Cyber Hacking and Espionage – Not Sci-Fi, An Actual Threat

BY SARA GILBERT

The Rockland Business Association and Federal Bureau of Investigation hosted a special training session to help prevent and deter losses associated with online hacking and espionage on Wednesday, June 13 at Rockland Community College in Suffern.

“The issue here is real,” said RBA President Al Samuel. “On an elementary level there are false e-mails sent and people trying to get into bank accounts. On a more serious level there is hacking into companies.”

Special Agent Maryann Goldman of the FBI shared a case about two 12-year-old boys who were playing a video game online when one got upset after losing. The boy did a few minutes of research online, got onto the black market and bought for five dollars a device that would go and destroy the other player’s connection to the internet. “Imagine what could happen if there was something real at stake, like your company’s information,” she warned.

With only 45 participants present, Goldman commented, “When talking about something this important we need to have standing room available only. This affects the entire country. Please spread the word.”

She strongly suggested becoming a member of infragard.net. “We are tapped out trying to protect the country, businesses and individuals. You need to get informed and use your common sense. That’s your responsibility,” said Goldman.

According to George J. Ennis Jr. of the Counterintelligence Division, the top priority of the FBI regarding national security is to protect against terrorism, followed by defending against counterintelligence and espionage, which includes protecting trade secrets and intellectual property.

“You may not intuitively think about these things,” said Ennis. “But it’s important to be aware.” He then broke down information into three levels: information that is made public on purpose; information that is not actively protected but is not public; and information that is private and protected.

Next, Charles F. Gilgen of the Espionage Squad followed with an overview of the kind of signs and people to be aware of in order to protect one’s company from any insider threats.

“The type of person might abuse drugs or alcohol, act above the rules, have a sense of entitlement, have financial problems, career disappointments,” Gilgen said.

A frequent motivation for espionage, he said, is someone wanting to be “a James Bond wannabe.” And that’s not a joke. They even have a term for foreigners who use beautiful young women to lure traveling businessmen in, make them feel comfortable and then get information out of them or from their laptop. These are known as “honey traps.”

He warned to watch for out-of-the-ordinary events like someone being in the office late when they don’t have any need to be, undue curiosity about areas they don’t deal with and short unexplained foreign trips.

“These things are real, they do happen,” said Gilgen. “They sound far fetched, but these things happen all the time.”

Goldman reiterated Gilgen’s point that each person must be aware of these possibilities and take steps to prevent “trade secrets from walking out the door or else your kids won’t have jobs. Not only are you protecting us right now, but our future.”

Elisabete Santos of Cyber Espionage spoke about the ways hackers receive information off our seemingly safe networks.

“E-mail is the most prevalent way to get information,” she said. “All they need to do is get to know the person or company and create an email that would be realistic and as soon as you click on it they now have access to your information.”

They now have ways of continuously attacking your computer because they keep “a back door open” and it’s not evident that they’re doing anything with your computer but they have access at any time. This is known as an advanced persistent threat.

If you continue to have problems with your company computers being hacked, call the FBI. They can determine if the hacker is trying to get something off your network or is using those computers as “hop points” in order to more easily get access to another U.S. network, she said.

Santos warned, “Have an emergency plan ready just in case you find out you’ve been attacked, so you and the company know what to do.”

As part of the emergency plan, make sure to know your network map, how many computers and laptops are connected to the network, know your IP address, and have access to video cameras and key cards, she instructed.

“It’s a dangerous world we live in,” said Goldman. “You shouldn’t be paranoid but you do need to be aware of all the dangers.”