A New Front In The Business Of Political Espionage

Uploaded on 2016-10-13 in NEWS-Cybersecurity News, INTELLIGENCE--International, FREE TO VIEW

The days of spies looking to get their hands on state and trade secrets are still alive and well today. Except, now they’re digital.

Espionage techniques have evolved quite a bit beyond the old methods of bugging rooms or tapping phone lines; today’s Watergate wouldn’t come from breaking into a hotel room, it would come from cracking an email server or a corporate network. Already, we’re seeing these threats escalate in the political world, from the Democratic National Convention (DNC) email hack, to a spear-phishing campaign targeting US officials, to last year’s surge of sophisticated cyber-attacks against the State Department. This is just the tip of the iceberg. 

Political Espionage on Both Sides of the Aisle

Cyber-attacks have made it increasingly possible for foreign parties – whether Russian, Chinese or independent hackers, to put their thumb on the US electoral scales. When you consider how much attention the leaked DNC emails, allegedly at the hands of Russian government-backed hackers, received, it is all too easy to imagine politically-driven cyber espionage attacks only getting worse between now and the November presidential election.

Just imagine how valuable it would be for another nation to get their hands on a soon-to-be President’s foreign policy details before they came into power. Or, as in the case of the DNC, to expose sensitive materials and communications of one political party to try and prop up the opposing party’s candidate, effectively influencing the outcome of the election.

It’s a problem across both sides of the aisle. During the Republican National Convention in Cleveland last month, Avast Software research engineers set up fake Wi-Fi hotspots around Quicken Loans Arena (the site of the convention) and Hopkins International Airport. Nearly 70% of people in the area trusted these Wi-Fi networks without a second thought to their own security, consequently exposing their names and email addresses.

Luckily, this was a benign case, but not every fake public Wi-Fi network is a social experiment. If this many people in the political realm are so willingly entrusting their personal information to unsecure networks or email servers, who knows how often or on how many other networks they may be acting just as recklessly. These are vulnerabilities that political enemies would be all too keen to take advantage of, and likely already do.

Cyber Sabotage in Corporate America

Cyber espionage isn’t exclusive to the halls of Washington, DC, either. Corporate espionage is an age-old practice going back decades. Just look at the auto industry over the years. A cursory glance of the similarities between certain car models and manufacturers reveal just how far and how deep corporate espionage goes.

Technology has accelerated this problem even further for the unprepared. For one, spear-phishing and malicious insiders present significant security threats to any organization, from both outside and inside the company’s network. With the former comprising an estimated 91% of all cyber-attacks, and the latter posing a security risk that nearly half of all organizations say they’re ill-prepared to defend against, these cyber-attack methods pose continued and greater threats to corporate security. 

However, spear-phishing and malicious insiders, while uniquely destructive, don’t afflict only the corporate world; any agency or workplace can have a malicious insider among its ranks, and anybody with an email address can fall susceptible to phishing. Beyond just these threats, the corporate world is also vulnerable to other, more unconventional, but no less dangerous, espionage and sabotage techniques that can strike at the heart of any boardroom. 

On-site spies, moles and double agents can undermine corporate security from within. Fake documentaries are another egregious, yet effective, new method of corporate espionage, wherein CEOs are fooled by fake production companies into being given complete access to a corporation’s offices and production lines for the sake of making a documentary about that organization. 

Flash forward several months, and the documentary is still nowhere to be seen. It may not even occur to most executives that the camera crew they had touring their company in the first place was a fraudulent one, who were actually there to canvas your offices for sensitive information, corporate secrets and other useful keys into your otherwise secure databases.

When the Red Scare Went Digital

In the old days of the Red Scare and US McCarthyism, political and corporate anxieties swirled around the ever-present, always-accused threat of communists and foreign spies living right under our noses, stealing our information to sabotage our country (or organization) and to benefit theirs. In the 21st century, that anxiety is as pervasive as ever; it has just taken on a more digital shape.

From spear-phishing and malicious insiders to corporate spies and boardroom bugs, today’s political institutions and companies have to be more vigilant than ever in mounting strong cybersecurity defenses. In an age when foreign hackers are breaching email servers to influence presidential elections or fake film crews are using documentaries as a cover for stealing private corporate information, an ambivalence or negligence toward data and cybersecurity can no longer be acceptable. The consequences are simply too great, and the ripple effects too far-reaching, to ignore or underestimate these threats any longer.

Infosecurity

 

« Lawyers Beware: A Robot Will Take Your Job
UK Cyber Highway Will Improve Security »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Wisegate

Wisegate

Wisegate is a community of IT experts providing advisory services on all areas of IT including security.

Feedzai

Feedzai

Feedzai provide software that uses big data analysis and machine-based learning to prevent fraud in ecommerce.

Cognni

Cognni

Cognni (formerly Shieldox) will make your InfoSec think like a human, right out of the box, so you can focus on the bigger picture, keeping the information flow safe.

Compnet

Compnet

Compnet is a service company that assists customers in integrating complete ICT systems including network infrastructure and security solutions.

Pixalate

Pixalate

Pixalate is an omni-channel fraud intelligence company that works with brands and platforms to prevent invalid traffic and improve ad inventory quality.

IXDen

IXDen

IXDen provides a novel software-based approach to OT systems protection, covering Industrial IoT cybersecurity and sensor data integrity.

Austrian Institute of Technology (AIT)

Austrian Institute of Technology (AIT)

AIT is Austria's largest research and technology organisation and a specialist in the key infrastructure issues of the future including data science and cybersecurity.

Dcode

Dcode

Dcode connects the tech industry and government to drive commercial innovation in the federal market.

Securden

Securden

Securden provide an all-in-one Platform for Next-Gen Privileged Access Governance, helping you to prevent identity thefts, malware propagation, cyber attacks, and insider exploitation.

SafeGuard Cyber

SafeGuard Cyber

The SafeGuard Cyber SaaS platform empowers enterprises to adopt the social and digital channels they need to reach customers, while reducing digital risk and staying secure and compliant.

Cyber Ireland

Cyber Ireland

Cyber Ireland brings together Industry, Academia and Government to represent the needs of the Cyber Security Ecosystem in Ireland.

Internet Security Research Group (ISRG)

Internet Security Research Group (ISRG)

ISRG's mission is to reduce financial, technological, and educational barriers to secure communication over the Internet.

senhasegura

senhasegura

senhasegura is a global Privileged Access Management vendor. Our mission is to eliminate privilege abuse in organizations around the globe and build digital sovereignty.

Strike Security

Strike Security

Strike Security offers a continuous penetration testing platform that combines automation with ethical hackers.

Ontinue

Ontinue

Ontinue ION is an MXDR service that provides Nonstop SecOps through five key capabilities that enable your organization to respond to attacks and continuously reduce risk.

TrustMe

TrustMe

TrustMe’s integrated platform for business trust and resilience keeps organizations safe, secure, and trustworthy.