A New Front In The Business Of Political Espionage

Uploaded on 2016-10-13 in NEWS-Cybersecurity News, INTELLIGENCE--International, FREE TO VIEW

The days of spies looking to get their hands on state and trade secrets are still alive and well today. Except, now they’re digital.

Espionage techniques have evolved quite a bit beyond the old methods of bugging rooms or tapping phone lines; today’s Watergate wouldn’t come from breaking into a hotel room, it would come from cracking an email server or a corporate network. Already, we’re seeing these threats escalate in the political world, from the Democratic National Convention (DNC) email hack, to a spear-phishing campaign targeting US officials, to last year’s surge of sophisticated cyber-attacks against the State Department. This is just the tip of the iceberg. 

Political Espionage on Both Sides of the Aisle

Cyber-attacks have made it increasingly possible for foreign parties – whether Russian, Chinese or independent hackers, to put their thumb on the US electoral scales. When you consider how much attention the leaked DNC emails, allegedly at the hands of Russian government-backed hackers, received, it is all too easy to imagine politically-driven cyber espionage attacks only getting worse between now and the November presidential election.

Just imagine how valuable it would be for another nation to get their hands on a soon-to-be President’s foreign policy details before they came into power. Or, as in the case of the DNC, to expose sensitive materials and communications of one political party to try and prop up the opposing party’s candidate, effectively influencing the outcome of the election.

It’s a problem across both sides of the aisle. During the Republican National Convention in Cleveland last month, Avast Software research engineers set up fake Wi-Fi hotspots around Quicken Loans Arena (the site of the convention) and Hopkins International Airport. Nearly 70% of people in the area trusted these Wi-Fi networks without a second thought to their own security, consequently exposing their names and email addresses.

Luckily, this was a benign case, but not every fake public Wi-Fi network is a social experiment. If this many people in the political realm are so willingly entrusting their personal information to unsecure networks or email servers, who knows how often or on how many other networks they may be acting just as recklessly. These are vulnerabilities that political enemies would be all too keen to take advantage of, and likely already do.

Cyber Sabotage in Corporate America

Cyber espionage isn’t exclusive to the halls of Washington, DC, either. Corporate espionage is an age-old practice going back decades. Just look at the auto industry over the years. A cursory glance of the similarities between certain car models and manufacturers reveal just how far and how deep corporate espionage goes.

Technology has accelerated this problem even further for the unprepared. For one, spear-phishing and malicious insiders present significant security threats to any organization, from both outside and inside the company’s network. With the former comprising an estimated 91% of all cyber-attacks, and the latter posing a security risk that nearly half of all organizations say they’re ill-prepared to defend against, these cyber-attack methods pose continued and greater threats to corporate security. 

However, spear-phishing and malicious insiders, while uniquely destructive, don’t afflict only the corporate world; any agency or workplace can have a malicious insider among its ranks, and anybody with an email address can fall susceptible to phishing. Beyond just these threats, the corporate world is also vulnerable to other, more unconventional, but no less dangerous, espionage and sabotage techniques that can strike at the heart of any boardroom. 

On-site spies, moles and double agents can undermine corporate security from within. Fake documentaries are another egregious, yet effective, new method of corporate espionage, wherein CEOs are fooled by fake production companies into being given complete access to a corporation’s offices and production lines for the sake of making a documentary about that organization. 

Flash forward several months, and the documentary is still nowhere to be seen. It may not even occur to most executives that the camera crew they had touring their company in the first place was a fraudulent one, who were actually there to canvas your offices for sensitive information, corporate secrets and other useful keys into your otherwise secure databases.

When the Red Scare Went Digital

In the old days of the Red Scare and US McCarthyism, political and corporate anxieties swirled around the ever-present, always-accused threat of communists and foreign spies living right under our noses, stealing our information to sabotage our country (or organization) and to benefit theirs. In the 21st century, that anxiety is as pervasive as ever; it has just taken on a more digital shape.

From spear-phishing and malicious insiders to corporate spies and boardroom bugs, today’s political institutions and companies have to be more vigilant than ever in mounting strong cybersecurity defenses. In an age when foreign hackers are breaching email servers to influence presidential elections or fake film crews are using documentaries as a cover for stealing private corporate information, an ambivalence or negligence toward data and cybersecurity can no longer be acceptable. The consequences are simply too great, and the ripple effects too far-reaching, to ignore or underestimate these threats any longer.

Infosecurity

 

« Lawyers Beware: A Robot Will Take Your Job
UK Cyber Highway Will Improve Security »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

RSA Security

RSA Security

RSA provide cybersecurity products for Threat Detection and Response, Identity and Access Management, Governance, Risk and Compliance, and Fraud Prevention.

Graphus

Graphus

Graphus provides a simple, powerful, automated solution that eliminates 99% of social engineering and spear phishing attacks against G Suite business Gmail users.

Antiy Labs

Antiy Labs

Antiy Labs is a vender of antivirus engine and solution, providing the best-in-breed antivirus engine and next generation antivirus services for confronting PC malware and mobile malware.

Cryptovision

Cryptovision

cv cryptovision GmbH is one of the leading specialists for modern, user-friendly cryptography and solutions for secure electronic identities.

Unitrends

Unitrends

Unitrends helps IT pros do more with less by providing an all-in-one enterprise backup and continuity solution.

ESL Bangladesh

ESL Bangladesh

ESL is the Largest IT Infrastructure & Telecom Service Provider in Bangladesh.

jobsDB.com

jobsDB.com

jobsDB Singapore is a search engine for jobs throughout Singapore.

Cyber Pathways

Cyber Pathways

Cyber Pathways brings together the next generation of Cyber professionals along with delegates who are looking to cross train and enter the cyber market.

YorCyberSec

YorCyberSec

YorCyberSec act as a trusted Cyber and Information Security broker and procurement specialist. We help companies to Reduce Risk, Increase Assurance and Improve Performance.

Canonic Security

Canonic Security

Canonic streamlines app review, continuously monitors apps, and reduces the risks involved in third-party access to your data.

MindWise

MindWise

MindWise is a comprehensive global threat monitoring solution with implementations for fraud prevention and enterprise threat intelligence.

Hadrian

Hadrian

Hadrian is modernizing offensive security practices with automation, making them faster and more scalable. Equipped with the hacker’s perspective, companies can now know what their critical risks are.

Singularico

Singularico

Singularico help secure your software using the power of AI.

Versent

Versent

Versent is an Australian-born technology company, focused on architecting, building & operating cloud native applications, data streams, platforms, and services.

Reaktr.ai

Reaktr.ai

Reaktr.ai is founded on the vision of using AI as a catalyst to propel industries into a future where we redefine what's possible. Fortify your cybersecurity defense with our AI-powered platform.

TrueBees

TrueBees

TrueBees is the first deepfakes detector able to detect AI-generated portraits shared on social media and to prevent their diffusion across the web.