The KGB, the Computer, and Me

Ken Seefried seefriek at gmail.com
Thu Dec 31 14:30:06 CST 2015


From: Mouse <mouse at Rodents-Montreal.ORG>

>> [...] industrial espionage [...]
>> One wonders how much goes undetected.
>> Most of those getting caught are in upper management.  Us lowly
>> grunts don't seem to get involved as often or maybe there are those
>> among us that are just that much better at covering our tracks.
>
>Or, when a low-level peon is caught, it doesn't make the news, so the
>world at large doesn't notice.
>

This is a big part of my world these days.  My wildly subjective,
overly general observations:

1) When a big fish is caught, it's usually an "I took a bunch of doco
I shouldn't have to my next job" situation.  I've discussed more
nefarious high-level mole scenarios with the FBI numerous times.  It
happens, but it's not apparently that common.

2) When a little fish is caught, it's usually some variation on "I'll
teach them".  And as Mouse notes, effort is usually made not to
publicize the event unless there's a regulatory driver that requires
it.  That said, there's a *huge* amount of little fish "espionage"
that flies under the radar.  Things like client lists, marketing plans
and confidential designs quietly walk out the door all the time and
are rarely noticed.  With these sorts of things, it's fiendishly
difficult to assess the impact on the victims business.

3) No one is particularly good at covering their tracks (including
people who in theory know how to do it).  Unfortunately, the tools to
proactively spot data exfiltration are rarely implemented and even
more rarely implemented well.  BTW...that's more an function of how
difficult the problem is rather than an indictment of the
practitioners.

KJ


More information about the cctech mailing list