ZIFFPAGE TITLESlippery SlopeBy Deborah Gage | Posted 2004-12-01 Email Print
Corporate America faces a new kind of cracker. Information-technology managers and chief technology officersthe people charged with safeguarding corporate networksare engaging in acts of digital espionage. In the past two years, a half-dozen c
Most corporate spies are never caught. What's reported in the news is the failed attempts, says consultant Kevin Murray, who helps organizations deploy electronic countermeasures. "There are a lot of cases like this that never reach the light of day."
Most corporate spies cover their tracks. Watchfire's Orrin says hackers will use techniques such as "IP spoofing," so messages look as if they're coming from a trusted IP address.
But even if they catch intruders, companies are reluctant to prosecute trespassers, fearing the publicity might encourage more attacks or that customers may shy away from a company that can't protect its electronic information.
The slight risk of being caught and the even less likely result of being prosecuted just add to the temptation many CTOs and technology managers may feel when asked to "help" other employees spy on their competition.
Granted, any number of factors could motivate a corporate technologist to commit espionage. "Some of it is flat-out greed. Some of it is being competitive," Winkler says.
But he and other espionage experts think it may just be a matter of a CIO or CTO taking small stepssearching for a competitor's password, or trying out a new hacker tool or technique to tap into a database and bring back valuable information. The hope? To be a hero with higher-ups.
Assuming they're not caught.
"I think it's a matter of a bunch of people sitting around saying, here's what we need," Winkler says. "And, it's like, 'Joe you're the head of I.T., you should be smart enough to figure out how to do thisgo do it.'"
There's a "naiveté that what they're doing isn't bad," he adds. "It's a slippery slope.''