The Rising Trend of Internet Counter-Intelligence
by Lance Cottrell - CTO of Anonymizer - Tuesday, 13 May 2008.
Types of Internet counter-intelligence threats

There are seven prominent types of Internet counter-intelligence threats:

IP-Based Blocking ó A process that blocks a companyís access to specific Internet resources to prohibit, for example, a marketing research team from viewing a competitorís Web site to conduct industry and competitive intelligence.

IP-Based Cloaking ó A Web site can change its online content based on a userís IP address, identity, or geographic location. For instance, a company that recognizes when a competitorís technical employee is surfing their site may route them to a shadow page that displays incorrect product information.

Personal Identity Leakage ó Patterns of Internet usage may reveal the personal identity of a user through their surfing history, cookies, and search patterns This can lead to the leakage of a personís confidential digital information, either accidentally or intentionally.

Corporate Information Leakage ó Circumstances when an organizationís employee surfs the Internet and inadvertently gives out confidential information simply by downloading similar types of information from the Internet over a period of time. Such actions could give away a companyís strategic initiatives. For example, simultaneous increases in traffic from corporate executives, lawyers, and investment bankers to a competitorís Web site could telegraph an upcoming takeover attempt.

Harvesting Risks ó This process highlights when companies block a rivalís ability to access its site by utilizing Web harvesting tools to automatically gather and organize unstructured information from Web pages. Doing so prevents the researcher from being able to develop a complete picture of the targetís products, pricing or other information..

Industrial Espionage ó Situations where Web administrators use tools to monitor and track what pages and objects are accessed on their Web site. A company can, for example, detect a large amount of traffic coming from a competitorís IP address to its product page, and accurately conclude that the firm will launch a similar product.

Cyber Terrorism ó The direct intervention of a threat source towards a companyís Web site, while not new, is growing, with hacking tools and expertise even more widespread then they were a decade ago. Reaching out to a possibly hostile Web site gives them a direct attack path back to the originator.

Countering these threats

In response, technology firms experienced in anonymous Web surfing systems have created solutions specifically designed for enterprises. Companies looking for proven offerings should consider implementing one of two types of third-party, identity protection and information assurance platforms:

IP Rotation ó Automatically changing a userís visible IP address on a regular basis ensures that target websites cannot build up any patterns of activity or identify the users as anything but typical visitors to the website. One advantage of IP rotation is that it can be implemented so as to be transparent to the end users. In a typical set up, a secure, Virtual Private Network (VPN) network router is attached to the enterprise network. All of the companyís outbound Internet traffic is then rerouted to a platform that periodically changes the IP address used for the subscribersí network. A Network Access Translation module (NAT) dynamically controls what IP address is presented to the outside world.

This type of solution is best suited for organizations that perform a significant amount of competitive analysis on the Web and need to covertly access competitive or industry Web sites without their knowledge. To maintain security and operational controls, IT organizations should determine how many users will be allowed to tunnel through this VPN at any given time and who should have access, whether executives only, the analysts or its entire user community.

IP Explosion ó IP Explosion works by distributing the automated activity across a huge number of IP addresses. The key is to ensure that the traffic from any given source address is low enough to appear normal.

This system is ideal for any government organization or business enterprise that uses Unstructured Data Management tools to conduct automated Web harvesting research. Typically the system causes each Transmission Control Protocol (TCP) network connection to go out on a randomly selected IP address from a pool of thousands of addresses.

When using automated tools to gather large volumes of information Ė such as capturing competitive pricing information Ė, it is not enough to simply hide the identity of the user. The simple pattern of generating such a large number of queries from a single address in a short time is enough to expose the activity, even if the user cannot be identified. IP Explosion prevents this pattern from from occuring.

Never get complacent

Computer identity is something many organizations take for granted each time an employee logs onto the Internet. The ease of accessing information on the Web has created a false sense of security that can be exploited by business competitors using new and powerful tools at their disposal. Just as companies woke up to the threat of viruses, cookies, and spyware a few years ago, these enterprises must now become more aware of the threats imposed by Internet counter-intelligence. The only way to circumvent this threat is to completely protect enterprise user identities through anonymous Web surfing systems, making this a new requirement while online.


Harnessing artificial intelligence to build an army of virtual analysts

PatternEx, a startup that gathered a team of AI researcher from MIT CSAIL as well as security and distributed systems experts, is poised to shake up things in the user and entity behavior analytics market.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Tue, Feb 9th