informa
News

Leak Hunters

Cyber researchers prowl the Web for evidence of misdoings by employees, hackers, or competitors

Would you know if one of your employees was giving away insider information in a Web chat room? Would you know if a phisher was using your company's email template to fake messages to customers? Or if a competitor or reseller was misusing your company's brand to further their business?

If you're like most companies, you probably answered "no" to all three questions. True, all three of these are activities that take place on the public Internet. But who has time to track all of that Web activity?

Increasingly, the answer is cyberintelligence companies.

For a fee, enterprises can now hire a third-party service provider to do all of the legwork required to investigate the use -- or abuse -- of company information on the Internet. Collecting this sort of data, sometimes called "open source intelligence," can help organizations understand how their data is being used on the Web -- and nip potential security risks in the bud.

"One of the problems with leak prevention is that you don't know what you don't know," said Terry Gudaitis, director of open source intelligence at SAIC, in a presentation at last week's "Defending Against Insider Threats" conference in Arlington, Va. "And you don't always have the resources to find out."

Companies such as SAIC, NetFrameworks, and Cyveillance maintain staffs of researchers trained to find potential security problems by surfing the Web. Some of them focus on tracking the activity of specific individuals, such as employees or prospective hires, while others orient their efforts toward finding any misuse of a company's name or information, including phishing sites or fraudulent endorsements.

The idea isn't a new one. Way back before there were computers, large organizations and military units collected open source intelligence by monitoring radio and local newspapers to help identify potential security leaks or improper publication of confidential data.

With the emergence of the Web, however, there are many more outlets for security leaks, because individuals can publish directly to the Web without a middleman. Less than two years ago, the CIA opened the Open Source Center, where government staffers do data collection and analysis of blogs worldwide.

"A lot of blogs now have become very big on the Internet," noted OSC Director Douglas Naquin in an interview with The Washington Times. "We’re getting a lot of rich information on blogs that are telling us a lot about social perspectives, and everything from what the general feeling is to... people putting information on there that doesn’t exist anywhere else."

SAIC, which offers similar services for large corporations, spends a good deal of time monitoring blogs and chat rooms for misuse of corporate information, Gudaitis says.

"A lot of what we find is completely unintentional," Gudaitis says. For example, teenagers with their own blogs sometimes discuss what they've heard from their parents at the dinner table, and unknowingly give away confidential information. IT people sometimes reveal confidential information while seeking technical assistance on bulletin boards or technology chat rooms. Some employees discuss their activities on social networking sites, not realizing they could be violating company security policies.

No matter what their initial intent, though, such leaks can cause companies to expose themselves to attacks, or even run afoul of government regulations.

"One of the things we can do is find out about the blogging habits of a prospective employee as part of a background check," says Gudaitis. "If a person is giving away information about their company in a blog today, they might not be someone you want to hire tomorrow."

Monitoring blogs can also help warn companies when an employee is about to go over the edge, Gudaitis observes. In one memorable case, SAIC found the following blog written by an employee about its employer: "I don't want to live, and those bastards shouldn't, either. I don't know whether it would be beter [sic] to blow my brains out in front of them, or take them with me -- Friday is good, will trash their fairy weekends." The employee was subsequently approached, and went voluntarily to a treatment facility for depression.

While this type of online research could be valuable to a company's security, though, some experts wonder whether it oversteps the bounds of privacy. "Should somebody in their 30s have to answer for a blog they wrote when they were in their teens?" wondered Brian Contos, CTO of ArcSight and author of Enemy at the Water Cooler. "It's something to think about."

Outside the company, the uses of open source intelligence are less murky. Companies can use the services to find out whether partners, competitors, or phishers are using their data or trademarks illegally, and how that activity might be affecting their brands. "That's information that can help you not only from a security perspective, but from a marketing perspective," Gudaitis says.

It's also information that doesn't come cheap. Open source intelligence services can be expensive, costing in the tens of thousands or hundreds of thousands of dollars, depending on the depth of research and information the client requires. SAIC's open source intelligence customers so far are generally in the Fortune 50, Gudaitis says.

— Tim Wilson, Site Editor, Dark Reading

  • Cyveillance
  • Science Applications International Corp. (SAIC)
  • Recommended Reading: