As described in detail by Manoj, the most popular technique involves getting inside network users to unwittingly open an emailed link that’s really malware.

You may think that your network users are above that sort of ruse, but people use multiple ways to connect to your network (i.e. working from home, non-corporate or personal mobile devices); which only broadens the attacker’s vectors of access and points for trust. Keep in mind that the phishing scammer here simply needs one ill-advised click. That’s it. Even relatively savvy users can lapse into a weak moment, perhaps during an especially frazzling day when they’ve been multitasking for hours and are attempting to swiftly go through their in-box before heading home. That’s the kind of moment the hacker is waiting for, because mental fatigue + urgency = a ripe opportunity for that much-sought click.

Keep in mind that once in the network, it’s time to mine for the information. If the intruder keeps a low profile – not taking part in any activity that would raise any suspicions among those monitoring the network – he can settle in for the long haul and keep gaining access to data. And consider the wealth of information within that can be exploited for ill-gain: intellectual-property, sensitive financial reports, R&D innovations, hiring plans, salary structures and other confidential personnel information.

Because so many users are combining “work” with personal tech, hackers can further expand their market reach. Information about corporate executives, for example, is highly valued because they usually have a “clean” background record and such a record is valuable for black-market operatives. These operatives will use the records to create bogus passports, visas and driver’s licenses to allow dubious characters from foreign countries to arrive here while avoiding a watch list.

All it takes is one bad click to unleash all of this access. If you’re not taking pro-active steps to thwart these data thieves, are you prepared to deal with the consequences?

Terry Gudaitis , Ph.D., Cyber Intelligence Director, Cyveillance

Question to consider: What are you doing to pro-actively monitor and prevent unauthorized access to information on your network?

When Cyveillance cyber security experts speak at industry events and client meetings, the conversation almost inevitably turns to social media. Large businesses want to embrace social media websites like Facebook, Foursquare, and Twitter while avoiding the public relations blunders that social media sites easily make possible. Marketing departments see huge opportunities while legal and security departments foresee dangers and headaches on the way. Who is right?

Of course they are both correct. However, in order for both to be satisfied, a middle ground that must be found. The question is how to find the balance between risk and reward. Finding that balance will vary for each organization but one thing is certain: no organization can afford is to do nothing, hoping that common sense will prevent indiscretions by employees.

Here at Cyveillance we have seen far too many cases of employees disclosing confidential information online that should never reach the public. As Batman explains in the cartoon from Australian artist Agent-X above, some employees feel compelled to make unwise disclosures online. Indeed, one can find serious breaches of sensitive information with implications for national security without a lot of work.

So relying on the common sense of employees is not a very safe or wise strategy. At some point an employee will make a comment online that is not desirable from a PR or security standpoint. It happens sooner in larger organizations but inevitably it happens to most out there.

Worse, while such mistakes are never acceptable, some employees can honestly claim that they did not know they were not supposed to talk about work on their Facebook, Twitter, or other social networking sites. Sure, they should have known, but they have that defense because their employer never got around to developing a social media policy and educating their employees about it.

This is not breaking news. Many organizations, whether public or private, know they need a policy but are at a standstill while legal, marketing, IT, and security departments figure out who has what responsibilities. That is, if they’ve even had inter-departmental meetings on the topic to begin with.

The important thing is to have something in front of employees as soon as possible, calling it an “interim social media policy” if necessary. Tweak it as circumstances change, but do not wait idly in the meantime. Given the speed of communication on through social media, no one can afford to wait.

If you’d like assistance developing social media policy for your organization, don’t hesitate to contact us. Cyveillance specializes in helping you minimize the damage that can occur to your organization by inappropriate disclosures of sensitive or confidential information on the Internet.

First, focus on training all members of your organization on the threats that are out there, so they’re in a better position to deal with potential data loss. Second, proactively monitor for the inevitable loss of confidential information. This monitoring – whether in-house or via an outside vendor – greatly increases the chances of identifying your compromised data before any real damage can occur.

The truth is, it doesn’t matter if your organization is a huge target like a government agency or a Fortune 50 company, criminals are out there looking for a way to get their hands on your data. It may sound cliché, but your best defense is a good offense. You may not always stop information from getting out. But when it does, you’ll be in a better position to stay off the front page.

Yesterday CBS News ran a story titled Digital Photocopiers Loaded with Secrets. It described how the common digital copy machines used today can be a serious threat to an organization’s security because they often create and save digital versions of the documents they scan onto the copier’s own internal hard drive. These copiers are often leased by office supply firms to offices, and when the copiers are eventually returned, the data stored on the hard drive goes out the door with the copier to unknown destinations.

Investigators with CBS bought four previously used copy machines and uncovered highly sensitive documents on every one of them. The copiers contained criminal records, sensitive architectural blueprints, and even consumer health records. As reporter Armen Keteylan described the situation, “If you’re in the identity theft business, this has to be some kind of pot of gold.”

While the copiers examined in the CBS story appeared to originate in the New York area, imagine what would have been found if they examined copy machines from the nation’s capitol. The story underscores the importance of end-to-end security of high-value documents and sensitive information within an organization. Even in the unlikely scenario of perfect information protection compliance by employees if the copier that leaves the building contains an archive of recent years’ documents, the organization has been breached.

Today’s threat landscape is more risky than ever. Organizations need to think more like their competitors, fraudsters, and agents overseas if they have any hope of keeping their data secure. Otherwise, like the document-laden copiers in the CBS story being shipped from New Jersey to Argentina and Singapore we will continue to give away our one of our most valuable assets.

In May 2009 Docstoc offered DocCash, announced as “a service where users can now make money by uploading documents to Docstoc”. In the DocCash program, users are compensated a portion of all Google AdSense earnings generated when the documents they uploaded to Docstoc are viewed. The service expressly prohibits the uploading and sharing of documents when the user does not own copyright, and will remove content and even ban users who violate the policy when brought to their attention. However, this environment is ripe for copyright abuse, far too easy and inviting for those individuals looking to make a quick dollar.

Take for example the following Docstoc user profiles, all publically available. For each user account, we made note of the number of documents they uploaded as of this writing and the time elapsed between that user’s first and last upload (also as of this writing).

Example 1′s profile page

Example 1
Number of documents: 4,033
Time between first and last file uploaded: less than 24 hours. All files uploaded on March 3, 2010.

Example 2′s profile page

Example 2
Number of documents: 3,683
Time between first and last file uploaded: less than 24 hours. All files uploaded on March 7, 2010.

Example 3′s profile page

Example 3
Number of documents: 4,283
Time between first and last file uploaded: less than 24 hours. All files uploaded on March 7, 2010.

Example 4′s profile page

Example 4
Number of documents: 17,142
Time between first and last file uploaded: 4 days, from November 26, 2009 to December 30, 2009.

Although very remotely possible, it is very unlikely that the owners of these accounts own the copyright to such large amounts of content. It is more likely that these account owners scraped search engine results pages for queries like filetype:doc or filetype:pdf and then took advantage of Docstoc’s API to upload files in an automated manner, allowing for the volume of content to be posted so quickly.

In fact, Cyveillance has uncovered significant number of documents posted through DocStoc that include copyright statements of those other than the account owners. It is critical for brand and copyright owners to vigorously protect their intellectual property and, when identified, pursue the offenders. If not, brand equity is at risk in addition to the potential loss of common copyright protection as their content becomes public domain.

In the following two examples, the account owners attempt to earn money by uploading vast amounts of content to the site. In this case however, it appears the account owners have scraped content from different sources across the web, stitched small parts bits to form meaningless paragraphs on a single topic, and uploaded the content as a rich text file to Docstoc. The spammer is likely hoping that esoteric content, although of low value (or no value), will generate traffic from long tail search queries.

Example 5′s profile page

Example 5
Number of documents: 64,166
Time between first and last file uploaded: 6 days, from March 9, 2010 to March 15, 2010.

Example 6′s profile page

Example 6
Number of documents: 2,510
Time between first and last file uploaded: 6 days, from February 25, 2010 to today.

Like youtube.com, blogspot.com, and other sites where content can be added by users, spam and the display of copyrighted content is an issue. The situation is made even worse when uploading such content is incented with cash to upload content. Like the other services mentioned, Docstoc has come of age but is responsible to offer an environment that clearly discourages copyright abuse and should take strong steps to ensure the content uploaded by its users is not in violation of their own policies. Otherwise they will become known as a passive accomplice in copyright abuse and spam generation.

To minimize the chance that one’s own content that should not be made public is copied from one’s website and posted by others in services like Docstoc, Cyveillance recommends that companies regularly check to make sure that their sensitive internal documents as well as public, but copyrighted documents are not posted online by others, including their vendors, partners, or employees. As we encourage with our own customers brand and copyright owners need to take an aggressive posture in their own protection otherwise their own investments are diminished.

By the marketplace reaction, many share our excitement. One posting in particular from Nick Selby at The 451 Group clearly grasped the larger picture and strategic value of cyber intelligence to today’s enterprise. Read his post here.

http://blogs.the451group.com/security/2009/05/06/some-context-around-the-cyveillance-acquisition/

You can see more story links here:

http://www.cyveillance.com/web/news/in_the_news.asp