information management

Corporate spying

Submitted by Kai on Thu, 2008-01-17 11:46.

Bruce Schneier covers corporate spying today - you know, when your employer or your shop uses spying methodology to learn to know you better. I only wish this was new - government trained security specialists have crossed over to private business since the dawn of time.

Since you do not have to work for the government to have a license to kill - it is enough to be a hired gun - and the number of specialists increases, it is only natural that some accepts tempting offers from the corporate world.

What is more - there is nothing strange in a company - big or small; to protect itself. The challenge is to be able to draw the line - where do you stop? Is it OK to have Wall-Mart or HP to install wiretaps on you (or someone else)? If not - when would it be OK? If you think it is just fine, when would it NOT be OK anymore?

We know that most companies today use computers to track everything related to it's production, logistics and sales. Why is it so chocking to read that they are using computers to analyze and track that information too? After all, Business Intelligent and Data warehousing is nothing new under the sky.

From the article:

"If you try to buy more than three cell phones at one time, it will be tracked," he (David Harrison) reportedly told the audience.

The fact that they let you know some of their thresholds may raise a few eyebrows, but again - if you are a smart criminal, you would not use a clean ID to buy your batch of prepaid phones, now would you? Most likely you would use someone else's CC?

When your company is large enough, you start spending money on security. And security in this sense means you put into action counter-measures and information gathering. When your company is larger than some countries, it would be quite expected that you use some of the same measures to protect your assets.

I think it is unavoidable. We keep introducing tools that facilitate the collection, storing and analyzing of data. Obviously some will collect and analyze more data than others. Surely this will continue. And most importantly, most people do not care.


Creating bad reputation

Submitted by Kai on Mon, 2007-08-06 11:58.

I share a LinkedIn group with Scott Allen, the co-author of the Virtual Handshake. I must admit, I have never read the book, but I have learned to respect Scott through his contributions to the LinkedInnovators group.

In a discussion this week, a mob was forming against a LinkedIn user, who had been rude in an invitation process. The only problem is that the story was told by the guy who had received the rude answer, and not the other party.

The gang soon wanted to hang the rude guy high, when Scott enters the discussion with a calm "I would like to hear the other guys side of the story before I judge". Now, that takes courage!

Of course, the heat is now on Scott - how can you take the rude guys side? He did not - all he said was he wanted to hear both sides before choosing his side. Imo, that is a true gentleman. And I support Scott all the way.

As the heat is now on Scott, he turns us to his own story of a smearing campaign against him - back in 2006. Someone started to spam blog comments in his name, and pointing to his website.

Why is this important?

1. you should always seek to gather as much information and knowledge as possible before judging other peoples actions and behaviors. Seek to understand.

2. ID-theft happens all the time. And technology makes it easier every day (you should think technology makes it harder, huh?) You need to make sure that the guy/gal in the other end is the right party - and not an impostor or a fraud.

3. Smearing campaig. Imagine your competitor (or a spammer, a bad employee, your mother-in-law - anyone) decides to paint a bad picture of you. It is extremely easy - it only takes some (not even much) time, and depending on the scale, perhaps some money.

 

How does he do it?

He will start questioning your services in newsgroups, in mailing lists, on blog comments and other places. Using different names, the operation soon looks like a large number of people having a thorn in your side. After all, no-one is making a real effort to identify the source of comments, now are we?

After a while, some blogger will pick up the story. And soon, very soon, your partners, clients and shareholders begins the questioning too.

 

This kind of story makes it very important to learn by Scott Allen - not only to make sure to check both sides of the story, but also understand how important it is to leverage your own network and profile to counter such attacks.

One fact remains - these kinds of attacks is not over!

Syndicate content

Recent comments