Beware: IP Theft Is Often an Inside Job

A new report released by {complink 5927|Verizon Information Technologies} that examines incidents of intellectual property (IP) theft at companies in several industries, including the high tech, financial, and manufacturing sectors, offers sobering news to the electronics industry as it seeks to electronically protect its patents — the very thing that brings value and competitive advantage to a company's business.

DBIR Snapshot: Intellectual Property Theft is a report that examined 85 confirmed data breaches over the last two years resulting in the theft of intellectual property. The findings are based on breaches investigated by Verizon's Research Intelligence Solutions Knowledge (RISK) Team or one of its partner organizations, which include the Australian Federal Police, the Dutch National High Tech Crime Unit, the Irish Reporting and Information Security Service, the Police Central e-Crime Unit, and the United States Secret Service.

The data shows that while most of the breaches originate from external entities that often use malware and hacking methods to steal IP data, even more troubling is that 46 percent of employees are participating in the theft of intellectual property information. The research also shows that efforts to combat system penetration will have to focus on several aspects of data security as adversaries rely on multiple methods of attack to successfully penetrate a company's knowledge assets.

The study outlines several ways that an attack occurs, including:

  • An external agent sends a phishing email that successfully lures an executive to open the attachment
  • Malware infects the executive's laptop, creating an entry into accessing sensitive data
  • An external agent accesses the executive's laptop, viewing email and other valuable data
  • A system administrator misconfigures access controls when building a new file server
  • An external agent accesses a mapping file server from the executive's laptop and steals intellectual property

Listing the top three methods an attacker uses to carry out IP theft, the research found that 45 percent of data penetration occurred via abuse of system access or privileges, another 34 percent occurred as a result of using stolen login credentials, and 32 percent were the result of pretexting, which is the act of using false information to trap individuals into divulging privileged information that can be used to penetrate data systems.

When managing security in a modern high-tech supply chain, Wade Baker, managing principal for Verizon's RISK team, said the links between supply chain partners such as component suppliers, contract manufacturers, and distributors operating across the globe opens up the electronic manufacturing enterprise to many new security threats.

“If I have three other partners who I depend on to send me information so that I can do what I need to do for my business, and if a supply chain partner sends me information [with a computer virus attached], or if my information is compromised, the impact spreads,” said Baker, who is also the principal author of the report.

While the report offers several recommendations to protect IP theft, the report concludes that:

    There is no silver bullet that can guarantee protection against IP theft. The diversity, complexity, and ingenuity of tactics preclude a one-size-fits-all solution. As our findings have shown, however, there are several common factors across successful attacks that warrant attention. Insider abuse—whether premeditated or requisitioned through trickery—is a favored method of filching IP. And if an insider won't cooperate, stealing their credentials will work almost as well. Short of that, brute-forcing or using SQL injection against web applications stands a good chance of success.

The report also lists a number of recommendations to protect against IP theft, which include:

  • Privileged users:
  • Use pre-employment screening to eliminate the problem before it starts. Don't give users more privileges than they need and use separation of duties. Make sure they have direction (they know policies and expectations) and supervision (to make sure they adhere to them).

  • Training and awareness:
  • Increase awareness of social engineering: educate employees about different methods of social engineering and the vectors from which these attacks could arise. In many of our cases, we see users clicking on links they shouldn't and opening attachments received from unidentified persons.

  • Stolen credentials:
  • Keeping credential-capturing malware off systems is priority number one. Consider two-factor authentication where appropriate.

  • Secure development:
  • Focus on application testing and code review. While SQL injection attacks are the most common, cross-site scripting, authentication bypass, and exploitation of session variables contributed to many of the network-based attacks.

If there's anything that IT security executives at high-tech manufacturing companies can learn from the report's findings, it is that as their extended supply chains rely on networks that manage sensitive company information, they need to continue to develop policies and procedures that will prevent these attacks. Certainly, the time, effort, and resources committed to mitigating IP theft is a worthwhile endeavor.

13 comments on “Beware: IP Theft Is Often an Inside Job

  1. SP
    November 9, 2012

    Ofcourse in organizations that have strong firewalls and IT procedures if there is a IP theft, it is an insiders job.That results in patents war eventually becuase someone has stolen it or mishandled it.

    November 9, 2012

    I would expect most high tech theft involves insiders.  More often that not it takes someone familiar with the IP to make sense of the data so raw data is likely to be useless to an outsider unless it is packaged properly to be usable along with all other associated essential data.

  3. Barbara Jorgensen
    November 9, 2012

    Hi Nicole: Did the report say whether the internal hackers used the IP for monetary gain, or were they just malicious?

  4. t.alex
    November 10, 2012

    Sometimes a resigning staff may copy out some important stuff and bring it over to the new company. I know some japanese companies even adopt laptops without storage, that is everything is from the company cloud server. Plugging in an unauthorised thumbdrive will be rejected.

  5. The Source
    November 10, 2012

    Dear Barbara,

    No, the report did not say how the attackers who succeeded at intellectual property theft used the information, or if there was a monetary gain for them. 

    The report did say that the most compromised areas of an enterprise are the databases and file servers, which is where most organizations store internal data and knowledge.

    The report went on to say that “This serves as a reminder that when we lock down file servers storing IP, we can't neglect to lock file drawers too.”  I'm sure this is good advice.

    Thanks for reading my article. 


  6. Cryptoman
    November 10, 2012

    …the human factor of course.

    No matter what type of cryptographic algorithms and security systems are in place, the weakest link of any security system in the world is the human beings who are targets of social engineering attacks. The bigger the incentive of attacking a system, the more creative and hence more successful such social attacks can become.

    Stealing IP can be a very profitable attack for thieves. Therefore, the human factor that has any involvement with such IP matters should be trained and regularly updated to be aware of new types of potential threats. It will also be useful if ethical hacking methods and penetration tests are applied randomly to test how well the people are defending the system based on th training they receive.


  7. t.alex
    November 10, 2012

    I think so too, human factor plays a role in all these thefts. Staff have to be trained on the risks if they involve in any of these activities and protection measure to take.

  8. Wale Bakare
    November 11, 2012

    It's such a difficult thing to achieve but the article pin-pointed one good measure to do this. There should be level of involvement for every employee in organizations – who and who should have access privilege rights to some organizations' data. Even though, organization would still be worried about some self -acclaimed indispensable employees.

  9. Wale Bakare
    November 11, 2012

    Yes, i agree with that but it also has to be a periodically conducted exercise. After sometimes management of most organizations do relax on this until intranet or their local network systems get compromised.

  10. Eldredge
    November 11, 2012

    @ t.alex – I would expect this (resigning employee theft) to be one of the primary issues. Opportunity and motive would both be present.

  11. Ariella
    November 12, 2012

    @Wale good point. It's important to remain vigilant and not let your guard down.

  12. Anna Young
    November 12, 2012

    Hi Ariella & Wale,

    I agree with you both. Nicole's article did point out that,

    'There is no silver bullet that can guarantee protection against IP theft. The diversity, complexity, and ingenuity of tactics preclude a one-size-fits-all solution'.

    Like you said Ariella, it's important to remain alert.

  13. The Source
    November 13, 2012

    Dear Anna, Ariella & Wale,

    It's always good to be  vigilant  with regard to implementing practices and procedures that will protect sensitive data, especially since the electronics supply chain expands into Asia, Europe and other parts of the world where it's arguably more difficult to secure critical data.

    Thanks for your insightful comments.


Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.