A New Front In The Business Of Political Espionage

Uploaded on 2016-10-13 in NEWS-Cybersecurity News, INTELLIGENCE--International, FREE TO VIEW

The days of spies looking to get their hands on state and trade secrets are still alive and well today. Except, now they’re digital.

Espionage techniques have evolved quite a bit beyond the old methods of bugging rooms or tapping phone lines; today’s Watergate wouldn’t come from breaking into a hotel room, it would come from cracking an email server or a corporate network. Already, we’re seeing these threats escalate in the political world, from the Democratic National Convention (DNC) email hack, to a spear-phishing campaign targeting US officials, to last year’s surge of sophisticated cyber-attacks against the State Department. This is just the tip of the iceberg. 

Political Espionage on Both Sides of the Aisle

Cyber-attacks have made it increasingly possible for foreign parties – whether Russian, Chinese or independent hackers, to put their thumb on the US electoral scales. When you consider how much attention the leaked DNC emails, allegedly at the hands of Russian government-backed hackers, received, it is all too easy to imagine politically-driven cyber espionage attacks only getting worse between now and the November presidential election.

Just imagine how valuable it would be for another nation to get their hands on a soon-to-be President’s foreign policy details before they came into power. Or, as in the case of the DNC, to expose sensitive materials and communications of one political party to try and prop up the opposing party’s candidate, effectively influencing the outcome of the election.

It’s a problem across both sides of the aisle. During the Republican National Convention in Cleveland last month, Avast Software research engineers set up fake Wi-Fi hotspots around Quicken Loans Arena (the site of the convention) and Hopkins International Airport. Nearly 70% of people in the area trusted these Wi-Fi networks without a second thought to their own security, consequently exposing their names and email addresses.

Luckily, this was a benign case, but not every fake public Wi-Fi network is a social experiment. If this many people in the political realm are so willingly entrusting their personal information to unsecure networks or email servers, who knows how often or on how many other networks they may be acting just as recklessly. These are vulnerabilities that political enemies would be all too keen to take advantage of, and likely already do.

Cyber Sabotage in Corporate America

Cyber espionage isn’t exclusive to the halls of Washington, DC, either. Corporate espionage is an age-old practice going back decades. Just look at the auto industry over the years. A cursory glance of the similarities between certain car models and manufacturers reveal just how far and how deep corporate espionage goes.

Technology has accelerated this problem even further for the unprepared. For one, spear-phishing and malicious insiders present significant security threats to any organization, from both outside and inside the company’s network. With the former comprising an estimated 91% of all cyber-attacks, and the latter posing a security risk that nearly half of all organizations say they’re ill-prepared to defend against, these cyber-attack methods pose continued and greater threats to corporate security. 

However, spear-phishing and malicious insiders, while uniquely destructive, don’t afflict only the corporate world; any agency or workplace can have a malicious insider among its ranks, and anybody with an email address can fall susceptible to phishing. Beyond just these threats, the corporate world is also vulnerable to other, more unconventional, but no less dangerous, espionage and sabotage techniques that can strike at the heart of any boardroom. 

On-site spies, moles and double agents can undermine corporate security from within. Fake documentaries are another egregious, yet effective, new method of corporate espionage, wherein CEOs are fooled by fake production companies into being given complete access to a corporation’s offices and production lines for the sake of making a documentary about that organization. 

Flash forward several months, and the documentary is still nowhere to be seen. It may not even occur to most executives that the camera crew they had touring their company in the first place was a fraudulent one, who were actually there to canvas your offices for sensitive information, corporate secrets and other useful keys into your otherwise secure databases.

When the Red Scare Went Digital

In the old days of the Red Scare and US McCarthyism, political and corporate anxieties swirled around the ever-present, always-accused threat of communists and foreign spies living right under our noses, stealing our information to sabotage our country (or organization) and to benefit theirs. In the 21st century, that anxiety is as pervasive as ever; it has just taken on a more digital shape.

From spear-phishing and malicious insiders to corporate spies and boardroom bugs, today’s political institutions and companies have to be more vigilant than ever in mounting strong cybersecurity defenses. In an age when foreign hackers are breaching email servers to influence presidential elections or fake film crews are using documentaries as a cover for stealing private corporate information, an ambivalence or negligence toward data and cybersecurity can no longer be acceptable. The consequences are simply too great, and the ripple effects too far-reaching, to ignore or underestimate these threats any longer.

Infosecurity

 

« Lawyers Beware: A Robot Will Take Your Job
UK Cyber Highway Will Improve Security »

CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 8,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

ExaGrid Systems

ExaGrid Systems

ExaGrid provides Tiered Backup Storage with a unique disk-cache Landing Zone, long-term retention repository, and scale-out architecture.

iStorage

iStorage

iStorage is the leading global provider of PIN Activated, hardware encrypted, portable data storage solutions.

Council of European Professional Informatics Societies (CEPIS)

Council of European Professional Informatics Societies (CEPIS)

CEPIS is the representative body of national informatics associations throughout Europe and represent over 450,000 ICT and informatics professionals in 32 countries.

Riscure

Riscure

Riscure is a global test lab and tools leader for device security. Core expertise in side channel analysis, fault injection and embedded device software.

Gospel Technology

Gospel Technology

Gospel presents a totally new way of accessing and controlling data which is enterprise grade scalable, highly resilient, and secure.

Bridewell

Bridewell

Bridewell provide cost effective Security & Risk Assurance Services across Information Security, Cyber Security, Technology Risk, Security Testing and Data Privacy.

Egnyte

Egnyte

Egnyte delivers secure content collaboration, compliant data protection and simple infrastructure modernization; all through a single SaaS solution.

Exire Technologies

Exire Technologies

Exire Technologies is comprised of a team of professionals who are specialised in cybersecurity and a value added reseller and integrator of ICT security systems.

BrandProtections.Online

BrandProtections.Online

BrandProtections.online offer end-to-end customer support solutions to help protect against threats which may affect your brand online.

SimSpace

SimSpace

SimSpace is the visionary yet practical platform for measuring how your security system responds under actual, sustained attack.

Cypherix

Cypherix

Cypherix is tightly focused on cryptography and data security. We leverage our expertise to deliver state-of-the-art, world-class encryption software packages.

Cynance

Cynance

Cynance are an award-winning, independent cyber security specialist and part of the Transputec family of companies.

Accedian

Accedian

Accedian is a leader in performance analytics and end user experience solutions, dedicated to providing our customers with the ability to assure their digital infrastructure.

Mayer Brown

Mayer Brown

Mayer Brown is a global law firm. We have deep experience in high-stakes litigation and complex transactions across industry sectors including the global financial services industry.

Manifest

Manifest

Manifest is a cybersecurity company dedicated to helping enterprises secure their software supply chains.

Verosint

Verosint

Verosint (formerly 443ID) provides real-time account fraud prevention that reveals fraudsters hiding in user accounts and proactively blocks them before their attacks can cause harm.