Forum Thread: Creative Hacking

something to think about rather than using cryto locking. how bout dling client files ect rather than locking them and look into the below.

Competitive intelligence and economic or industrial espionageedit

"Competitive intelligence" levels out two scenarios of description as the legal and ethical activity of systematically gathering, analyzing and managing information on industrial competitors becomes beneficial.3 It may include activities such as examining newspaper articles, corporate publications, websites, patent filings, specialised databases, information at trade shows and the like to determine information on a corporation.4 The compilation of these crucial elements is sometimes termed CIS or CRS, a Competitive Intelligence Solution or Competitive Response Solution. With its roots in market research, 'competitive intelligence' has been described as the 'application of principles and practices from military and national intelligence to the domain of global business';5 it is the business equivalent of open-source intelligence.

The difference between competitive intelligence and economic or industrial espionage is not clear; one needs to understand the legal basics to recognize how to draw the line between the two.67 Others maintain it is sometimes quite difficult to tell the difference between legal and illegal methods, especially if considering the ethical side of information gathering, making the definition even more elusive.

Forms of economic and industrial espionageedit

Economic or industrial espionage takes place in two main forms. In short, the purpose of espionage is to gather knowledge about (an) organization(s). It may include the acquisition of intellectual property, such as information on industrial manufacture, ideas, techniques and processes, recipes and formulas. Or it could include sequestration of proprietary or operational information, such as that on customer datasets, pricing, sales, marketing, research and development, policies, prospective bids, planning or marketing strategies or the changing compositions and locations of production.3 It may describe activities such as theft of trade secrets, bribery, blackmail and technological surveillance. As well as orchestrating espionage on commercial organizations, governments can also be targets — for example, to determine the terms of a tender for a government contract so that another tenderer can underbid.

Target industriesedit

Economic and industrial espionage is most commonly associated with technology-heavy industries, including computer software and hardware, biotechnology, aerospace, telecommunications, transportation and engine technology, automobiles, machine tools, energy, materials and coatings and so on. Silicon Valley is known to be one of the world's most targeted areas for espionage, though any industry with information of use to competitors may be a target.8

Information theft and sabotageedit

Information can make the difference between success and failure; if a trade secret is stolen, the competitive playing field is leveled or even tipped in favor of a competitor. Although a lot of information-gathering is accomplished legally through competitive intelligence, at times corporations feel the best way to get information is to take it.9 Economic or industrial espionage is a threat to any business whose livelihood depends on information.

In recent years, economic or industrial espionage has taken on an expanded definition. For instance, attempts to sabotage a corporation may be considered industrial espionage; in this sense, the term takes on the wider connotations of its parent word. That espionage and sabotage (corporate or otherwise) have become more clearly associated with each other is also demonstrated by a number of profiling studies, some government, some corporate. The US Government currently has a polygraph examination entitled the "Test of Espionage and Sabotage" (TES, contributing to the increasingly popular, though not consensus, notion, by those studying espionage and sabotage countermeasures, of the interrelationship between the two.)10 In practice, particularly by 'trusted insiders,' they are generally considered functionally identical for the purpose of informing countermeasures.

Agents and the process of collectionedit

Economic or industrial espionage commonly occurs in one of two ways. Firstly, a dissatisfied employee appropriates information to advance their own interests or to damage the company or, secondly, a competitor or foreign government seeks information to advance its own technological or financial interest11 'Moles' or trusted insiders are generally considered the best sources for economic or industrial espionage.12 Historically known as a 'patsy,' an insider can be induced, willingly or under duress to provide information. A 'patsy' may be initially asked to hand over inconsequential information and once compromised by committing a crime, bribed into handing over material which is more sensitive.13 Individuals may leave one company to take up employment with another and take sensitive information with them.14 Such apparent behavior has been the focus of numerous industrial espionage cases that have resulted in legal battles.14 Some countries hire individuals to do spying rather than make use of their own intelligence agencies.15 Academics, business delegates and students are often thought to be utilized by governments in gathering information.16 Some countries, such as Japan, have been reported to expect students be debriefed on returning home.16 A spy may follow a guided tour of a factory then get 'lost'.13 A spy could be an engineer, a maintenance man, a cleaner, an insurance salesman or an inspector - basically anyone who has legitimate access to the premises.13

A spy may break into the premises to steal data. They may search through waste paper and refuse, known as "dumpster diving".17 Information may be compromised via unsolicited requests for information, marketing surveys or use of technical support, research or software facilities. Outsourced industrial producers may ask for information outside of the agreed-upon contract.18

Computers have facilitated the process of collecting information, due to the ease of access to large amounts of information, through physical contact or via the internet.

Use of computers and the Internetedit

Personal computersedit

Computers have become key in exercising industrial espionage due to the enormous amount of information they contain and its ease of being copied and transmitted. The use of computers for espionage increased rapidly in the 1990s. Information has been commonly stolen by being copied from unattended computers in offices, those gaining unsupervised access doing so through subsidiary jobs, such as cleaners or repairmen. Laptops were, and still are, a prime target, with those traveling abroad on business being warned not to leave them for any period of time. Perpetrators of espionage have been known to find many ways of conning unsuspecting individuals into parting, often only temporarily, from their possessions, enabling others to access and steal information.19 A 'bag-op' refers to the use of hotel staff to access data, such as through laptops, in hotel rooms. Information may be stolen in transit, in taxis, at airport baggage counters, baggage carousels, on trains and so on.17

The Internetedit

The rise of the internet and computer networks has expanded the range and detail of information available and the ease of access for the purpose of industrial espionage.20 Worldwide, around 50,000 companies a day are thought to come under cyberattack with the rate estimated as doubling each year.21 This type of operation is generally identified as state backed or sponsored, because the 'access to personal, financial or analytic resources' identified exceed that which could be accessed by cybercriminals or individual hackers. Sensitive military or defense engineering or other industrial information may not have immediate monetary value to criminals, compared with, say, bank details. Analysis of cyberattacks suggests deep knowledge of networks, with targeted attacks, obtained by numerous individuals operating in a sustained organized way.22

Opportunities for sabotageedit

The rising use of the internet has also extended opportunities for industrial espionage with the aim of sabotage. In the early 2000s, it was noticed that energy companies were increasingly coming under attack from hackers. Energy power systems, doing jobs like monitoring power grids or water flow, once isolated from the other computer networks, were now being connected to the internet, leaving them more vulnerable, having historically few built-in security features.23 The use of these methods of industrial espionage have increasingly become a concern for governments, due to potential attacks by terrorist groups or hostile foreign governments.

Malwareedit

One of the means of perpetrators conducting industrial espionage is by exploiting vulnerabilities in computer software. Malware and spyware as "a tool for industrial espionage", in "transmitting digital copies of trade secrets, customer plans, future plans and contacts". Newer forms of malware include devices which surreptitiously switch on mobile phones camera and recording devices. In attempts to tackle such attacks on their intellectual property, companies are increasingly keeping important information off network, leaving an "air gap", with some companies building "Faraday cages" to shield from electromagnetic or cellphone transmissions.24

Distributed denial of service (DDoS) attackedit

The distributed denial of service (DDoS) attack uses compromised computer systems to orchestrate a flood of requests on the target system, causing it to shut down and deny service to other users.25 It could potentially be used for economic or industrial espionage with the purpose of sabotage. This method was allegedly utilized by Russian secret services, over a period of two weeks on a cyberattack on Estonia in May 2007, in response to the removal of a Soviet era war memorial.26