SYRACUSE — Dressed in a workman’s uniform, he blends into the office. Unnoticed, he locks onto his target’s computer, and, within moments, gains access to critical files. These files, if put in the hands of a competitor, could wreak serious financial damage to the company. As unobserved as when he arrived, the workman leaves and […]
SYRACUSE — Dressed in a workman’s uniform, he blends into the office. Unnoticed, he locks onto his target’s computer, and, within moments, gains access to critical files. These files, if put in the hands of a competitor, could wreak serious financial damage to the company.
As unobserved as when he arrived, the workman leaves and returns to his computer, where he now has access to his target’s computer, and begins his work. His mission, however, isn’t what you think. Yes, he’s a hacker, but in this case, the hacker wears a white hat. His goal is to ferret out workplace fraud such as corporate espionage. He works for Secure Network Technologies, Inc., located at 115 E. Jefferson St. in downtown Syracuse, and his job is to find the corporate bad guys.
“There is no shortage of bad people,” says Steve Stasiukonis, president and owner of Secure Network Technologies (SNT). As hackers for hire, it’s his company’s job to find those people and stop them.
Take the case of a New Jersey company that contacted SNT after terminating its systems administrator. The employee of two years, who came to the company from a staffing agency, showed a lot of promise and the business was poised to offer him a full-time position when the employee made some troubling statements during his interview with human resources, Stasiukonis recalls. The employee indicated that if the company didn’t hire him, it would regret that choice because he would be able to hack the company’s computer system. The employee was immediately terminated, Stasiukonis says, but the company knew it needed to take steps to ensure that he could not, in fact, hack into its system.
That’s when it called SNT (www.securenetworkinc.com), which came in and discovered the employee had secretly loaded remote Trojans onto the network that would indeed give him access. “His complete intent was retaliation,” Stasiukonis says, and the story is not an uncommon one.
When most companies think of the threat of hackers, they think of outside sources — shadowy hacker groups from China or Eastern Europe — looking to break in. So often, Stasiukonis says, companies forget to consider employees, who are already in, moving sensitive information outside of the business.
It could be as simple as a salesperson that leaves to join a competitor and takes his client list with him. Or it could be as complex as an engineer set on starting her own company who has been secretly copying research files and other sensitive information, Stasiukonis says. It happens more often than people think, Stasiukonis says. He and his team of seven employees have seen incident-response calls triple over the past year alone.
“Companies call up and say, ‘We’ve got a bad guy on the inside,’” he says. His job is to find them.
Stasiukonis does it with an array of tools including the expected rooms full of sophisticated computers and technology. The array of tools also includes a room full of costumes and vehicle signs that allow Stasiukonis and his employees to move about an office without suspicion.
Along with finding the bad guys, Stasiukonis also works with clients to help them reduce their future vulnerability to such inside attacks. The easiest way to do that, he instructs, is by limiting what information employees can access.
Not every employee needs access to every file, he says, and technology is available to help employers limit access. Those limitations should be in place not just for company files, but also for Internet access in general, Stasiukonis says. For example, an employee who is allowed to access his Gmail account now has an easy means to email company information elsewhere.
“You want to be a good employer, and you want to be fair to your employees, but there have to be strict policies,” Stasiukonis cautions.
Policies should also include measures to protect the company from outside attacks as well, he says. Teach employees not to open attachments or click on links in emails from unfamiliar sources. One popular means of gaining access to computer systems right now, he says, is to send a “phishing” email telling recipients they have a package waiting for them that was undeliverable. If they just click on the link, they can arrange for delivery. If an employee clicks that link, malware is loaded onto their computer, giving the bad guys access not only to that computer but to the company’s whole system.
Hackers, both internal and external, are constantly switching up their game and coming out with better programs to help them gain access. Companies have to work to stay ahead of the game, Stasiukonis says, with strong policies that are strictly enforced. “If you don’t have protection in place and do your due diligence, you’re going to be a victim.”
And that’s when you can call Stasiukonis and his team of white-hat hackers to save you.
Secure Network Technologies’ (www.securenetworkinc.com) full array of services includes network security, social-engineering assessments, application security, physical security, computer forensics, mobile forensics, digital investigations, incident response, and real-time network investigations. The firm’s website boasts that it has been “hacking networks since 1997.”