http://www.theinquirer.net/?article=32411 By Nick Booth 14 June 2006 SECURITY FIRMS must be ruthlessly cunning and intelligent to stay ahead of the fiendish legions of hackers, crackers and cunning con artists they constantly warn us about. Or so you'd think. But not if this recent example of 'intelligence' is typical. All companies keep tabs on the opposition. Usually, they employ competitive intelligence companies, who use all kinds of dirty tricks to find out about rival's products, their marketing strategies and the incentives offered to resellers. A typically fiendish scam would be to set up a phoney head hunting agency, then invite everyone that matters, at the target firm, for an "off the record" interview. Flattered by the attention, most CTOs and marketing directors are only too pleased to boast of the projects they're working on, the budgets they're in charge of and how many people are under them. This information is all tabulated, and sold for hundreds of thousands of dollars, to the client. Clients like to outsource this furtive behaviour so they can distance themselves from it if they get caught. Very cunning. Some security firms are slightly less sophisticated, it seems. When security vendor Countersnipe launched its latest product, it expected a few bogus enquiries from its rivals. But a request from an outfit calling themselves Ychange seemed genuine enough. 'Jeff' from Ychange saw a demo and was so impressed he promised to show the product to Superluminal, his financial services client, which was just gagging to place a multi-million dollar order. But a quick Whois check revealed that Superluminal's web site was owned by one of Countersnipe's rivals, Sourcefire. Perhaps Sourcefire didn't think anyone else would know about this new-fangled Internet thing. "This has to be the least sophisticated attempt at spying I've ever seen," laughed Countersnipe's Amar Rathore, "I wouldn't mind, but they're a security firm, for God's sake. You'd think they'd know some cleverer tricks than that." Sourcefire was unavailable for comment. µ _________________________________ Attend the Black Hat Briefings and Training, Las Vegas July 29 - August 3 2,500+ international security experts from 40 nations, 10 tracks, no vendor pitches. www.blackhat.com
This archive was generated by hypermail 2.1.3 : Thu Jun 15 2006 - 08:21:38 PDT