Firesheep: on the ethical edge of competitive intelligence

This is the first of a series of posts we shall title "Competitive Intelligence Techniques of Intellectual Interest But Debatable Ethical Integrity". As such, we do not advise them for unsupervised children, pregnant women or people who like cheese.

Yesterday there was a fair amount of coverage about Firesheep, a Firefox extension that lets you monitor unsecured WiFi traffic flying its way around you. The original website is the best place to read more about Firesheet, but in short, the extension captures cookies that get transmitted from other people's computers when they log in to certain websites, and lets you use that information to log into their accounts on your own computer. It has been possible to do this for a long time, with the appropriate hacker software (of course - that is how Firesheep was built), but Firesheep makes it easily accessible to anyone.

With a tool like this, you would find a cafe with unsecured wireless access (most cafes have unsecured WiFi) near your competitor's offices, or the airport near your competitor's HQ, and speculatively sniff for logins.

This type of issue highlights something else of which competitive intelligence analysts should be aware - any technique that they can use against competitors, can in turn be used against the analysts themselves. Luckily, Firesheep can be countered. There are applications, including Firefox extensions, that protect your unsecured traffic. Tor and HTTPS Everywhere are some of the easiest to use but you can easily stuff your computer/browser with anti-hacking software. Then again, many of those can be hacked too... do not underestimate the power of the dark side.