I’m reading a detailed post by Ars Technica on automated theft of AutoCAD designs, but is this also applicable to 3D print designs?
The post explains that multiple nefarious characters have long been using scripts as a means of industrial espionage. These scripts are secretly installed on Autodesk AutoCAD instances, and then silently relay encountered designs back to the originator.
The scripts are installed through standard phishing approaches, in which innocuous-appearing messages encourage recipients to click on links that ultimately install malware scripts into the AutoCAD system. The scripts are written in AutoCAD Lisp, a derivative of the original Lisp programming language. Normally such scripts are used to enhance the experience of the AutoCAD user in various ways.
But in this case, they are used for unethical purposes.
Ars Technica’s Dan Goodin writes:
“Forcepoint said it has tracked more than 200 data sets and about 40 unique malicious modules, including one that purported to include a design for Hong Kong’s Zhuhai-Macau Bridge. The attacks include a precompiled and encrypted AutoLISP program titled acad.fas. It first copies itself to three locations in an infected computer to increase the chances it will be opened if it spreads to new computers. Infected computers also report to attacker-controlled servers, which use a series of obfuscated commands to download documents.”
”All of the control server subdomains resolve to the same IP address, which appears to be running a Chinese-language installation of Microsoft Internet Information Server 6.0. Forcepoint researchers found that the same IP was used in earlier AutoCAD campaigns. They also found a neighboring IP that had the same IIS configuration.”
The intention of this work would be to identify and capture new building construction techniques, rather than attempting to duplicate whole structures. These techniques are quite important, as they are what differentiates designers from each other. Were they to be exposed and re-used elsewhere, designers could lose their unique discoveries.
But this scenario seems to be limited to AutoCAD users, who typically design buildings and architectural layouts.
My question is, could the same approach be used by bad actors to capture 3D models of printable 3D designs?
Such designs are of huge value: spare parts for countless products are a massive business, mostly because the designs are proprietary and thus the product manufacturer has a monopoly on replacements. If designs were freed, then they might face inexpensive clone replacement parts operations that produce literally identical spare parts.
Artistic works could also suffer, as most high-level 3D print designs are securely held so that the artist can make money by selling copies of the work. If the 3D CAD model is stolen, then again identical clones can appear.
In aerospace or automotive industries, secret designs for hidden components might be exposed to competitors, making trouble for the originator.
Could this happen? I suspect it might be possible to do if a 3D CAD tool offered a scripting capability. Then it is simply a matter of tricking the operator into launching a script that does the dirty business.
Currently SOLIDWORKS, one of the more popular industrial design tools, offers the ability to create and execute macros, which are similar to a script. In theory these might be used to perform the same tasks, if the macro language includes the right set of commands to make it happen.
Autodesk Fusion 360 also allows scripts and add-ins, so it is likely there is potential for this type of crime to take place in many 3D environments.
We have no evidence this is taking place, but based on the Ars Technica story, I would not be surprised to eventually learn that it has happened.
Via Ars Technica