Unlock document.
This document is partially blurred.
Unlock all pages and 1 million more documents.
Get Access
Instructor’s Manual Materials to Accompany
COMPUTER SECURITY FUNDAMENTALS
CHAPTER 7
INDUSTRIAL ESPIONAGE IN CYBERSPACE
CHAPTER 7 OBJECTIVES
When students finish reading this chapter, they will be able to:
• Know what is meant by industrial espionage.
• Understand the low-technology methods used to attempt industrial espionage.
• Be aware of how spyware is used in espionage.
• Know how to protect a system from espionage.
CHAPTER OVERVIEW
Industrial espionage is a real and growing problem. Company economic goals are frequently dependent on
accurate and often sensitive data. With billions of dollars at stake, private companies may become engaged in
industrial espionage. It can be difficult to accurately assess just how great a problem it is. For obvious reasons,
companies that perpetrate corporate espionage do not share that they do it, and companies that are victims of such
espionage often do not want to reveal that fact. To protect yourself and your company, students must learn about
espionage methods and safeguards. In the exercises at the end of this chapter, students run antispyware, key
loggers, and screen capture software to become familiar with how they work.
The major sections in this chapter are
CHAPTER OUTLINE
I. Chapter 7 Objectives
II. Introduction
III. What Is Industrial Espionage?
IV. Information as an Asset
Real-World Examples of Industrial Espionage
Example 1: VIA Technology
Example 2: General Motors
Example 3: Interactive Television Technologies, Inc.
Example 4: Bloomberg, Inc.
Example 5: Professor Zang
Example 6: Houston Astro’s
Industrial Espionage and You
V. How Does Espionage Occur?
Low-Tech Industrial Espionage
Spyware Used in Industrial Espionage
Steganography Used in Industrial Espionage
Phone Taps and Bugs
VI. Protecting Against Industrial Espionage
VII. Industrial Espionage Act
Spear Phishing
VIII. Summary
IX. Test Your Skills
X. Exercises
XI. Projects
KEY TERMS
asset identification Identifying all the assets you must protect. This is a critical step to secure any system.
dumpster diving The process to search through trash looking for information that might be useful in hacking
(particularly social engineering) or identity theft.
encryption The act to encrypt a message. This usually involves altering a message so that it cannot be read
without the key and the decryption algorithm.
TEACHING NOTES
I. Information as an Asset
II. How Does Espionage Occur?
Teaching Tips: Most industrial espionage is done by low-tech social engineering.
III. Protecting Against Industrial Espionage
Teaching Tips: Let students know that it is impossible to make corporate data
PROJECTS/EXERCISES
I. Discussion Questions
A. Discussion Question 1
A nondisclosure agreement helps protect corporate information from leaving the
company. At what point does this NDA hinder an employee from getting a new job or
using their skill and knowledge on their new job?
B. Discussion Question 2
Does a nondisclosure agreement keep your corporate information safe? Did it
help in the five examples?
C. Discussion Question 3
Does corporate security based on a “need-to-know” basis cripple creativity,
ingenuity, or productivity?
D. Discussion Question 4
How would a company policy specifying that an employee cannot take home any
sensitive company data impact the company?
II. Web Projects
A. Web Project 1
Go to Google.com and search for the current data capacity for USB drives.
Where are they being used? Can they be concealed easily? What can be done to prevent
someone from walking up to a PC when an employee is taking a break and copying their
data to a USB disk?
B. Web Project 2
Go to Google.com and search for how to send an e-mail with a “return address”
similar to “IBM IT networking department.” See whether you can send yourself an e-mail
that looks like it came from your IT department. Include in the text, “We need your ID
and password verified.”
C. Web Project 3
Go to http://finance.yahoo.com/ and enter a stock symbol such as “IBM.” Go to
the “News and Info” and “Message Board” for that company. See whether you can find
any sensitive company info.
D. Web Project 4
Go to Google.com and find a story about employees being fired for “blogging” or
posting sensitive company information on a newsgroup.
WEB RESOURCES
• Data value resources
http://www.cert.org/archive/pdf/tutorial-workbook.pdf The CERT Web site offers a useful
worksheet you can use to itemize the assets in your organization. This link is to the actual
document in PDF format.
• Drive encryption resources
CHAPTER REVIEW/ANSWERS TO TEST YOUR SKILLS
Multiple Choice Questions
1. What is the ultimate goal of espionage?
2. What is the best outcome for a spy attempting an espionage activity?
3. What is the usual motivating factor for corporate/industrial espionage?
4. Which of the following types of information would be a likely target for industrial espionage?
5. Which of the following is a likely reason that an organization might be reluctant to admit it has
been a victim of corporate espionage?
6. What is the difference between corporate and industrial espionage?
7. You can calculate the value of information by what formula?
8. If a company purchases a high-end UNIX server to use for its research and development
department, what is probably the most valuable part of the system?
9. Information is an asset to your company if it
10. What is the greatest security risk to any company?
11. Which of the following is the best definition for spyware?
12. What is the highest level of security you can expect to obtain?
13. In the context of preventing industrial espionage, why might you want to limit the number of
company CD burners and control access to them in your organization?
14. Why would you want to scan an employee’s computer when he leaves the organization?
15. What is the reason for encrypting hard drives on laptop computers?
Exercises
EXERCISE 9.1: LEARNING ABOUT INDUSTRIAL ESPIONAGE
In this exercise, students locate an espionage case not already mentioned in the chapter. Instructors may
EXERCISE 9.2: USING ANTISPYWARE
EXERCISE 9.3: LEARNING ABOUT KEY LOGGERS
9.2 and then see if that software detects the key logger.
EXERCISE 9.4: SCREEN CAPTURE SPYWARE
EXERCISE 9.5: LEARNING ABOUT HARDWARE-BASED KEY LOGGERS
In this exercise, the student learns about hardware keyloggers. Successful students find the requested
Projects
PROJECT 9.1: PREVENTING CORPORATE ESPIONAGE
In looking at advice about espionage deterrence, on the web or in other resources, successful students
PROJECT 9.2: HANDLING EMPLOYEES
This project encourages students to make up their own rules about how to work with employees to
safeguard the system. Successful students discuss items such as freezing passwords, blocking access, and
PROJECT 9.3: IDENTIFYING VALUABLE DATA IN YOUR ORGANIZATION
This project is about getting students to recognize what data is valuable, and hence what data requires
special protective measures. Items such as personnel records, financial records, credit card numbers, and
Case Study
This case study about espionage should get students to consider two things. The first is to consider steps
that can be taken that make corporate espionage more difficult. The more difficult it is to execute such
schemes, the more secure an organization’s data. Look for students to discuss how they would have
investigated this case. The second thing students need to consider is how to identify potential espionage
