Intelligence can be pretty dumb

June 14, 2006

Nick Booth

SECURITY FIRMS must be ruthlessly cunning and intelligent to stay ahead of the fiendish legions of hackers, crackers and cunning con artists they constantly warn us about.

Or so you’d think.

But not if this recent example of 'intelligence' is typical.

All companies keep tabs on the opposition. Usually, they employ competitive intelligence companies, who use all kinds of dirty tricks to find out about rival’s products, their marketing strategies and the incentives offered to resellers.

A typically fiendish scam would be to set up a phoney head hunting agency, then invite everyone that matters, at the target firm, for an ‘off the record’ interview. Flattered by the attention, most CTOs and marketing directors are only too pleased to boast of the projects they’re working on, the budgets they’re in charge of and how many people are under them.

This information is all tabulated, and sold for hundreds of thousands of dollars, to the client. Clients like to outsource this furtive behaviour so they can distance themselves from it if they get caught.

Very cunning. Some security firms are slightly less sophisticated, it seems.

When security vendor Countersnipe launched its latest product, it expected a few bogus enquiries from its rivals. But a request from an outfit calling themselves Ychange seemed genuine enough.

'Jeff' from Ychange saw a demo and was so impressed he promised to show the product to Superluminal, his financial services client, which was just gagging to place a multi-million dollar order.

But a quick Whois check revealed that Superluminal’s web site was owned by one of Countersnipe’s rivals, Sourcefire. Perhaps Sourcefire didn't think anyone else would know about this new-fangled Internet thing.

"This has to be the least sophisticated attempt at spying I’ve ever seen," laughed Countersnipe’s Amar Rathore, "I wouldn’t mind, but they’re a security firm, for God’s sake. You’d think they’d know some cleverer tricks than that."

Sourcefire was unavailable for comment.

main page ATTRITION feedback