Comment
Who is watching your CAD data? As recent confirmed cyber attacks on the Middle East show that state-sponsored industrial espionage may no longer be the domain of spy films, AEC Magazine asks how secure is your CAD data? by Martyn Day
L
ooking back over 50 years of infect and self-destruct Siemens uranium was written in AutoLISP and Visual Basic Scripts. It is possible that, if someone should James Bond it struck me that the enrichment centrifuges in Iran. Another as yet unnamed nation state was want to, they could pick any popular design typical target for hard-working bad guys were defense products. implicacted in a malware attack, dubbed system to manipulate. If defence designs are A facially scarred, multi-nippled or highly Flame, that used Skype to record nearby what is required how about Catia or sadistic man with disposable henchmen, conversations, capture screenshots, activat- Siemens’ PLM NX? Mr Cluley did little to reassure me. would steal nuclear/solar/bio/stealth ed bluetooth to capture IP addresses and “We are seeing more attacks to steal weapons to extort cash or instigate world transmit documents across the Middle East. While state-sponsored espionage is bound designs and IP, as well as spying on organidestruction. Unfortunately, these days, the really bad guys are not so obvious in their to hit the headlines, it is the more ‘mundane’ sations,” he said and warned that “just as appearance and are more likely to be hav- cyber attacks that should give every design the financial institutions protect their computers, the same has to be applied to engiing a pizza and beer somewhere at the end and engineering firm a pause for thought. Senior technology consultant at anti-vi- neering firms”. of a telephone line. However, Mr Cluley did indicate that, at We recent had ‘news’ from ESET securi- rus provider Sophos, Graham Cluley, said ty software developers that a virus specifi- that the company finds over 100,000 new present, there are “very few” viruses written to make use of the active compocally written for AutoCAD had nents in CAD files. Instead, viruses been found that had infected comof this kind are typically created by puters in Peru and emailed thoupeople trying to prove a point than sands of DWG design files to web We are seeing more attacks to steal cause damage. servers in China. Autodesk condesigns and IP, as well as spying “The real danger are Trojans,” tacted AEC Magazine to say that says Mr Cluley. “[Trojans are] the the malware was almost 10 years on organisations regular malware that opens a old and that any virus checker back door to your computer, would have picked it up, had the allowing remote access your files. company bothered to have any and closed specific ports on its routers. virus, trojans and malware for Microsoft These are system level and once inside, can go anywhere.” Autodesk did admit, though, that the send- Windows every day. I pondered whether cloud tools and coling of DWGs to China was something new Compared to that, Sophos finds “a handin the behaviour of this variant of the ful” each week of new viruses for Apple laborative storage was an increased risk of ‘ACAD/Medre.A’ malware. OSX. “Dozens” of Android visues are viruses or espionage? Mr Cluley agreed: found, many of which are financial-scams, “There’s an element of trust with cloud Designs at risk linked to premium rate SMS services, tro- services which may not be well placed,” This got me thinking, just how safe are our jan access to files and collecting passwords. he said. By way of example, Mr Cluley said that designs? In this ever competitive world, “Google has not done well in policing its file sharing site Dropbox recently had its industrial espionage does not require spys App store,” he said. password authentication turned off, so that like James Bond and is not carried out by shoe-knife wielding eastern block maids or Better the devil you know? any password would gain access, even it it evil geniuses in Zeppelins. CAD developers have, over the years, was incorrect. Recent media reports claimed that the US expanded their software to include program“The cloud also opens up other issues, and Israel sponsored a virus event in 2010 ming languages that manipulate design files. such as where exactly is your data stored,” called Stuxnet, which used Windows to The AutoCAD case I mentioned previously says Mr Cluley. “What countries do the serv-
‘‘
’’
26
July / August 2012
p26_27_AEC_JULYAUG12_Cad virusesHK.indd 26
www.AECmag.com
16/7/12 15:17:07
