A Growing Problem..

Industrial espionage or corporate espionage is espionage conducted for commercial purposes instead of national security purposes.

The term is distinct from legal and ethical activities such as examining corporate publications, websites, patent filings, and the like to determine the activities of a corporation (this is normally referred to as competitive intelligence). Theoretically the difference between espionage and legal information gathering is clear. In practice, it is quite difficult to sometimes tell the difference between legal and illegal methods. Especially if one starts to consider the ethical side of information gathering, the border becomes even more blurred and elusive of definition.

Industrial espionage describes activities such as theft of trade secrets, bribery, blackmail, and technological surveillance. As well as spying on commercial organizations, governments can also be targets of commercial espionage—for example, to determine the terms of a tender for a government contract so that another tenderer can underbid.

Industrial espionage is most commonly associated with technology-heavy industries, particularly the computer and automobile sectors.

Espionage takes place in many forms. In short, the purpose of espionage is to gather knowledge about (an) organization(s). A spy may be hired, or may work for oneself.

 

 

 

WatchGuard Reveals Top Seven Emerging Threats to VoIP

Services April 22, 2009

VoIP DoS attacks use the same approach of running multiple packet streams, like call requests and registrations to the point where VoIP services fail. Such DoS attacks, which often target SIP (Session Initiation Protocol (News - Alert)) extensions, finally exhaust VoIP server resources, thereby causing busy signals or disconnects.

Spam over Internet Telephony (SPIT), the second most emerging threat pointed out by WatchGuard, is generated with botnets that target millions of VoIP users from compromised systems. Very similar to junk mail/ SPAM, SPIT messages also slow system performance, clog voicemail boxes as well as reduces user productivity.

When an unauthorized user gains access to a VoIP network - generally by using a valid user name and password, or gains physical access to a VoIP device, and initiates outbound calls, it is called as voice service theft or VoIP service theft. This is considered to be the third most emerging threat to VoIP service, says WatchGuard.

The fourth most emerging threat to VoIP service is ‘SIP registration hijacking’. A hacker disables a valid user's SIP registration and replaces it with the hacker's IP address, thereby facilitating the hacker to then intercept incoming calls and reroute, replay or terminate calls.

Voice packets, similar to data packets, are also subjected to attacks. Here, a hacker spoofs the MAC address of two parties, and forces VoIP packets to flow through the hacker's system, thereby allowing him to listen real-time conversations, steal user names, passwords, and VoIP system information. This is called as eavesdropping, which is the fifth emerging threat to VoIP service.

VoIP directory harvesting, also an emerging threat to VoIP services, is a process where attackers attempt to find valid VoIP addresses by conducting "brute force" attacks on a network. Here, a hacker identifies valid VoIP addresses and gains access to a new list of VoIP subscribers that can be new targets to other VoIP threats, such as SPIT.

Voice Phishing, or Vishing (News - Alert), is also an emerging threat to VoIP services. Very similar to phishing techniques, the hacker makes the user to reveal personal and sensitive information, such as user names, account numbers and passwords.

Listing some of the key emerging threats, WatchGuard advices all businesses using VoIP systems to review their perimeter and VoIP security.

Jayashree Adkoli is a contributing editor for TMCnet. To read more of Jayashree's articles, please visit her columnist page.

http://voipservices.tmcnet.com/feature/articles/54775-watchguard-reveals-top-seven-emerging-threats-voip-services.htm