All types of organizations – from Fortune 500 to “mom-and-pop” operations – have mandated the use of anti-virus, anti-adware, anti-spam, firewall and cookie removal solutions for every employee workstation. While these programs have proven effective at mitigating various security risks, IT administrators can’t get too comfortable with their initiatives, just yet.
A growing and more dangerous threat, called Internet counter-intelligence, is the use of sophisticated Web analytics to uncover corporate-user identities to analyze and track enterprise surfing habits. Doing so affords the perpetrator the ability to capture IP addresses and network identities.
In many cases, exposing your IP address is as easy a visiting a website. For example, a quick search on WikiScanner will show more than 90 percent of today’s Fortune 500 banks – including Bank of America, US Bank and Wells Fargo – have some of their IP addresses exposed as a result of employees who edited Wikipedia postings from their company workstation. Though these individuals didn’t know that they were exposing their corporation’s identity, a simple software program was able to extract their host IP address and post them for the general public. In this case, what they post to the Wiki is attributed to their company.
The Wiki expample is a very visible way to see how easy it is for an organization’s network and identity to be exposed. Today there are more than one billion IP addresses that have been collected and aggregate by nefarious Web sites.
Types of Internet counter-intelligence threats
There are seven prominent types of Internet counter-intelligence threats:
IP-Based Blocking — A process that blocks a company’s access to specific Internet resources to prohibit, for example, a marketing research team from viewing a competitor’s Web site to conduct industry and competitive intelligence.
IP-Based Cloaking — A Web site can change its online content based on a user’s IP address, identity, or geographic location. For instance, a company that recognizes when a competitor’s technical employee is surfing their site may route them to a shadow page that displays incorrect product information.
Personal Identity Leakage — Patterns of Internet usage may reveal the personal identity of a user through their surfing history, cookies, and search patterns This can lead to the leakage of a person’s confidential digital information, either accidentally or intentionally.
Corporate Information Leakage — Circumstances when an organization’s employee surfs the Internet and inadvertently gives out confidential information simply by downloading similar types of information from the Internet over a period of time. Such actions could give away a company’s strategic initiatives. For example, simultaneous increases in traffic from corporate executives, lawyers, and investment bankers to a competitor’s Web site could telegraph an upcoming takeover attempt.
Harvesting Risks — This process highlights when companies block a rival’s ability to access its site by utilizing Web harvesting tools to automatically gather and organize unstructured information from Web pages. Doing so prevents the researcher from being able to develop a complete picture of the target’s products, pricing or other information..
Industrial Espionage — Situations where Web administrators use tools to monitor and track what pages and objects are accessed on their Web site. A company can, for example, detect a large amount of traffic coming from a competitor’s IP address to its product page, and accurately conclude that the firm will launch a similar product.
Cyber Terrorism — The direct intervention of a threat source towards a company’s Web site, while not new, is growing, with hacking tools and expertise even more widespread then they were a decade ago. Reaching out to a possibly hostile Web site gives them a direct attack path back to the originator.
Countering these threats
In response, technology firms experienced in anonymous Web surfing systems have created solutions specifically designed for enterprises. Companies looking for proven offerings should consider implementing one of two types of third-party, identity protection and information assurance platforms:
IP Rotation — Automatically changing a user’s visible IP address on a regular basis ensures that target websites cannot build up any patterns of activity or identify the users as anything but typical visitors to the website. One advantage of IP rotation is that it can be implemented so as to be transparent to the end users. In a typical set up, a secure, Virtual Private Network (VPN) network router is attached to the enterprise network. All of the company’s outbound Internet traffic is then rerouted to a platform that periodically changes the IP address used for the subscribers’ network. A Network Access Translation module (NAT) dynamically controls what IP address is presented to the outside world.
This type of solution is best suited for organizations that perform a significant amount of competitive analysis on the Web and need to covertly access competitive or industry Web sites without their knowledge. To maintain security and operational controls, IT organizations should determine how many users will be allowed to tunnel through this VPN at any given time and who should have access, whether executives only, the analysts or its entire user community.
IP Explosion — IP Explosion works by distributing the automated activity across a huge number of IP addresses. The key is to ensure that the traffic from any given source address is low enough to appear normal.
This system is ideal for any government organization or business enterprise that uses Unstructured Data Management tools to conduct automated Web harvesting research. Typically the system causes each Transmission Control Protocol (TCP) network connection to go out on a randomly selected IP address from a pool of thousands of addresses.
When using automated tools to gather large volumes of information – such as capturing competitive pricing information -, it is not enough to simply hide the identity of the user. The simple pattern of generating such a large number of queries from a single address in a short time is enough to expose the activity, even if the user cannot be identified. IP Explosion prevents this pattern from from occuring.
Never get complacent
Computer identity is something many organizations take for granted each time an employee logs onto the Internet. The ease of accessing information on the Web has created a false sense of security that can be exploited by business competitors using new and powerful tools at their disposal. Just as companies woke up to the threat of viruses, cookies, and spyware a few years ago, these enterprises must now become more aware of the threats imposed by Internet counter-intelligence. The only way to circumvent this threat is to completely protect enterprise user identities through anonymous Web surfing systems, making this a new requirement while online.