R Techno: Corporate intelligence for multinational companies
Corporate Intelligence: Bridging the security and intelligence community
-
Upload
antitree -
Category
Technology
-
view
802 -
download
1
description
Transcript of Corporate Intelligence: Bridging the security and intelligence community
![Page 1: Corporate Intelligence: Bridging the security and intelligence community](https://reader036.fdocuments.net/reader036/viewer/2022081718/54b8360d4a7959b17c8b45d9/html5/thumbnails/1.jpg)
Corporate Intelligence
Bridging security and the intelligence community
![Page 2: Corporate Intelligence: Bridging the security and intelligence community](https://reader036.fdocuments.net/reader036/viewer/2022081718/54b8360d4a7959b17c8b45d9/html5/thumbnails/2.jpg)
Overview
• Corporate spying meets security• A corporate spy’s take on the
“Intelligence Lifecycle”– Define Target– Develop Access– Process Intel– Exit
![Page 3: Corporate Intelligence: Bridging the security and intelligence community](https://reader036.fdocuments.net/reader036/viewer/2022081718/54b8360d4a7959b17c8b45d9/html5/thumbnails/3.jpg)
Take Aways
• Corporate Intelligence is like social engineering, network security, operational security, OSINT, wrapped into a spy novel
• Some of the things discussed can directly affect your– OPSEC measures– Malware analysis techniques– Pentesting recon process
![Page 4: Corporate Intelligence: Bridging the security and intelligence community](https://reader036.fdocuments.net/reader036/viewer/2022081718/54b8360d4a7959b17c8b45d9/html5/thumbnails/4.jpg)
Background
• Every fortune 500 organization has an intelligence program under some other title– Competitive intelligence, corporate intel, business
analysis
• Corporate spies are almost never caught, and almost never convicted, and never server more than 1 year in a “corporate spy” prison.
![Page 5: Corporate Intelligence: Bridging the security and intelligence community](https://reader036.fdocuments.net/reader036/viewer/2022081718/54b8360d4a7959b17c8b45d9/html5/thumbnails/5.jpg)
Types of Intel Agents
• Government Employees: – CIA, Marines, Homeland security– Provide intel and counter intel services
• Corporate Competitive Intelligence employees– Work for an organization to provide intel on their competitors– Mostly ethical practices
• Private Corporate Spies– Individuals or private organizations that sell secrets between
companies– Focused, well paid, completely illegal
![Page 6: Corporate Intelligence: Bridging the security and intelligence community](https://reader036.fdocuments.net/reader036/viewer/2022081718/54b8360d4a7959b17c8b45d9/html5/thumbnails/6.jpg)
The Grey Line: Legality/Ethics
• Corporate spying is incredulous in terms of Business ethics
• Many of the things you need to do are not illegal, many are
• CI ops use humans as sources knowing that they are the ones at risk of being arrested
• Some Intel operations are full blown hacking (APT!!)
![Page 7: Corporate Intelligence: Bridging the security and intelligence community](https://reader036.fdocuments.net/reader036/viewer/2022081718/54b8360d4a7959b17c8b45d9/html5/thumbnails/7.jpg)
Example Pentesting Process
Define Target
Gain Access To
Target
Exfiltrate Informatio
nExit
![Page 8: Corporate Intelligence: Bridging the security and intelligence community](https://reader036.fdocuments.net/reader036/viewer/2022081718/54b8360d4a7959b17c8b45d9/html5/thumbnails/8.jpg)
Example Malware Attack Process
Define Target
Develop Code
Collect Informatio
nExit
![Page 9: Corporate Intelligence: Bridging the security and intelligence community](https://reader036.fdocuments.net/reader036/viewer/2022081718/54b8360d4a7959b17c8b45d9/html5/thumbnails/9.jpg)
Intelligence Cycle For Spooks
Define Target
Develop
Access
Process Intel Exit
![Page 10: Corporate Intelligence: Bridging the security and intelligence community](https://reader036.fdocuments.net/reader036/viewer/2022081718/54b8360d4a7959b17c8b45d9/html5/thumbnails/10.jpg)
Define Target
Develop
Access
Process Intel ExitDefine
Target
![Page 11: Corporate Intelligence: Bridging the security and intelligence community](https://reader036.fdocuments.net/reader036/viewer/2022081718/54b8360d4a7959b17c8b45d9/html5/thumbnails/11.jpg)
Defining the target
• Recon: Intel team collects as much information about the target as possible
• Goals: Ideal Target information is defined– Secret codes– Business Plans
• Entry Points: Identify potential human sources
![Page 12: Corporate Intelligence: Bridging the security and intelligence community](https://reader036.fdocuments.net/reader036/viewer/2022081718/54b8360d4a7959b17c8b45d9/html5/thumbnails/12.jpg)
Technical sources of information
Benefits
• Direct unfettered access to intelligence
• No middlemen• Limited risk of
inflation, lying• Lower risk of being
caught
Costs
• More defense measures are in place compared to HUMINT
• Clearly defined laws regarding IP, hacking, etc
![Page 13: Corporate Intelligence: Bridging the security and intelligence community](https://reader036.fdocuments.net/reader036/viewer/2022081718/54b8360d4a7959b17c8b45d9/html5/thumbnails/13.jpg)
Humans as a source of information
Benefits
• Information directly from the source
• Can be the “fall guy”• Can circumvent any
network security measures
• Context for intelligence
Costs
• Narrow circle of people in an organization have access to the information you need
• Possibility for betrayal, lying, or inflating information
• High maintenance for recruitment and running
• Possibility of mental breakdown
![Page 14: Corporate Intelligence: Bridging the security and intelligence community](https://reader036.fdocuments.net/reader036/viewer/2022081718/54b8360d4a7959b17c8b45d9/html5/thumbnails/14.jpg)
Looking For Sources to Turn
• Single Parent Rule: People can justify just about any action, if taken to improve the lot of their children. • Disgruntled Employees:
Employees with cut salaries or got laid off turn bitter and vengeful
![Page 15: Corporate Intelligence: Bridging the security and intelligence community](https://reader036.fdocuments.net/reader036/viewer/2022081718/54b8360d4a7959b17c8b45d9/html5/thumbnails/15.jpg)
Define TargetDevelop Access
Process Intel Exit
Develop
Access
![Page 16: Corporate Intelligence: Bridging the security and intelligence community](https://reader036.fdocuments.net/reader036/viewer/2022081718/54b8360d4a7959b17c8b45d9/html5/thumbnails/16.jpg)
Develop Access
• Create intel sources– HUMINT– TECHINT– OSINT– $otherINT: imagery intel, signal intel,
measurement intel
![Page 17: Corporate Intelligence: Bridging the security and intelligence community](https://reader036.fdocuments.net/reader036/viewer/2022081718/54b8360d4a7959b17c8b45d9/html5/thumbnails/17.jpg)
Developing Access: TECHINT
http://lmgtfy.com/?q=hacking
![Page 18: Corporate Intelligence: Bridging the security and intelligence community](https://reader036.fdocuments.net/reader036/viewer/2022081718/54b8360d4a7959b17c8b45d9/html5/thumbnails/18.jpg)
Developing Access: OSINT
[redacted] :)
![Page 19: Corporate Intelligence: Bridging the security and intelligence community](https://reader036.fdocuments.net/reader036/viewer/2022081718/54b8360d4a7959b17c8b45d9/html5/thumbnails/19.jpg)
Developing Access: HUMINT
• Penetrate social circles making it less sketchy to monitor a person’s interactions
• Study the chosen subject of the source and become adept
• Define personality type and vulnerabilities: – Loud and egotistical – quiet and non-confrontational
![Page 20: Corporate Intelligence: Bridging the security and intelligence community](https://reader036.fdocuments.net/reader036/viewer/2022081718/54b8360d4a7959b17c8b45d9/html5/thumbnails/20.jpg)
4 Principal Motivators for Betrayal
Money: I will pay you $50,000.
Ideology: Do it for the greater good of your country!
Coersion: If you don’t do this, your will will find out about your mistress.
Ego: I’ve been watching you and you’re the best in the business. I need your help.
![Page 21: Corporate Intelligence: Bridging the security and intelligence community](https://reader036.fdocuments.net/reader036/viewer/2022081718/54b8360d4a7959b17c8b45d9/html5/thumbnails/21.jpg)
RC MICE?
• Revenge• Compromise
![Page 22: Corporate Intelligence: Bridging the security and intelligence community](https://reader036.fdocuments.net/reader036/viewer/2022081718/54b8360d4a7959b17c8b45d9/html5/thumbnails/22.jpg)
Interactive Workshop!
![Page 23: Corporate Intelligence: Bridging the security and intelligence community](https://reader036.fdocuments.net/reader036/viewer/2022081718/54b8360d4a7959b17c8b45d9/html5/thumbnails/23.jpg)
Side Note on Attribution
• You’re a spy. Act like it• Non-Attribution != anonymity• Types of non-attribution:– Anonymity: no idea who did it– Spoof: blame someone else– Deniability: oh it was just a bot in China. *shrug*
• Plausible deniability is good enough for corporate intelligence
![Page 24: Corporate Intelligence: Bridging the security and intelligence community](https://reader036.fdocuments.net/reader036/viewer/2022081718/54b8360d4a7959b17c8b45d9/html5/thumbnails/24.jpg)
Define TargetDevelop Access
Process Intel ExitProcess Intel
![Page 25: Corporate Intelligence: Bridging the security and intelligence community](https://reader036.fdocuments.net/reader036/viewer/2022081718/54b8360d4a7959b17c8b45d9/html5/thumbnails/25.jpg)
Collecting Intel from sources
• Problems: – Phone calls, emails, IRL meetings are
basically cleartext– You never want to be attributed to knowing or
contacting your source (technical or human)
• Solutions:– Establish tradecraft including ways of
communicating being turned– Use Access Agents; people proxies
![Page 26: Corporate Intelligence: Bridging the security and intelligence community](https://reader036.fdocuments.net/reader036/viewer/2022081718/54b8360d4a7959b17c8b45d9/html5/thumbnails/26.jpg)
Tradecraft
• Tradecraft: Predefined protocol of interaction between an actor and a handler
• IRL: – Dead drops– Secret meeting points
• Online:– Steganography– Pre-shared key cryptography– (NOT PGP or public crypto!!)
![Page 27: Corporate Intelligence: Bridging the security and intelligence community](https://reader036.fdocuments.net/reader036/viewer/2022081718/54b8360d4a7959b17c8b45d9/html5/thumbnails/27.jpg)
Finding Online People Ready To Turn
• Ask benign questions for secret information• “I’m thinking about buying a new digital
Camera, what is Kodak coming out with?”• “What kind of IDS does Linode use
internally? I’m concerned about sensitive information getting hacked”
• Question sites:– Yahoo Answers– Stack Exchange– Forums
![Page 28: Corporate Intelligence: Bridging the security and intelligence community](https://reader036.fdocuments.net/reader036/viewer/2022081718/54b8360d4a7959b17c8b45d9/html5/thumbnails/28.jpg)
Intel Processing and Analysis
Data Analyzers Dissemination
Content taggingFilteringValidatingTurned employeeNetwork AccessOSINT Data
Report &
Action
Collection Agents
![Page 29: Corporate Intelligence: Bridging the security and intelligence community](https://reader036.fdocuments.net/reader036/viewer/2022081718/54b8360d4a7959b17c8b45d9/html5/thumbnails/29.jpg)
Processing vs Analysis
• Processing: changing, manipulating intel to better fit the operation– Normalizing content– Extracting keywords
• Analysis: Generating new information from an existing intelligence source– Extracting meta-data from images– Determining sex of author
![Page 30: Corporate Intelligence: Bridging the security and intelligence community](https://reader036.fdocuments.net/reader036/viewer/2022081718/54b8360d4a7959b17c8b45d9/html5/thumbnails/30.jpg)
Processing: Natural Language Tagging
[redacted]
![Page 31: Corporate Intelligence: Bridging the security and intelligence community](https://reader036.fdocuments.net/reader036/viewer/2022081718/54b8360d4a7959b17c8b45d9/html5/thumbnails/31.jpg)
Analysis: Data Validation/Tagging
[redacted]
![Page 32: Corporate Intelligence: Bridging the security and intelligence community](https://reader036.fdocuments.net/reader036/viewer/2022081718/54b8360d4a7959b17c8b45d9/html5/thumbnails/32.jpg)
Processing: Data Laundering
• Intel Ops cannot disclose the source• Generalize the information into a
standardized form (e.g. database table structure)• Algorithms can be used to make the
content appear to be from an online open source• Online services provide obfuscation
![Page 33: Corporate Intelligence: Bridging the security and intelligence community](https://reader036.fdocuments.net/reader036/viewer/2022081718/54b8360d4a7959b17c8b45d9/html5/thumbnails/33.jpg)
Define TargetDevelop Access
Process Intel ExitExit
![Page 34: Corporate Intelligence: Bridging the security and intelligence community](https://reader036.fdocuments.net/reader036/viewer/2022081718/54b8360d4a7959b17c8b45d9/html5/thumbnails/34.jpg)
Selling Intel
• Selling information to an organization can never be done to the CEO• Never directly present the findings• Organizations will always want
plausible deniability– Blame a mid level VP
![Page 35: Corporate Intelligence: Bridging the security and intelligence community](https://reader036.fdocuments.net/reader036/viewer/2022081718/54b8360d4a7959b17c8b45d9/html5/thumbnails/35.jpg)
Cleanup
• Decommission operation theater• Spin down connection with
sources–Maintain surveillance after to make sure
they haven’t turned
• Destroy/Scrub all information– See Pee
![Page 36: Corporate Intelligence: Bridging the security and intelligence community](https://reader036.fdocuments.net/reader036/viewer/2022081718/54b8360d4a7959b17c8b45d9/html5/thumbnails/36.jpg)
CONCLUSIONS
Why did this just happen to me?
![Page 37: Corporate Intelligence: Bridging the security and intelligence community](https://reader036.fdocuments.net/reader036/viewer/2022081718/54b8360d4a7959b17c8b45d9/html5/thumbnails/37.jpg)
Example 1: HP Corporate Spying Scandal of 2006
• CNET published details about HP’s long term strategy
• Private investigators SE the phone records of the board of directors and journalists
• Find out that it’s Patricia Dunn who leaked the information
• Patricia Dunn announced her resignation… in 2 years.
• The PI was arrested, submitted a “sealed plea”, sentenced to 3 months in prison for obtaining the SSN of a journalist.
![Page 38: Corporate Intelligence: Bridging the security and intelligence community](https://reader036.fdocuments.net/reader036/viewer/2022081718/54b8360d4a7959b17c8b45d9/html5/thumbnails/38.jpg)
Open Organizations
• Association of Old Crows: Electronic warfare specialists
• Academy of Competitive Intelligence– Have certifications and wargames ($2495)
• Society of Competitive Intelligence Professionals (SCIP)
• Armed Forces Communications and Electronics Association (AFCEA)
![Page 39: Corporate Intelligence: Bridging the security and intelligence community](https://reader036.fdocuments.net/reader036/viewer/2022081718/54b8360d4a7959b17c8b45d9/html5/thumbnails/39.jpg)
Final Points
• Corporate spies run analogous to hacker and malware operations– Specialized teams– Covert strategies– Goal to obtain specific data
![Page 40: Corporate Intelligence: Bridging the security and intelligence community](https://reader036.fdocuments.net/reader036/viewer/2022081718/54b8360d4a7959b17c8b45d9/html5/thumbnails/40.jpg)
Final Points
• A penetration test is very similar to an intel operation– Define target– Perform recon– Establish loot– Exfiltrate
![Page 41: Corporate Intelligence: Bridging the security and intelligence community](https://reader036.fdocuments.net/reader036/viewer/2022081718/54b8360d4a7959b17c8b45d9/html5/thumbnails/41.jpg)
Final Points
• Counter intelligence tactics can be integrated into your operational security plans– Defend against network OSINT attacks– Network security– Human paranoia– Privacy control
![Page 42: Corporate Intelligence: Bridging the security and intelligence community](https://reader036.fdocuments.net/reader036/viewer/2022081718/54b8360d4a7959b17c8b45d9/html5/thumbnails/42.jpg)