An Australian IT company has been the victim of a worm that was modified to scan hard disks and send sensitive data to a specific IP address, proving that corporate spying is not restricted to Hollywood films.
The targetted company, which wishes to remain anonymous, was able to obtain documented evidence of the attack by working with a computer forensics expert as the saga unfolded.
The worm's payload was modified and was found on computers belonging to three of the company's senior executives at a time when secret documentation was being compiled for a takeover and sensitive documentation was being prepared as a result of a Tax Office investigation.
A high level of hard-disk activity alerted the company under attack who contacted a computer forensics expert to for help find who was responsible.
The forensics expert created a special set of files with particular identifiers, a special Web bug of their own and specially concocted data to mislead the attackers.
It didn't take long for the evidence to emerge and the victim of the attack to take prompt action.
This real-life incident proves that the availability of spyware, trojans and viruses to steal competitive data has made the shady business of corporate spying accessible to Australian business particularly in the IT industry where awareness of such software is more widespread.
A local survey released by PricewaterhouseCoopers director of dispute analysis and investigations, Richard Batten last year found that corporate spying has certainly reached the mainstream of Australian IT.
Batten said the rise in data theft has led to many companies forming intelligence-gathering units as well as counter-intelligence units.
"This level of sophistication used in spying on other companies makes it imperative that companies do not ignore the problem and take action to protect themselves," he said, adding that of all the industry sectors surveyed, IT made the most use of technical surveillance counter measures.
Details of how the worm was uncovered appears on page 24 in today's edition of Computerworld newspaper (February 10, 2003).