Israel espionage case points to new Net threat

There's no question that the technology is easily accessible. Stiennon, from anti-spyware firm Webroot, says there are currently 4,000 known pieces of spyware in the world, capable of copying and transmitting every key typed on a computer to a spy. And, as was the case with the Rona spyware, a would-be spy can always take an existing keystroke-logging program and alter it slightly so it slips under the radar of anti-virus programs — creating a targeted attack that could go undetected for months.

Still, Stiennon is not among the crowd who thinks U.S. firms are busily spying on each other this way.

“My guess is it would be as rare as Enron-style fraud,” he said. “It wouldn't surprise me if it’s going on; but it would surprise me a lot if it was common everywhere.”

Richard Smith, a noted cybersleuth who runs ComputerBytesMan.com, has much the same perspective. He said he thinks the risk of cybersnooping on competitors would be too steep for most U.S. firms, who would pay a dear public relations price if exposed.

“It’s got to be going on to some degree. But I don't think name-brand companies would be doing this,” he said.

'Our guard should be up'
There are other risks from targeted attacks, however: hacktivists, who wanted to disrupt U.S. firms, would likely be eager to expose the inner workings of companies they were targeting. And this method would be an easy way to do it.

“A company could be hurt very badly,” Smith said.  “I see that as a huge risk, a company being embarrassed in the public eye.”

Fialka, the espionage author, said he sees the threat in broader terms. He says foreign governments, particularly China, have targeted U.S. business intelligence for years. While U.S. firms might not spy on other U.S. firms, the threat of nation-sponsored electronic corporate espionage is real.

“Our guard should be up, but it’s not,” he said.

Gadi Evron, an Internet security manager for the Israeli government, also sees things that way. He says he was approached twice in the computer underground with hacker-for-hire offers; he turned both down, but learned there is plenty of easy money to be made in a world where corporate intelligence is so valuable, and remote hacking is so easy. Reportedly, companies were paying $4,000 for each hijacked PC in the Trojangate case.

“Today, the business case behind Trojan horses is significant,” Evron said.  “This used to be a game of kids trading candies. Today, the money involved is quite significant. … I'd say that this kind of thing is commonplace globally.”

MORE FROM SECURITY

Security Section Front

T-Mobile sued over 'mandatory' text fees Web site design flaws make banking riskier Facebook redesign to weed out toxic spam The end of human customer service? EU warns against buying ring tones online Engineer accused of network tampering Man gets prison time for spamming AOL FCC chief says Comcast violated Internet rules Lawmakers to probe 'adware' practices Red Tape: Thwarting thieves with ... magic? Security Section Front   Add Security headlines to your news reader: