EARLY ONE MORNING, John strolls along a road in Arlington, Virginia. He seems to be making notes on his pocket PC, but he is actually logging locations and network addresses of unprotected wireless Internet connections in homes and businesses. If John or one of his associates taps into these unprotected connections, it will not be directly traceable to the thieves; rather, the connection can only be traced back to the registered user at the home or business.
It is quite easy for John to find these unprotected connections by using off-the-shelf software (available for both pocket PCs and full-size computers) and the wireless receivers that enable computers to receive wireless signals. He locates an unprotected connection coming from a house located in the vicinity of a parking garage. After completing his search, he covertly passes this information along to Frank, his partner in crime.
Two days later, Frank sits with his laptop computer in the parking garage and hijacks the wireless Internet connection that John identified. He does this using the basic network information detected and noted during John's survey; this information includes the wireless network frequency and assigned network name (wireless routers are sold with preset network names that are usually left unchanged by users).
Frank simply sets his laptop wireless settings to mimic these wireless network access settings, and the wireless router's Dynamic Host Configuration Protocol (DHCP), the protocol that assigns IP, or Internet protocol, addresses to the devices in a network, configures the connection, and provides him with a private IP address.
Once connected to the Internet, Frank visits a Web site and downloads encrypted instructions placed there by another member of his organization. He then posts a photograph to that same Web site. Although the photograph looks innocent enough, Frank has actually hidden a document within its bits of data by using a steganography program. Once the messages are exchanged, Frank drives away to New York, ready for his next assignment.
WELCOME TO THE new world of industrial espionage. The author has been involved in many criminal investigations in which the techniques and technologies just described were used. And while Frank and John aren't real--they are a fictionalized composite from the author's experience--they paint an accurate picture of the newest twist in intellectual property theft. The following tale of how investigators caught this pair and their associates offers security managers a glimpse into the methods used by information thieves today--as well as how their high-tech tools can be turned against them by detectives who know how to track the digital footprints.
The investigation. The company targeted by John and Frank had been alerted to the thefts weeks earlier by federal law enforcement agents who had found evidence of the espionage while conducting an unrelated investigation. The agents passed the information to the company's security director (a former law enforcement agent whom the agents already knew) without disclosing its source, which could have compromised a sensitive federal investigation.
The agents told the company of the site where Frank had posted the steganographic picture containing hidden information. The site itself was an innocent looking Web page where anyone could post and share photos, but the presence of encrypted documents raised suspicions that some users were doing more than sharing family albums. Corporate investigators took the information from the federal leads to local law enforcement, which agreed to assist in their investigation.
Elements of proof The first concern was to establish an investigative plan that defined the elements of proof--a list of facts that must be proven to substantiate that the crime was committed. For example, investigators needed to prove that criminals had stolen a corporation's intellectual property and were involved in a conspiracy to transmit it to others for profit. …