Telephone Eavesdropping and Detection

Spyware in the News

Spitzer Sues Over Spyware
Bloomberg News

State Attorney General Eliot Spitzer claimed in a lawsuit that an Internet company secretly installed spyware to monitor computer users' online activity and provide a vehicle for sending pop-up ads.

Spitzer said Direct Revenue installed more than 150 million ad-serving programs, also known as spyware, in consumers' computers, then "deluged" them with pop-ups.

The company advertised free programs, like screensavers or games, then surreptitiously downloaded the spyware without providing reasonable notice to consumers, the suit alleges.

Last April, Spitzer accused another company of installing spyware on computers and delivering pop-up ads.

Intermix Media eventually settled the case for $7.5 million.

The growing threat of SPYWARE

Millions of Americans, banking at institutions such as Wachovia and Bank of America, have had their private financial information stolen by hackers through spy software, downloaded unknowingly from the Internet.

"The information collected through spyware can be used to compromise a bank's systems or conduct identity theft," said Michael J.Zamorski, director of the FDIC's division of supervision and consumer protection in Washington. "So it is critical that banks stay vigilant about the risks involved with this malicious software, and take appropriate action so that they and their customers do not fall victim to it."

The FDIC recommends that banks consider threats from spyware as part of their risk-assessment process. They should bolster Internet security and enhance employee training to understand the machinations of hackers. Experts had a mixed reaction to the FDIC's plans. Terry Brown, chief executive officer of Caymas Systems in Petaluma, Calif., a network-security firm, said the government's recommendations do not go far enough and will not "significantly alter" the risks that consumers face.That is because a May 2005 study by the software lab at Carnegie Mellon University in Pittsburgh -- financed by the science and technology directorate of the Department of Homeland Security -- found that the greatest risk to banks comes from insiders, and 49 percent of all network security breaches can be linked to employees, former employees, contractors and temporary workers. Still, the risk from spyware itself is significant, because 90 percent of spyware traversing the Internet is written for criminal purposes, according to Kaspersky Lab, an international anti-virus developer with an office in Woburn, Mass. "An entire industry exploded in 2004 as virus writers and hackers became increasingly involved with criminals to create malicious code," said Steve Orenberg, Kaspersky Lab's president.

The FDIC's guidance to banks may just be the first step by the government to protect consumers against hackers from Russia and China. Orenberg said some forms of e-mail advertising -- the lure that hackers use to plant spyware in PCs -- may be banned in the United States. Similar legislation may be introduced in Europe and other industrialized countries, he added.Another step may be mandating multi-layered authentication -- passwords -- for online banking accounts. "We believe the guidance regarding the bank's own infrastructure makes sense, since the bank can enforce it, but the guidance regarding consumers is naïve," said Naftali Bennett, chief executive officer of Cyota Inc.in New York City, an anti-fraud software developer for banks. "Banks cannot expect or enforce customers to keep spyware out of their computers, but banks can take steps to minimize or eliminate the damage that spyware causes."

Banking from public terminals, such as at colleges, libraries and Internet coffee shops, are a major problem, as most of those computers may be already infested with spyware, said Robert Siciliano, an ID-theft expert in Boston. Bennett suggested that banks begin to track and monitor all of the online transactions of their customers, from login to logout, to discern suspicious patterns. "Only by analyzing all transactions, invisibly and in real-time, and invoking stronger authentication at the first sign of potential fraud, will banks be able to reduce the damage of spyware and Trojans," Bennett said.

Another potential solution is "smart cards," which can be created to contain a number of one-time-use passwords. Once employed, they are not usable again.Unless banks implement such solutions, they might have to give up e-mail marketing altogether and, like eBay, reduce or eliminate the use of e-mail ads, experts said.

Spyware, Ddware and Unaware
SC Magazine

These tenacious Washington insiders are concerned that the law as written could restrict their ability to do their job – that is, to infiltrate corporate computer networks, to reduce employee productivity and to slow down corporate networks.

These same lobbyists won a victory by stalling similar legislation in the Senate last year. But, let's not feel too sorry for these lobbyists.

It reaches far beyond politics into the financial and security resources of small and large corporate networks alike. Recent surveys of IT managers around the world have identified spyware as the number one threat faced by corporate security managers. A survey last year by internet service provider Earthlink found that 90 percent of computers in the U.S. are infested with some sort of spyware. On average, each machine in the survey harbored 28 separate spyware programs.

Spyware, adware, malware? Unaware.

Unless you have lived in a cave for the past two years, you have been the victim of spyware at one point. But, corporations and government institutions are not always aware of the negative fiscal impact, decrease in productivity, and heightened security risk to the company when spyware is allowed to infiltrate the enterprise.

In Oklahoma City in February 2005, the FBI was called to investigate the installation of surveillance software on all the computers at the Oklahoma County Sheriff's Office – allowing access to homeland security issues, personnel files and prisoner information. The same week, a Sheriff's Office in Kentucky found similar spyware on its system. These incidents serve as a microcosm of how accessible such important and sensitive data can be to outside intruders.

You say potato

Spyware is often used as a broad term. It is important to point out that there are really three types of applications that fall under the generic term spyware. Let's take a look at the three main categories of intruder:

Whether it's spyware, adware or malware, it is just plain dangerous and costly. Corporate enterprise managers are understandably concerned. Let's take a look at some of the different breeds that live and thrive in our computers.

Spyware is application that loads onto the PC – generally through a non-threatening application such as a screen saver or helper application. This application will collect information about the computer, the user's surfing habits and sometimes far more sensitive data such as keyboard logging. This information will be sent to a data collection facility in the Internet heavens.

Spyware is an executable program with a single objective: to secretly monitor a computer and surreptitiously report information on activity to anyone willing to pay for it. It is an ideal tool for corrupting or stealing the sensitive business data residing on corporate PCs and systems. Spyware can also degrade performance, reduce employee productivity, and impose extensive administrative expenses.

Adware will monitor the surfing habits of a user, and present advertising or pop-up pages in relation to what the user is surfing. For example, user goes to expedia.com; the adware will detect this and throw up a few pop-ups related to travel sites.

Malware and malicious code is code within a web page that seeks to do damage to the user's computer or infect the user's computer with a virus or other software application. No wonder IT managers around the world identify this breed of threat as the most dynamic and threatening technology to corporate enterprise in 2005. A good rule of thumb – never download it.

The Gremlin effect

This refers to the fact that individuals, at some point, choose to break the rules and invite seemingly innocuous code into the network. It is initially a human problem, not a technology problem.

Follow the rules and nobody gets hurt. But, employees will continue to visit chat rooms and download screen savers and other files. These are indeed invited guests into the corporate network.

Remember the movie Gremlins? It was the 1980s classic about those furry little creatures that turned from one cute critter to an ill-behaved, hell-raising mob. The only rule given to its master was "don't feed him after midnight" and "never give him water." Of course, like many day-to-day computer users in the workplace, the simplest rules are broken and chaos ensues within the organization: Gremlin code is invited into the computer by employees to take over large parts of the network. Things very quickly get out of control and without the Hollywood ending.

'Operation Flytrap'

There is no single solution for fighting spyware and the most effective defense is a combination of user education and technology safety net.

The next step

Spyware, malware, adware - and other web-based threats - are growing in number, complexity, and cost to organizations daily. Users must treat the internet like a stray animal - who knows if it is friendly or if it will bite? In any case, administrators need to canvass the importance of staying away from suspicious downloads and other services that seem too good to be true. The best way to reinforce this urgency? By implementing a sound and effective internet filtering and reporting system that makes an IT administrator know when a user's computer is infected, and allows him or her to stop even the most prolific malware agents from infiltrating an organization's network.

Espionage Not Just For Spies Anymore
webpronews.com

One security firm finds a worm intended for stealing files traces its origins back to one country - China.

Beijing doesn't just want our oil and gas producers. They want our trade secrets as well. According to the Sydney Morning Herald, reverse-engineering a worm known as Myfip pointed a blood-stained finger across the Pacific.

"All the emails we've traced back with this particular attachment came from a single address in China," said Joe Stewart, a researcher with the Lurhq security company. He considered it "highly likely" the program was used for espionage against technology firms.

Forbes magazine has already disclosed Myfip's origins in China. That publication contends the worm and several variants may have been used to steal trade secrets, like designs for circuit boards.

In June, a warning from Britain's National Infrastructure Security Coordination Center claimed a series of Trojan-laden emails were "targeting UK government and companies" in an attempt to swipe information. The advisory from NISCC indicated the attacks were generated in the Far East.

Governments like those of Britain and the US have been reluctant to call China out on these attacks. The US recently created an "anti-piracy" post in the wake of Commerce Secretary Guiterrez's visit to China, where he was offered Star Wars Episode 3 by a street vendor. But cybercrime has fallen under the purview of the Department of Homeland Security.

Perhaps there should be a higher-level focus on cybercrime. Though the government's hesitance at publicly comes from the contention that a true origin for an attack is not easily identified, another researcher disagrees.

"I believe firmly that the Chinese are using tools like Myfip to conduct industrial espionage on the US and other industrial countries that have mature data networks," said Marcus Sachs of SRI International, who thinks there's solid evidence against China.

Spyware as Corporate Espionage Threat
CIO-Today

Discovering the prevalence of espionage via spyware is a tricky endeavor. Many targeted companies might be unaware of such activities, and those that find the spyware programs might not want to talk about it.

Like viruses and worms, spyware has become yet another scourge for enterprises. But it is possible, perhaps even likely, that spyware is becoming far more than a mere nuisance.

With its potential for being used to do corporate espionage, spyware presents a security threat to more parts of a company than many CIOs might realize.

Wide Open

The spyware-espionage connection was fully illuminated at the end of May when an Israeli author, Amnon Jackont, came upon parts of his unfinished book on the Internet. Since Jackont had not shared the work with anyone, he called the police and found out that it was stolen by his former son-in-law, who had used the "Rona" Trojan horse program to swipe it.

The resulting investigation of the son-in-law's computer revealed scores of other affected computers and companies, with victims that ranged from top executives in the country's telecom industry to the local division of Hewlett-Packard.

Dubbed "Trojangate," the incident resulted in nearly 20 arrests, with some reports indicating that there were hundreds -- perhaps thousands -- of documents stolen from multiple Israeli firms. About 100 servers containing stolen data have been seized and are being investigated.

Target Practice

Discovering the prevalence of espionage via spyware is a tricky endeavor. Many targeted companies might be unaware of such activities, and those that find the spyware programs might not want to talk about it.

There have been some widely reported incidents, though. Webroot Software has noted that some banks in New York were targeted last fall by a program designed to obtain passwords and infect only specific financial institutions.

Also in 2004, MessageLabs came upon a Trojan horse created for the purpose of attacking a type of software used in airplane design.

Spy Plus

Although incidents like these are rare at this point, security experts believe the activity is prevalent enough to cause concern. "I think it would be criminally naive to assume that only those companies that have been publicly identified were nailed," said Roger Thompson, director of malicious content research at Computer Associates.

Attackers have gotten savvy enough to learn new ways to use keylogger programs, which record keystrokes on an unwitting user's computer. The programs can be used to get passwords, read e-mail or simply keep track of a user activity.

Spyware writers also can use Trojans to gain remote access to a computer and execute code, which allows them to find information on a specific drive or within a network.

Tough to Detect

Although spyware detection can be done with several off-the-shelf software packages, determining whether an installed keylogger program is the result of corporate espionage is difficult.

"The only reason they found the Trojan in Israel was because they got lucky," said Charles Kolodgy, IDC analyst. "Just unbelievable, dumb luck. Otherwise, it's likely they never would have discovered it."

Even more difficult for the process of detection is the fact that attackers have figured out how to beat the signature scanners that are used in spyware-detection software, according to Thompson, which means that multiple levels of security must be used to defend against the threats.

Bad Road Ahead

Beyond frequent spyware checks, user-authentication strategies and many other security tactics, some believe that the threat can never be completely eliminated. "Network forensic tools or some sort of behavior blockers help," said Thompson. "But it's hard to stop completely, especially if the spies are inside the company."

The possibility of espionage being an inside job is a very real one, said Rick Carlson, president of spyware removal software firm Aluria Software. "There are already cases we've seen where companies have been infiltrated by malicious employees who are spying on bosses or stealing sensitive company information," Carlson noted.

He compared the current spyware problem to corporate dumpster-diving, where industrial spies comb through garbage to find information.

"New technology provides new, cleaner ways to root through the recycling bin and filing cabinets of other companies," he said. "This is definitely an issue that companies should be thinking about. What happened in Israel is happening everywhere."

Spyware and the Danger of Numbers
WindowsITPro

A recent report by the Pew Internet & American Life Project proves what most of us have suspected for some time: Spyware, malicious software that's typically installed on your system surreptitiously and can perform any number of unwanted actions, is changing the way people use the Internet.

The numbers are astonishing. According to the report, 91 percent of Internet users have changed their browsing habits to avoid spyware, 81 percent have stopped opening email attachments unless they're sure the attachments are safe, almost half have stopped visiting certain Web sites because they're afraid those sites are silently installing spyware on their PCs, and 25 percent have stopped downloading music and other files from peer-to-peer (P2P) file-sharing networks. (One has to wonder why that last figure isn't higher.)

Like terrorism and global warming, spyware has created an aura of fear about it, but unlike those examples, spyware is all too often the fear of the known, not the unknown. As far back as October 2004, most Internet users had had some form of spyware installed on their PCs. That figure is likely much higher today.

Aside from the obvious problem--the theft of crucial information, including credit card numbers and passwords--spyware materially affects the PC experience. Infected computers run slower, freeze, or crash. New desktop icons and applications begin appearing. Your Microsoft Internet Explorer (IE) home page changes, or new IE toolbars appear.

I've written about spyware a lot since suffering my first Trojan attack in May 2005 while testing the Windows XP Service Pack 2 (SP2) beta. In March 2005, I addressed the spyware problem in two Windows IT Pro UPDATE articles, "Spyware: The Greatest Threat Yet to the Corporate Desktop?" and "Microsoft Takes Action Against Malware" (See URLs below). So what's changed since then? Sadly, a lot has changed.

First, spyware is now a fact of life on the Windows platform, and if you administer Windows systems, you're responsible for ensuring that spyware doesn't make it to your users' desktops. That means you need a managed antispyware solution in place sooner rather than later. Like antivirus and other electronic protections, antispyware is now part of the equation. If you don't have a way of stopping it, you're not doing your job.

Second, you need a plan to deal with electronic attacks that succeed. What happens when spyware has already infected users' systems? What happens when intruders have already stolen crucial data? Data theft is a terrifying concern for individuals but what about a corporation's data? Is your CEO's laptop adequately protected?

Finally, the spyware scourge, which the Pew Internet & American Life Project survey says is changing the population's computer using habits, is causing a more fundamental change. Most Windows IT Pro UPDATE readers are likely familiar with Apple Computer's stunningly successful iPod MP3 player. Heck, many of you probably own an iPod. I happen to own several, although that's a different story altogether. Many analysts and industry pundits had predicted that a "halo effect" from the iPod would cause customers to consider Apple's other major product, the Macintosh computer, as well. The halo effect, they said, would lead to increased Mac sales and, perhaps, change the dynamics of the computer market.

So far, it's impossible to prove that the halo effect is real. But Mac sales grew 43 percent in the first quarter of 2005 and 35 percent in the second quarter, much higher than the PC industry average of 14 percent during the first half of 2005. Analysts are now wondering aloud whether the spyware problem that bedevils Windows-based PCs--but not Macs or Linux machines--is a contributing factor to Apple's sudden success with the Mac. Some suggest it's the single biggest factor--far more relevant to new users than the iPod halo effect.

The evidence is compelling. For the first time, PC users are simply throwing out computers that are infested with spyware, rather than trying to fix them. The problem is that spyware-infested PCs are often impossible to fix. Instead, you need to wipe out the system and start over again. In managed environments, this isn't a huge problem beyond backing up crucial data, but for individuals, it's a nightmare. With PC prices now starting at less than $300--or about $500 for an entry-level Mac mini--consumers are just starting over. It's simpler.

When the personal computing market first kicked into high gear in the early 1980s, computer enthusiasts were responsible for getting big business excited about the technology. First, VisiCalc-equipped Apple II computers began appearing in businesses, followed by IBM PCs running Lotus 1-2-3. Today, Mac laptops--called PowerBooks--are beginning to appear more and more often in the planes, Internet cafes, and press rooms I frequent around the country. Tech enthusiasts--what we might call tech influencers--are turning, increasingly, to the Mac.

For Microsoft and its Windows-using customers, this change could be a problem. Or, if you're interested in a safer computing experience, it could be a solution. Although many business users require Windows-specific applications that won't run on the Mac, a good percentage of Windows users today require only very basic services, including word processing, email, and Web browsing. These needs are well served by a Mac or even by a Linux-based PC, both of which are arguably safer today than Windows machines.

Questions emerge, of course. Is a more heterogeneous environment really safer, or is that just an added layer of complexity? And are Windows alternatives more secure because they're better designed or because so few hackers attempt to infiltrate those machines? These are questions for the ages, I suppose. But in a world where spyware is only the most recent attempt at tearing down the House of Windows, I'm beginning to wonder whether the alternatives don't make some sense.