Comment

Spyware, not wireless war-drivers, remains the real security threat.

Just connect your PC to the Internet. That's all it takes, for your worst nightmares to come true - and the Israeli Spyware scandal which broke this week illustrates, better than any amount of preaching, that the real security risk has nothing to do with open access WiFi.

The story, too juicy to be ignored by the IT media, tells of villains who uploaded a virus to the computers of their commercial rivals. Who are these villains?

What they are not, is spotty-faced hackers with a copy of NetStumbler, sitting the the car park trying to find a rogue access point on the corporate LAN. Here's the list of suspects: "Top executives of Israel's leading companies including Cellcom, Yes, Pelephone, Meir Motors, Tami-4, Ace Hardware, Volvo Israel and Amdocs" - they have either been arrested or have been placed under suspicion in the last few days for corporate espionage.

This list also includes several private detective companies run and operated by former IDF officers, reports Joel Leyden - summarising: "If your computer starts to work slowly and you hear your hard drive grinding and working like mad but you see nothing happening on your monitor - you may most likely have an Israel, Syrian, Saudi, Japanese, Chinese or US "shark" spying on your hard drive. It could be the FBI, your mother or the store next door."

There is a risk of being hacked by drive-by wireless geeks. There is also a risk of being struck by lightning. If you cross the road looking up at the sky for thunder-clouds, your chances of being run over approach certainty; the moral therefore is: don't waste money on wireless security consultants until you know you're at least as secure as possible against these spyware exploits.

But there is also a half-full glass: When both junior and senior managers in an organization know of the risk, they will be extra careful not to do anything illegal. It is worth noting the types of organizations in which the Trojan horses were found. None of them is an organization that has real secrets; none of them is a high-tech company from which patents, codes, chemical formulas, software or sophisticated algorithms were stolen. They are all commercial companies and 90 percent of their "secrets" become public knowledge within days, weeks or months in any event. If such companies were to invest less energy in "secrets" and "surprises" that their competitors were preparing, perhaps they would have more time to take better note of what their customers and employees want.