Forwarded from: security curmudgeon <jerichoat_private> cc: <ashlee.vanceat_private> Anyone else skeptical about this? If not skeptical, see a lot of coincidences that make you say "hrmmmm?" : http://www.theregister.com/content/51/30914.html : : By Ashlee Vance in San Francisco : Posted: 28/05/2003 : : Hewlett-Packard's top secret printer labs are under attack from an : audacious rival using the art of deception to gather confidential : information. : : A group of engineers working on HP's next-generation network laser : printer have come under siege from a competitor, The Register has : learned. Employees have received calls at work and at home from faux : members of the HP team, asking for details on a new 9500 series : printer code-named Nozomi. HP has fingered the culprit, we are told, : although the company's identity cannot be released at this time. That's fine, if this is true we'll find out who it was in a Department of Justice press release in a few months to a year. : HP suspects that a competitor has backed the espionage campaign with : close to $1 million in funding. An HP executive flew to Boise to : instruct employees on what to do when the enemy (or the press) calls. : Placards with directions have been placed throughout the well-guarded : labs. Now where did this number come from? A dedicated social engineering attack, even using a dozen people over several months.. you are going to pay them 1 million dollars? What, they get overpriced phones, their own office and car? The reason social engineering attacks are still popular is not only their typical success, but their low cost to implement. It only takes a payphone, disposable cell phone, hotel lobby phone or any other that offers a shred of anonymity. That alone allows you to effeciently launch your attack with minimal costs. When I see "HP Executive" and think to who works at HP, namely Ira Winkler, I also think back to his repetitive dickwaving claims that he could steal "a million dollars" from any company. Wonder if this is just coincidence? Or perhaps Winkler trying to justify his position at HP after recent "disgraces" he brought upon HP at public conferences. : HP has a number of fierce competitors in the printer space, including : Lexmark, Canon, Epson. and new rival Dell. : : Corporate espionage is a somewhat common practice in the IT industry. : Oracle admitted to keeping an eye on Microsoft by hiring a lobby : group, IGI, to buy garbage from pro-Microsoft lobbyists. One example and it's "a somewhat common practice"? I know, short article, can't include several examples. I'm sure if we do some reading, we can come up with several other Corporate Espionage examples. This brings up yet another amazing coincidence. Corporate Espionage What it is, Why it's happening in your company, What you must do about it Ira Winkler ISBN: 0-7615-0840-6 So Winkler identifies what Corporate Espionage is. Why it IS happening in your company (even if it likely isn't?) And what you must do about it (like fly to Boise to educate the people falling victim to the attack). Voila! Justification for your salary. Makes me wonder who is getting social engineered here. Hewlett-Packard or Ashlee Vance/Register? - ISN is currently hosted by Attrition.org To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY of the mail.
This archive was generated by hypermail 2b30 : Mon Jun 02 2003 - 03:31:40 PDT