Monday, September 29, 2014

Espoinage on Business Trips

He who has never learned to obey cannot be a good commander. —Aristotle

While traveling for business, a professional carries a set of goals to expand to new markets, close out promising sales, or open up new opportunity with foreign partners. To obtain the data needed to support such efforts, a business professional typically travels with a device that includes contacts, presentations, and data sheets. While such information is valuable to the business professional and his or her organization, it is much more valuable to a competing organization, or authoritarian government, that would like to close the gap on research and development.
Case Studies

  • Consider the customer of a security products company on a trip Abroad. The traveler brought with him his Android smartphone and, as a precaution, noted the version of the operating system that the device was running before leaving. When he woke up in his accommodations on site, he noticed that the version of the operating system had been changed due to an unauthorized update that had been pushed over the air. Such an unauthorized update could allow the device to be used as a microphone, listening in on conversations in any room the device was located. Such a compromised device could also siphon off data including emails, texts, and stored files.

  • An executive at a security technology company cleared the data on his phone before heading overseas, and used the clean phone for voice calls only. Upon returning home, the device would not boot properly and needed the firmware loaded from scratch. Forensics were performed on the device to determine the root cause- which could only come from an unlikely, invisible update from the device manufacturer- or an attack against the device aimed at compromising it.

Many different types of devices can be the target of such attacks. Think of all the different devices you might take with you when you travel, whether for business or vacation:

·         Laptop
·         Smartphone
·         Tablet
·         Digital camera
·         Camcorder
·         Audio player
·         Flash drives
·         Memory cards

Each of the above devices contains some form of data or code that runs on the device. If the device has WiFi, mobile access, or active Bluetooth, there is a possibility of it being compromised through one of those wireless interfaces. If a device is left behind in a hotel room or other unsecured location, it could be tampered with, duplicated, or stolen.

There are several methods to secure, minimize, or even hide data. These methods include using encryption, making backups, traveling with reduced information- or “clean device” that has no data.
Other solutions include data that is only sent or made available remotely once the traveler has arrived and then revoked when returning. While these methods are geared toward border crossings that may subject the travel to additional scrutiny, they work equally well against espionage performed by competitors or authoritarian governments.
See You at the Top