Re: Exclusive: HP's printer team in espionage drama

[InfoSec News <isn () c4i org>]

Forwarded from: security curmudgeon <jericho () attrition org>
cc: <ashlee.vance () theregister co uk>

Anyone else skeptical about this? If not skeptical, see a lot of
coincidences that make you say "hrmmmm?"

: http://www.theregister.com/content/51/30914.html
:
: By Ashlee Vance in San Francisco
: Posted: 28/05/2003
:
: Hewlett-Packard's top secret printer labs are under attack from an
: audacious rival using the art of deception to gather confidential
: information.
:
: A group of engineers working on HP's next-generation network laser
: printer have come under siege from a competitor, The Register has
: learned. Employees have received calls at work and at home from faux
: members of the HP team, asking for details on a new 9500 series
: printer code-named Nozomi. HP has fingered the culprit, we are told,
: although the company's identity cannot be released at this time.

That's fine, if this is true we'll find out who it was in a Department
of Justice press release in a few months to a year.

: HP suspects that a competitor has backed the espionage campaign with
: close to $1 million in funding. An HP executive flew to Boise to
: instruct employees on what to do when the enemy (or the press) calls.
: Placards with directions have been placed throughout the well-guarded
: labs.

Now where did this number come from?

A dedicated social engineering attack, even using a dozen people over
several months.. you are going to pay them 1 million dollars? What,
they get overpriced phones, their own office and car? The reason
social engineering attacks are still popular is not only their typical
success, but their low cost to implement. It only takes a payphone,
disposable cell phone, hotel lobby phone or any other that offers a
shred of anonymity. That alone allows you to effeciently launch your
attack with minimal costs.

When I see "HP Executive" and think to who works at HP, namely Ira
Winkler, I also think back to his repetitive dickwaving claims that he
could steal "a million dollars" from any company. Wonder if this is
just coincidence? Or perhaps Winkler trying to justify his position at
HP after recent "disgraces" he brought upon HP at public conferences.

: HP has a number of fierce competitors in the printer space, including
: Lexmark, Canon, Epson. and new rival Dell.
:
: Corporate espionage is a somewhat common practice in the IT industry.
: Oracle admitted to keeping an eye on Microsoft by hiring a lobby
: group, IGI, to buy garbage from pro-Microsoft lobbyists.

One example and it's "a somewhat common practice"? I know, short
article, can't include several examples. I'm sure if we do some
reading, we can come up with several other Corporate Espionage
examples. This brings up yet another amazing coincidence.

Corporate Espionage
What it is, Why it's happening in your company, What you must do about it
Ira Winkler
ISBN: 0-7615-0840-6

So Winkler identifies what Corporate Espionage is. Why it IS happening
in your company (even if it likely isn't?) And what you must do about
it (like fly to Boise to educate the people falling victim to the
attack). Voila!  Justification for your salary.

Makes me wonder who is getting social engineered here. Hewlett-Packard
or Ashlee Vance/Register?



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn'
in the BODY of the mail.