Espionage - Utilizing Web 2.0, SSH Tunneling and a Trusted Insider

This technical report was written to fulfill the requirements of the GIAC Certified Incident Handler (GCIH) certification. It will address recent trends in the Information Security field such as: exploiting client side vulnerabilities [SANS 2007], increased commercial espionage and lack of security policy and awareness. The report will describe how in the realm of Web 2.0, a business-oriented social networking site along with other aiding technology and human factors resulted in an espionage-type security incident, and how that incident was handled. The aiding technology factors are a web-browser plug-in vulnerability and a Secure Shell (SSH) tunnel, as in most espionage-cases a trusted insider is involved as the human factor. The story is realistic but fictitious, which will hopefully benefit the security community in preparing for similar commercial espionage incidents by taking into consideration the technology, process and people aspects.