only for the grAde
yznb-yahya
PSSTThereisanotherWay.pdf
pssT. TH ERE',S ANOTH ER WAYYOU KNOW. . .
'All this talk about BPM and SDLC and scrum is really unnecessarll. There's another wau, Aou know, We just download a clplJ of their source code, and we're in business. I have a friend who knows how to do that, We'dhave the application in seconds, and it would save so much time and agony, no?"
$x'x*r*strla* exrp$xxx.t#&ffiffi is as otd as commerce. Infiltrating your competitors with spies and stealing what- ever you can is nothing new. It's a way to save hundreds of
labor years, maybe more. Of course, if you're so stupid as to steal the designs of an iPad, and next month bring your own
iPad to market, the jig will be up. Apple, the FBI, and who knows who else will be upon you.
So, instead, you can just learn from the stolen designs
and apply your new knowledge to build similar devices, doing
it much faster than you could without the theft. Use what you learn from, say, iPad touch-screen design to build your
own auto navigation touch screen.
Or choose a company less prominent than Apple. For example, find out where Henri and his team keep the ARES source code and take it. Then build your own ARES system in another country...say, New Zealand or Singapore. How likely
is it for Henri to know you're running his code in New Zealand? Not likely, and, if he does learn of it, how much does he want to pay the one attorney in Austin, Texas, who knows
New Zealand law and prosecution? Plus, how would he prove
you got the code from him?
Sound far-fetched? In June 2012, ESET, the antivirus software vendor based in Bratislava, Slovakia, detected a big spike in inlections of a r,r,,orm named ACADiMedre.A.ls Initially the spike was in Peru, but the malware soon spread. Investigation revealed that this worm copies itself into Iile folders containing drawings produced using AutoCAD, the world's most popular computer-based design software. Once
there, it installs code to send copies of engineering drawings it finds on the host machine to one of several email servers in
China. If Outlook is installed on the infected computer, it also sends copies of the computer's contact list and other email data.1
6
ACAD/Medre.A was spread by unsuspecting engineers.
An AutoCAD design consists of many files, and to transfer a
design to a collaborator, engineers routinely compress the files in an AutoCAD design directory into a zip file and send it to legitimate recipients. Once the worm gets into a design di-
rectory, it's compressed with the legitimate files and rides along in the compressed lile. When the recipient decom- presses the zip file, ACAD/Medre.A is decompressed as well. It then runs its payload to steal designs and email data.
488
Source : @ Eliane SULLE/Alamy
t+8!'
\\'hy Peru? Apparently, the original infection ll'as on a server of a Peruvian manufacturer whose suppiiers needed the manufacturer's engineering designs to create component parts. When suppliers copied the manufacturer's drawings. they copied the worm as well. Soon the worm was on its way around the world.
\\'as it serious? According to the ESET. tens of thousands of engineering drawings were leaked. ESET says, however, that when it notified the providers of those email servers in China, the providers shut those server sites down, so the damage is supposed to be stopped. Autodesk, the vendor of AutoCAD, took corrective and protective action as well.
ds%ffiryEffi { ffi DiscussionOuestionsffi ",ffw l. If, in your absence, your roommate opens your desk and
eats the top layer of your 2-pound box of chocolates, you'll know it; at least you'll know they're gone. But, if in your absence, your roommate uses your computer to copy your MIS term project onto his flash drive, do you know? If so, how? If not, why not?
2. Of course your roommate wouldn't steal your term proj- ect. So, instead, suppose the person across the hall obtains the name of your computer and your logon name (the name you enter when your computer starts). She could surreptitiously watch you enter your password and learn it, too. But let's say instead that she notices the 75 pic- tures of your family basset hound, Fido, taped to your desk and correctly guesses that your password is t1do. With that data and a little knowledge, she uses your dorm's network to access shared folders on your com- ptter from her computer. (Search the Internet for How to share a folder in Windows (or Mac)if you don't know what shared folders are.) When she finds your MIS term paper in one of your shared folders and copies it to her com- puter, do you know? Why or why not?
3. How does the situation in question 2 differ from packet sniffing? What's required for her to steal your paper from a shared folder? What's required to steal that paper using packet sniffing? Which is easier?
4. As a student, you're unlikely to share many folders, but once you start work, you're likely to do so. Is the scenario in question 2 possible at work? Does it matter if your employer has strong network security? What is the one thing you can do to protect yourself from the person in the cubicle down the hallway accessing your shared folders?
5. Now consider the suppliers in this guide who had their designs stolen. Will they know their designs were stolen? How will they find out? How will they know which de- signs were taken? How can they assess their damages?
6. It's possible for companies to configure their network so that email can only be sent to their own Internet service provider. Such a conliguration would thwart the ACAD/ Medre.A worm, and indeed it did, for all the companies that had such security. Companies with large, knowledge- able IS departments (see Chapter 11) most likely will, but in this case hundreds did not. If you're the owner of a small business, what can you do?
7. Search the Internet lbr the term industrial espionage. Find one example of espionage that has been conducted us- ing malware. Summarize the problem and the damages. What could the companies involved have done to avoid losses?
