Security Update – 28 April 2009

Scores of computers with thousands of credit card numbers, legal documents and other sensitive information were stolen from an office building in Los Angeles early on 25 April. Attorneys, property management companies and accountants were among at least 60 tenants raided at the landmark Chateau Office building on Ventura Boulevard.

There has been speculation that the large-scale theft was an inside job, as the burglars appeared to have a master key and knew the building’s security system well (security cameras were disabled during the robbery). Data theft seems to have been the reason for the burglary, as other valuable equipment was left behind.

International Operations Group – Analysis

The global financial crisis is increasing the amount of data and confidential information being stolen with criminal gangs (many of which are based in Eastern Europe) running data theft rackets on a global level. The internet has influenced the development of a criminal terrorist nexus, by allowing the instantaneous and invisible cross-flow of funds between transnational criminal groups. The number of phishing emails seeking personal banking information has increased dramatically during the financial crisis with numerous banking takeovers and changes. In April, security agencies disclosed information about the largest botnet discovered yet. A Ukraine-based gang had the ability to read emails, copy files, record keystrokes and make screenshots on a global network of 1.9 million computers infected with malicious software. The network had infiltrated 77 ‘.gov’ (government-owned) domains around the world and the gang was selling access to compromised computers on a hackers’ forum in Russia.

Large scale corporate global expansion and the growing complexity of organisations have made it easier for data theft to be carried out, often without being noticed. Technological advances (including the increased speed of computerisation and communication) and an increasingly transient workforce have also increased the ease and frequency with which data theft occurs. Employees are frequently involved in the theft of sensitive data and such internal risks are increasing as economic conditions worsen with many employees lacking job security. One portable USB stick can be used to steal the entire customer database of a large company.

Data protection laws are becoming increasingly stringent and data losses and breaches lead to massive reputational damage for organisations. As the economy worsens, cyber security should be of utmost importance as both the governmental and private sectors become more susceptible to data theft and industrial espionage. Organisations should ensure that they are aware of potential risks and have robust policies and technological measures in place to protect confidential data.

International Operations Group – Services

Cyber security requires strong intelligence and an increased awareness of potential vulnerabilities in corporate, utility and governmental systems. International Operations Group can offer methods of improving cyber defence standards for both companies and governmental organisations. Our intelligence and screening systems help to ensure secure networks. We are also able to provide advice on internal business risk mitigation and network assessments.

Please email us at intel@interopsgroup.com or telephone us on +61 2 8003 3933 for additional information or confidential support.

For more information on our fee-based intelligence updates or bespoke reporting, please email Rob Stevenson - rob@interopsgroup.com. Rob can also be telephoned on +61 [0] 420 244 909.