Obtaining Information of Interest - Essay Example

Obtaining Information of Interest Name: University: Date: Table of Contents Obtaining Information of Interest 1 Table of Contents 2 Introduction 3 Social Engineering 3 Phishing 5 Trojan Horses 6 Espionage 7 Conclusion 8 References 9 Obtaining Information of Interest Introduction In the present digital age, intellectual property is undoubtedly the most valuable asset of the company. Intellectual property assets include copyright, patents and trademarks. Still, trade secrets such as budget forecasts, customer requirements and customer lists, market information, commercial opportunities, and strategic planning have increasingly become more important. They create the confidential information basis of the company and also they are the crucial generator of wealth as well as the business for the company. Currently, corporate information is generated and stored by electronic means. So, information is nowadays portable, easier to copy as well as exceedingly vulnerable to attacks from both insiders and outsiders. In the Global State of Information Security Survey (2014) it was established that security strategies utilised by scores of companies are often useless for the reason that the security strategies are out-dated and cannot deter adversaries who utilise highly sophisticated techniques. In view of this, it becomes easier to obtain commercially sensitive information from the competitors through attack methods mainly, social engineering, phishing, Trojan horses and espionage. This report seeks to provide details on how secretive information of interest could be obtained from the competing company. Social Engineering Social engineering can be defined as non-technical intrusion technique that depends heavily on interaction and regularly entails deceiving persons into infringing standard security procedures. Basically, social engineering key objective is to illegally access information or systems so as to commit industrial espionage, identity theft, network intrusion, fraud, or just to disrupt the network or system (Atkins & Huang, 2013). In this case, the company can utilize social engineering to trick one of the competitor’s employees into disclosing some of their valuable corporate information, such as new product development, strategic plans or passwords. Besides that, the company can utilize the conventional tools of social engineering by first instigating a relationship with unsuspecting relatives of the competitor’s executives so as to get particular information crucial for achieving competitive advantage. The basic social engineering trick that can utilize to get commercially sensitive information from the competitor is by sending an email pretending to be a system administrator so as to get the competitor’s database password for crucial system administration work. In this case, the unsuspecting worker can email back the details making it possible for the company to gain access to the competitor’s database. The company should not risk sending this email message to different workers in the competitor’s company; rather they should target particular workers such as IT specialist or computer scientist and hope that he/she will buy the trick. Besides that, the company can compromise one of the competitors’ employees to carry out shoulder surfing attack, whereby they will look over the shoulder of the employee tasked with maintaining the competitor’s information systems while they key in the password. All in all, social engineering remains to be the definite weapons for the company since it offers a platform to entice the employees from the competitors’ side into giving the password for a system, instead of using them to get the sensitive information. Phishing Phishing occurs when the attacker tries to get information through electronically impersonating as a trustworthy entity.  In this case, the company can utilise phishing attack method to direct some of the competitor’s employees to a spoof website.  Normally, phishing attacks are performed through text messages (SMS), telephone calls, instant messaging, as well as email. However, the company should focus in spear phishing, which unlike phishing scams, concentrates on a particular organisation or the main competitor. In this case, the objective should be to steal commercially sensitive information like trade secrets, financial data, intellectual property, or other confidential information. Different from mass phishing, Stringhini and Thonnard (2014) observed that spear phishing utilises more complex approaches to target entities in particular organisations. Through spear phishing, the company can utilise detailed information so as to disguise its main intent, and though personalized information the competitors’ employees can be turned into victims after being encouraged to drop their guard. In this case, official looking attachment can be sent to the employees and upon clicking on them they will open the gates of the competitor’s secure system to malware that will help get secretive information of interest. Besides that, the competitors’ employee can be tricked through disguised malicious attachments such as internal memo in the form of a PDF, or a FedEx or UPS tracking receipt. When they click on the attachment, the malware will be installed making it easier to get logs keystrokes or login credentials, which are crucial for obtaining sensitive information from the competitors. A different form of spear phishing is faking an email that looks official from a trusted supplier or from within the company asking for the login information of the users. Trojan Horses A Trojan horse may be termed as a program wherein harmful or malicious code is contained inside in a way that it may gain control and do damage to the targeted system. Essentially, Trojan Horses may be written in any scripting, macro, or programming language as well as for all systems in use. Trojan horses may be utilised to delete files; stealing files; installing programs such as worms and viruses; and carrying out attacks to boost the privileges of the attacker (Gelinas & Dull, 2004, p. 244). So, the company through Trojan Horses attack can gain access to the competitor’s operating system as well as administrative privileges, and as a result, can perform anything that competitor’s system administrator can do. In view of this, there are numerous ways that the company can use to spread Trojan Horses to the competitors so as to obtain commercially sensitive information; through websites, download bulletin boards or send as file attachments through instant messaging, e-mail as well as copies of pirated software. Besides that, Trojan Horses can be installed by deceiving system administrators or employees from the competitor’s company to run or install the Trojan horse, as a legitimate software copy that is tailored, using Trojan horse compiler programs, or through web contents like ActiveX controls, JavaScript, and Java applets. Through the Trojan horse the company can obtain competitor’s system passwords or damage, monitor, or control their data. Recently, Trojan horse attacks have considerably advanced both in terms of payload and methods of infection. There are different categories of Trojan viruses that the company can utilise to obtain the competitor’s sensitive information: keyloggers, denial of service, as well as Trojan downloaders. Espionage Espionage is generally defined as a practice of using spies or spying or of, normally by governments with the intention of obtaining military and political information, and may as well be utilised to obtain commercially sensitive information from the competitors. Espionage may as well be described as the theft of trade secrets through recording, removal or copying of valuable or confidential information for a company to benefit a particular competitor. As mentioned by Crane (2004), industrial espionage is carried out for commercial purposes instead of purposes of national security, and is different from competitive intelligence. In order to gain the competitive advantage over the competitors, the company should hire former government agents and the military person skilled in the techniques of intelligence gathering. Such persons can be utilised to head particular divisions within the company tasked with spying and obtaining information from competitors in the disguise of competitive intelligence. After the sensitive information is obtained, it will become easier for the company to start benefiting from the competitor’s profit pie through the production of similar products, but at a cheaper price. Besides that, the company can utilise keylogger, which is believed to be the most faithful. Akin to other technologies, the hardware and software keylogger has experienced some upgrades; for instance, the Ghost Keylogger program for can email the keystrokes of the target through the computer where it is loaded with a particular email address. So, if the competitor ships computer systems with a keylogger already preconfigured and preloaded, then the company can get corporate data and confidential personal from all the competitor’s worldwide subsidiaries without much effort. Conclusion In conclusion, this report has provided details on how secretive information of interest can be obtained from the competing company. Essentially, the technologies as well as attack techniques highlighted in this paper some of the many methods that the company can utilise to obtain commercially sensitive information from competitors for profit as well as the competitive advantage. It has been observed that, as competition across the globe intensifies, the instances of corporate espionage will as well increase. Besides that, the sophistication of attacks has made it almost impossible for companies both small and big to protect themselves from these attacks. When sensitive information is stolen from a company, then without a doubt the competitive playing field is sloped all for the competitor. To make the matter worse, commercially sensitive information such as trade secrets is not just being hunted by the competitors, but also by foreign countries who seek to utilise the obtained corporate information so as to increase their business or countries’ competitive edge both at local and global marketplace. References Atkins, O., & Huang, W. (2013). A Study of Social Engineering in Online Frauds. Open Journal of Social Sciences, 1(3), 23-32. Crane, A. (2004). In the company of spies: The ethics of industrial espionage. ICCSR Research Paper Series (pp. 1-18). Nottingham: International Centre for Corporate Social Responsibility. Gelinas, U., & Dull, R. (2004). Accounting Information Systems. New York: Cengage Learning. Stringhini, G., & Thonnard, O. (2014). That Ain't You: Blocking Spearphishing Emails Before They Are Sent. London: arxiv.org. Read More