A New Front In The Business Of Political Espionage

Uploaded on 2016-10-13 in NEWS-Cybersecurity News, INTELLIGENCE--International, FREE TO VIEW

The days of spies looking to get their hands on state and trade secrets are still alive and well today. Except, now they’re digital.

Espionage techniques have evolved quite a bit beyond the old methods of bugging rooms or tapping phone lines; today’s Watergate wouldn’t come from breaking into a hotel room, it would come from cracking an email server or a corporate network. Already, we’re seeing these threats escalate in the political world, from the Democratic National Convention (DNC) email hack, to a spear-phishing campaign targeting US officials, to last year’s surge of sophisticated cyber-attacks against the State Department. This is just the tip of the iceberg. 

Political Espionage on Both Sides of the Aisle

Cyber-attacks have made it increasingly possible for foreign parties – whether Russian, Chinese or independent hackers, to put their thumb on the US electoral scales. When you consider how much attention the leaked DNC emails, allegedly at the hands of Russian government-backed hackers, received, it is all too easy to imagine politically-driven cyber espionage attacks only getting worse between now and the November presidential election.

Just imagine how valuable it would be for another nation to get their hands on a soon-to-be President’s foreign policy details before they came into power. Or, as in the case of the DNC, to expose sensitive materials and communications of one political party to try and prop up the opposing party’s candidate, effectively influencing the outcome of the election.

It’s a problem across both sides of the aisle. During the Republican National Convention in Cleveland last month, Avast Software research engineers set up fake Wi-Fi hotspots around Quicken Loans Arena (the site of the convention) and Hopkins International Airport. Nearly 70% of people in the area trusted these Wi-Fi networks without a second thought to their own security, consequently exposing their names and email addresses.

Luckily, this was a benign case, but not every fake public Wi-Fi network is a social experiment. If this many people in the political realm are so willingly entrusting their personal information to unsecure networks or email servers, who knows how often or on how many other networks they may be acting just as recklessly. These are vulnerabilities that political enemies would be all too keen to take advantage of, and likely already do.

Cyber Sabotage in Corporate America

Cyber espionage isn’t exclusive to the halls of Washington, DC, either. Corporate espionage is an age-old practice going back decades. Just look at the auto industry over the years. A cursory glance of the similarities between certain car models and manufacturers reveal just how far and how deep corporate espionage goes.

Technology has accelerated this problem even further for the unprepared. For one, spear-phishing and malicious insiders present significant security threats to any organization, from both outside and inside the company’s network. With the former comprising an estimated 91% of all cyber-attacks, and the latter posing a security risk that nearly half of all organizations say they’re ill-prepared to defend against, these cyber-attack methods pose continued and greater threats to corporate security. 

However, spear-phishing and malicious insiders, while uniquely destructive, don’t afflict only the corporate world; any agency or workplace can have a malicious insider among its ranks, and anybody with an email address can fall susceptible to phishing. Beyond just these threats, the corporate world is also vulnerable to other, more unconventional, but no less dangerous, espionage and sabotage techniques that can strike at the heart of any boardroom. 

On-site spies, moles and double agents can undermine corporate security from within. Fake documentaries are another egregious, yet effective, new method of corporate espionage, wherein CEOs are fooled by fake production companies into being given complete access to a corporation’s offices and production lines for the sake of making a documentary about that organization. 

Flash forward several months, and the documentary is still nowhere to be seen. It may not even occur to most executives that the camera crew they had touring their company in the first place was a fraudulent one, who were actually there to canvas your offices for sensitive information, corporate secrets and other useful keys into your otherwise secure databases.

When the Red Scare Went Digital

In the old days of the Red Scare and US McCarthyism, political and corporate anxieties swirled around the ever-present, always-accused threat of communists and foreign spies living right under our noses, stealing our information to sabotage our country (or organization) and to benefit theirs. In the 21st century, that anxiety is as pervasive as ever; it has just taken on a more digital shape.

From spear-phishing and malicious insiders to corporate spies and boardroom bugs, today’s political institutions and companies have to be more vigilant than ever in mounting strong cybersecurity defenses. In an age when foreign hackers are breaching email servers to influence presidential elections or fake film crews are using documentaries as a cover for stealing private corporate information, an ambivalence or negligence toward data and cybersecurity can no longer be acceptable. The consequences are simply too great, and the ripple effects too far-reaching, to ignore or underestimate these threats any longer.

Infosecurity

 

« Lawyers Beware: A Robot Will Take Your Job
UK Cyber Highway Will Improve Security »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

FT Cyber Resilience Summit: Europe

FT Cyber Resilience Summit: Europe

27 November 2024 | In-Person & Digital | 22 Bishopsgate, London. Business leaders, Innovators & Experts address evolving cybersecurity risks.

Gigamon

Gigamon

Gigamon provides intelligent Traffic Visability solutions that provide unmatched visbility into physical & birtual networks without affecting the performance or stability of production environments.

Egerie

Egerie

EGERIE's RiskManager solution provides a Global, Centralized, and Updated view of risk maps and security measures for your company.

REVI-IT

REVI-IT

REVI-IT is a Danish state-owned audit firm focusing on enterprise IT business processes and compliance,

Exonar

Exonar

We enable organisations to better organise their information, removing risk and making it more productive and secure.

Digital Ship

Digital Ship

Digital Ship provides news, information, conferences and events focused on digital ship systems, information technology and security relating to maritime operations.

XTN Cognitive Security

XTN Cognitive Security

XTN is focused on the development of security, Fraud and Mobile Threat Prevention advanced behaviour-based solutions.

IUCC Cyber Unit - Israel

IUCC Cyber Unit - Israel

IUCC Cyber Unit safeguards Israel’s National Research & Education Network (NREN).

Cyber Struggle

Cyber Struggle

At Cyber Struggle, our aim is training and certifying the special forces of the cyber world.

International Data Sanitization Consortium (IDSC)

International Data Sanitization Consortium (IDSC)

IDSC is a group composed of individuals and companies dedicated to standardizing terminology and practices across the data sanitization industry.

HOBI International

HOBI International

HOBI International is a leading mobile, IT and data center asset management provider with solutions for device management, reverse logistics, data erasure, refurbishment and recycling.

Tokio Marine HCC

Tokio Marine HCC

Tokio Marine HCC is a leading specialty insurance group with a Financial and Professional product line including Tech and Cyber.

PreEmptive Solutions

PreEmptive Solutions

PreEmptive Protection hit the sweet spot between cost, convenience and functionality by helping you protect and secure your apps in a smarter way.

InfoSec4TC

InfoSec4TC

InfoSec4tc is an online Information Security Courses, Training, and Consultancy provider.

Censinet

Censinet

Censinet provides the first and only third-party risk management platform for healthcare organizations to manage the threats to patient care that exist within an expanding ecosystem.

Seraphic Security

Seraphic Security

Seraphic Security provides attack protection to enable safe browsing for employees or contractors, as well as advanced governance controls to enforce enterprise policies across devices.

Two99

Two99

Two99 provide tailored excellence in the areas of E-Commerce, Marketing, Consulting, and Cyber Security.