Do you love Oreos? The delicious chocolate brown biscuit filled with white cream?

Hey, did you ever wonder how they get that cream so white?

Walter Liew did, and with Robert Maegerle he stole the recipe from Dupont, selling it to a Chinese company for $20 Million.

The FBI caught, tried and convicted them. But that’s little consolation to Dupont; The ingredient’s secret manufacturing process (it’s titanium oxide) was worth $17 Billion a year to them. Now with new international competition, it’ll be worth a bit less…

The very essence of business is confidential information; That you know things, and how to do things, which your competitors don’t. You’ll agree that if your competitors gain access to your confidential information, your competitive advantage evaporates.

Unfortunately industrial espionage is all the rage

Take these recent cases:

• Stealing confidential and proprietary technical and design specifications for pipes, pipe supports, and pipe routing for a Westinghouse Power Plant.
• Stealing confidential information from SolarWorld regarding their cash flow, manufacturing metrics, production line, and costs.
• Stealing emails from Alcoa pertaining to an agreement between Alcoa and a Chinese state owned enterprise.
• Thousands of downloaded confidential Motorola documents.
• Photographs of Goodyear’s new tyre designs, for a Chinese tyre maker.
• The source code of Goldman Sachs’s HFT stock trading software.
• The source code of CME groups’ Futures exchange software.
• St. Louis Cardinals hack of the Houston Astros’ player statistics database.

What do the above cases have in common?

These were the ones sloppy enough to get caught!

But what about the ones that get away with it, never caught, or even detected?

“Mission Impossible”® would have us believe it involves spy cameras, suspension harnesses, and (several layers of) silicon disguises. I’m afraid the reality is somewhat more mundane, (though a lot more cost efficient!)

The most effective way to steal industrial secrets is by hacking. FBI Director James Comey warns there are two kinds of companies; those who have been hacked, and those who have, but don’t know it yet. How bad its this?

A HSB Industry survey polled 100 businesses, small, medium and large. They discovered 69% of them had been hacked within the last year. What were these businesses most worried about after being hacked?

76% were most worried that confidential information had been stolen! So how can you stop hackers from raiding your network, before it is too late?

How do hackers break in? How can you stop them?

Hackers initiate 91% of their attacks through Phishing and Malware. (We’ll come back to the other 9% later).

“Phishing” is a play on the word ‘fishing.’ Every day, fraudsters send out millions scam e-mails in the hope someone will be naïve enough to take the bait. A lot of phishing is very easy to spot, but some phishers are using a new kind of phishing, and it is very effective:

It’s called “spear-phishing.” These are counterfeit e-mails so convincing they can fool an expert. Instead of sending it to thousands of people, they are targeted at a particular company, or a particular employee in that company. It might be aimed directly at you:

It will appear to come from someone you know; a colleague or friend. If the phisher already has access to your correspondence or your colleague’s, to avoid arousing your suspicion they will personalise it, writing in the same style, and discussing something they know is of interest to you. That’s how hackers broke into US Steel:

How hackers spear-phished US Steel

They sent an e-mail, which appeared to come from US Steel CEO John Surma, to 20 employees working on seamless oil pipe technology, which the hackers wanted to steal. The employees took the bait. (Hey, would you ignore an e-mail from your CEO?)

Another trick is to make the e-mail look like it comes from a prospective customer. No business can afford not to correspond with prospective customers. So once you open the e-mail, what happens?

Spear-phishers infect your computer equipment with “malware;” malicious software which snoops around your network, looking for interesting data – addresses and credit cards, and computer vulnerabilities the hacker can later use to penetrate your network.

This is exactly what the spear-phished malware did at US Steel.

But you can stop it with Anti-virus software and spam filters, can’t you? Well, you can probably tell from the example I just gave you, they don't work:

Why Anti-virus software and Mail filters don’t work

Anti-virus software or Mail filters can only protect against known attacks; phishing e-mails or malware that has already been sent to many people, and infected some of them, who have reported it. Why doesn’t this protect you from spear-phishers?

Because spear-fishing malware is custom-written, and so by definition new and unique. It sails right through those filters, and onto your computers.

So how does CryptoPhoto stop hackers?

CryptoPhoto uses patented Secure Mutual Authentication Technology (SMAT)™:

When your customers or employees login to your web site or systems, they confirm their identity by tapping a picture on their smartphone. How quick and easy is this?

Watch our demonstration video, and I guarantee in 30 seconds you’ll agree CryptoPhoto is the world’s easiest security system. Not just easy, but fun:

 

 

Now here’s the best part:

CryptoPhoto’s patented Secure Mutual Authentication Technology (SMAT)™ is the highest grade of authentication technology there is. It’s better than discredited two factor authentication, and this is how it stops phishing and malware:

Mutual Authentication means both partners in a transaction prove their identity to each other. You know the customer is really the customer, the employee is really the employee, and they in turn know they’re really connecting to your company’s computer, and not an impersonator. How does this stop hackers?

Because both authentications must be validated at once. If they’re not, the transaction is terminated immediately. But what happens if the hacker gets the customer’s login details through some other means?

Whether it’s social engineering, a burglary, data leak, a Trojan horse, malware or phishing, it doesn’t matter; When the hacker tries to login, CryptoPhoto authenticates back to the customer or employee, and when they don’t confirm their identity, the transaction is blocked, and you are alerted.

Only Secure Mutual Authentication can do this.

How does CryptoPhoto beat the competition?

CryptoPhoto provides far stronger security than RSA SecurID® (which uses discredited older technology, and has been cracked and hacked) and RSA SiteKey® (discredited), and is far easier to use than Vasco’s secure but onerous transaction-signing system. After all, what’s the point of security if it’s so hard to use people don’t want to use it?

Other companies’ have tried to build mutual authentication systems, but made the mistake of using discredited OTP (One Time Password) technology. CryptoPhoto’s patented touch technology doesn’t use OTP.

CryptoPhoto protect your customers, your employees, your company:

If you store any of this information on your computers (you almost certainly do), then you have other data worth stealing too:

• E-mail Addresses
• Home addresses
• Credit cards
• Correspondence
• Proprietary information
• Dates of Birth
• Social security numbers
• Medical records
• Bank account details (e.g. billing and payroll)
• Login credentials
• Passwords

Hackers who steal this data sell it on the dark web. What’s the going rate?

Stolen credit card numbers are sold on the dark web for between $6 and $30 each. Bank account details go for about $1,000, depending on its type and size. But what they do with the other data is far, far worse:

It’s used for identity theft, which is an absolute nightmare for victims. They are harassed by debt collectors who don’t care if the debts are legitimate or not. It can take years for a hacked customer to clear their name, and some never do. The stories are heartbreaking.

Courts and customers punish hacked companies

After a series of high-profile data thefts in 2014, consumers are now well aware of Identity Fraud and it terrifies them. They’re shunning companies who can’t protect their data. What was the fallout when retail giant Target was hacked?

Their stock dropped 0.3%, then fell 1.5% over the next week. Dividends were cut by 20%. Target was sued by the banks for negligence, and they lost customers, “angry with them for not protecting my data.” Research Analyst Brian Yarbrough warns “Probably 5% to 10% of customers will never shop there again.”

But if that sounds bad, the SONY hack was worse:

27 Gigabytes of data was stolen from SONY and leaked onto the net, containing “a treasure trove of sensitive company files, ranging from HR documents with employee info, to legal paperwork, to confidential company meeting notes and documents.”

SONY Co-chairman Amy Pascal was forced to step down after her confidential correspondence was revealed. And SONY found themselves sued by their own employees who had became victims of identity theft.

Security Expert David Kennedy said: “Regardless of who did it, this breach feels much different than anything I’ve seen before. This attack was designed to go after a company on multiple fronts and try to tank it. It’s a precedent-setting breach in that this was done to try to destroy SONY.”

Protection for the Back Office

CryptoPhoto not only protects against phishing and malware attacks through the web. It also provides in-company login authentication for Windows® and Linux®. How does this protect you?

By securing your computers against unauthorised logins, even if the hacker somehow gets an employee’s user id and password, they still can’t log into your system.

Easy installation

How soon can CryptoPhoto be protecting your company? Don’t laugh, but it may just be a matter of minutes:

Many companies run their web site using a CMS (content management system). Joomla, Drupal and WordPress. We have Plugins for all of these. You can have CryptoPhoto up and running on your system in literally minutes!

Or do you have your own custom IT system? If so, you can integrate CryptoPhoto using our simple API. A tutorial is available by clicking here.

Are you using third-party software? We’re helping vendors integrate CryptoPhoto authentication into their products. e.g. Atmail, cPanel.

We also have installers for adding CryptoPhoto authentication to Windows® and Linux®, securing your servers and employee logins.

How much does CryptoPhoto cost?

It depends on the level of support your business needs:

CryptoPhoto offers Top-Tier customers guaranteed availability, around-the-clock support, integration services and on-site technical support, in a Service Level Agreement negotiated to suit their needs.

Or perhaps you’re a small business on a tight budget? You can secure your web site for under $100 a year, and get official e-mail support.

What if you’ve got no money at all? No problem! CryptoPhoto Free won’t cost you a cent. There’s no official support, but you’re welcome to report problems and discuss CryptoPhoto on our free community web forum.

Sounds great! How do I do get started?

You can start using CryptoPhoto for free, right now, by clicking here: http://cryptophoto.com/

Contact us now

Phone: 18555CRYPTO (USA) or 1800CRYPTO (Australia).
E-mail: tech@cryptophoto.com

Awards & Achievements

Hey, what was that other 9%?

91% of attacks are through Phishing and Malware. So what’s the other 9%?

They are System vulnerabilities. Hackers look for security bugs in popular software, which they sell on the dark web. Once these go public, software companies will fix them, but you need to apply those fixes to your computer immediately. But don’t people do that already?

No. Security Expert Robert Hansen points out the Healthcare industry was hit hard because they were too slow; taking an average of 158 days to update their software. What happened in the meantime?

Hackers freely roamed their system. The Premera Blue Cross hack was particularly bad; Hackers were siphoning customers data for nearly a year before the hack was discovered. How can you protect yourself from system vulnerabilities?

Make sure your IT staff keep your software up to date, and in particular apply new security patches immediately. Make sure they are on the lookout for “Zero Day” exploits, so they can take the necessary preventative action until the software patch becomes available.