Industrial Espionage Experts
Industrial Espionage Experts
By WILLIAM ALVIN WALLACE
This paper addresses the process of Industrial Espionage. With the increasing competitiveness in today's world market many companies are increasingly collecting information on their competitors using both legal and illegal means. A growing group of individuals and companies have emerged to fill this service void. I will generally refer to these individuals as Collectors throughout this paper because that is the word that best describes what they do. They collect information.
"Corporate Raiders- employees who attack computers of competitors for financial gain."  "People who specialize in harming companies to the benefit of other companies." Whatever you choose to call this threat it is both serious and growing. While much has been chronicled in fact and fiction about the more traditional foreign agents and spies, in today's world of multi-national, multi-billion dollar corporations, industrial espionage is a growing threat. This is exacerbated by the fact that big businesses are more physically distributed, have dispersed management and administration, as well as more job specialization. From the information structure viewpoint this leads to an increased reliance on distributed information systems, opening up many potential collection points of Industrial Espionage Experts.  "72% of businesses which have not taken measures to reduce their vulnerability to industrial espionage, and suffer a resulting loss, will go out of business within two years, according to a survey conducted by the Canadian Security and Intelligence Service. The same survey indicates 43% of American corporations have had an average of six incidents involving corporate espionage."  Industrial Espionage Experts have access to resources, both people and money, not normally available to the common Hacker or Cyber criminal. They are very sophisticated and can use technologically advanced methods to obtain information and data.  The methods used by industrial spies are mirror images of those used for decades by their counterparts in the field of national intrigue in fact; many are the same players. With the cooling of the Cold War many nation states are turning their enormous intelligence collection capabilities to gaining economic advantage for their country and the corporations that pay taxes within them. While in other cases, spies who found themselves without a state sponsor in the new era of global corporation now vend their wares to corporate sponsors. Both Scott Charney, chief of Department of Justice's Computer Crime and Intellectual Property Section, and Robert Gate, ex-director of the Central Intelligence Agency agree that the biggest problem companies face is their ignorance of the threats posed by Collectors. 
"Corporate or Industrial Espionage involves operations conducted by one corporation against another for the purpose of acquiring a competitive advantage in domestic or global markets."  Industrial Espionage is a process, not a single act. My definition of Economic Espionage, as practiced by an Industrial Espionage Expert, is the process of collection of information and data related to economic or industrial targets for the purpose of profit. The two key words in this definition are Collection and Profit. Collection is what Economic Espionage Experts do they collect information. They use both legal and illegal means to tap into sources of information and data concerning specific targets. They target anyone and everyone, whomever or whatever the client wants. They collect information and data to look for those elusive nuggets that have value to their clients and potential clients, in this case your business competitors. Profit is a very important aspect for these Collectors. They are not thrill seekers, if the payoff does not justify the risk they will not bother attempting to collect the information. They are not looking for information for information's sake, but for information that will generate profit when sold to a second party, or put to use by them to acquire information of value to a second party. Greed is a powerful motivator and the stakes in today's hundred million-dollar plus Industrial Espionage capers far exceed the amount that people have historically killed for.  It is warfare as corporations actively seek out information about their competitors and steal trade secrets through both legal and illegal means.
The process of Industrial Espionage can be broken down into four phases: "Definition of Requirements, Collection, Analysis, and Evaluation."  Definition of Requirements is normally a given for Collectors. They are approached to do a specific job, often by a third party to protect the inquiring corporation from liability. Typically, "=85companies tend to focus their espionage efforts rather narrowly..."  this, in turn, allows the Collector to more effectively focus their efforts. Collection is the meat and potatoes of the Industrial Espionage Expert or Collector. It is this for which they are paid. They must balance the risk of obtaining the desired information or data with the value of the fee that they will be paid. The Collector will use physical attacks, electronic attacks, and even attacks against your employees to gain the necessary information. They will go to whatever lengths necessary to obtain the information, and even a bit further if an inviting door is found open. If the request is for a working copy of a company's product the Collector might simply have to go out and by one, then send away for the technical information any customer is entitled to. While this might see strange use of a Collector, remember some of the companies collecting information exist in embargoed nations such as Cuba or Iraq where state of the art US product are not readily available. If the request is for the complete production data for a complex computer chip the job might entail illegal, and therefore more risky, methods such as bribery or burglary. Analysis follows. Now that a Collector has accumulated a mass of data and information they must take time to see what they have. This entails everything from reading the contents of documents, both physical and electronic, processing raw data, and in some cases looking at the flow of employees and information to see what might be happening and where it is occurring. Once the data has been analyzed the Collector refers to the original Requirement to see if he has meet his goals. This is the Evaluation phase. If the client's Requirements have been met the information is package, transmitted, and the Collector paid. "Extra" information collected is evaluated for value to the current of future clients and recorded for future transactions. In those cases where the Requirements have not been met, the Collector uses the information to return to the Collection Phase, thus beginning the process anew.
Collectors pose a significant threat across many levels. One of the simplest to understand is the physical. These people engage in the normal mundane intelligence collection techniques that people have engaged in for years. They watch, they listen, and they collect.
Watching can take on many different aspects in today's modern world. It can be as simple as sitting in a car and watching from across the street. It can be as complex as low light video surveillance covertly installed in or near your facilities. Whether through a pair of binoculars from across the street, over the shoulder of an employee as Collectors participate in a company sponsored tour, or from video surveillance systems, observation can tell Collectors a lot about a company. They can note your employee's habits, their work patterns. Discover when the building is most crowed so they can enter relatively unnoticed or when the facility is completely vacant for a break-in. The timing of security patrols, when the building is locked down for the night all these crucial tidbits of information for planning a break-in can be obtained by watching. In cases where extremely sensitive information is being sought Collectors will even perform surveillance on your employees to see where they socialize, what they do in off-hours, were they live.
Eavesdropping is another common technique used by Collectors. One of the easiest and least risky methods is to sit behind your employees at lunch or in their favorite bar and listen to shop talk. They hear what the concerns are, what new projects are in the works. They learn who is having trouble with a project or personal life, which employees feel under appreciated or ill-used. Electronic listing devices are a booming industry. If the Russian's can place a bug in a seventh-floor conference room at the State Department  how difficult would it be for a Collector to do the same in your building's conference room? Utilizing the latest technology Collectors can monitor calls, especially those made on cell phone. Hearing the key conversations and pertinent details of your negotiations or high priority projects as they are passed from the field to the corporate headquarters yields information of great value to your competitors. Professional conferences provide another excellent opportunity for Collectors. This is where your prize research scientists presents their latest finding and discuss cutting edge development freely with their peers. Collectors are free to sit in the audience, come up to the scientist afterwards and ask follow-up questions, posing as one of their peers.
They collect. To these people your corporate trash is a gold mine. Dumpster Diving to them is a source of everything from employee lists, customer lists, marketing strategies, draft reports, new product design, anything that is discarded by a careless employee. Some corporations even discard old outdated computer systems and drives without electronically "wiping" the media. This produces a wealth of information for a Collector even if they only have simple tools to process the media. With just a little dirty work they can uncover these diamonds of information. Collectors send off for, and read, all the information your company makes publicly available to customers, investors, researchers, or students. They glean from the public filings of the US Legal system for patent information, mergers, and partnership agreements Who is suing you, and who you are suing give them both information and other sources to collect from that might hold your information. In an article about a Chinese spy manual it was noted that China's espionage agency felt 80% of the military intelligence they needed was available through public sources, could this be any less for corporate spies? 
The whole purpose of the watching, listening, and collecting is to provide a mass of data for analyses by the Collector. Once analyzed the Collector has several options on what to do with the information. First, if it is significant and valuable, the information can be sold outright to a client or your competitor. Second, it can be used as a bargaining chip to obtain other information either through direct trade or by leveraging. In the case of the information on employees, in could be leveraged to select people vulnerable to bribes. In most extreme case, information could be used to extort further information from employees with things to hide. Other information on the comings and goings of employees and security personnel can be used to plan break-ins. A break-in at Interactive Television Technology, Inc. resulted in the theft of three computers. These three computers happened to hold the plans and research surrounding a new technology valued at $250 million. It had taken the company four years to bring the product to market and in one fail swoop someone not only made off with their most recent designs and plans, but set the company back over three months because of a lack of recent backups.  In an incident not suspected of being Industrial Espionage, a smash and grab operation against Toronto Globe and Mail resulted in the theft of over $20,000 in computer equipment in just over two minutes.  How many corporate computers are located near ground floor windows? What would be the loss, in information, if a Collector executed a similar attack?
With the advent of the cyber age where information roams free along the electronic corridors of the Internet at the speed of light, another arena has been opened up to the Collector. The tools used are those developed by Hackers and Crackers over the years coupled with the good old "social engineering" of days past. The potential for gathering information is unlimited. The arena, of course, is the World Wide Web and the target sits on your disk as you view this HTML document.
In 1997 it was estimated there were fewer than 1000 people that qualified as "Professional" Hackers. That is, people who are capable of creating tools or developing original methods for Hacking.  Therefore it is safe to assume there are very few Collectors who are true computer geniuses. Collectors are just individuals adept at turning existing tools toward collecting information. An excellent Hacker's Toolkit (a software package which contains scripts, programs, or autonomous agents that exploit vulnerabilities ) can be downloaded from the internet with just a few hours of searching. Converting computer tools to information collection is relatively easy, because with computers everything is information and everything created for a computer collects and/or transmits information to one degree or another. Corporate web sites hold increasingly detailed information regarding a company's structure, products, employees, and the physical layout of its facilities. Some sites boast "fly through" tours of their facilities, pictures and bios of their executive officers, telephone numbers, and of course email addresses of key employees. The sole purpose of these web sites is to transmit the information to anyone who asks. Web browsers collect this information and provide it to the requestor who can view and store the information, as they desire. This type of information is invaluable to individuals who choose to exploit it as a means to collect further information. With the wealth of information freely available in today's on-line environment Collectors can do much of their preliminary research without leaving the comfort of their own home or breaking a single law.
Armed with the freely available information Collectors are now prepared use the net to gather even more information. With the bios and names of executives and key employees they can search the net for their favorite electronic haunts. Spoofing can then be used. Spoofing is defined as "masquerade by assuming the appearance of a different entity in network communications."  Emails or ICQ addresses can be "spoofed," sent with the Collector poising as an investor, potential customer, a reporter, or even a student researching the rising stars of the corporate world. After receiving replies, Email spoofing can be further used to appear as someone in authority within the corporation who can direct mailing of information, the establishment of computer access accounts, and even grant greater access for established accounts. All of these gives the collector access to just a little bit more of the corporation and its secrets, all with minimal exposure of the collector and sets the stage for further attacks. These can range from accessing an unsecured port for downloading files, to exploiting any one of a number of known security holes to gain root access to a system. A good example of the potential for "Cyber" Industrial Espionage comes from a New York Times report that claimed Reuters Analytics, Inc. hired a Collector to steal the underlying software and codes for their rival's, Bloomberg, L.P, data terminals. Though Reuters had a head start in the industry, Bloomberg's product was considered superior. Yearly sales of these data terminals exceeds $6.5 Billion. 
By mixing Mundane and Cyber techniques collectors can multiply the effects of their collection efforts. The routine of the office, gathered by watching, can enable the collector to plan physical break-ins of the building. While roaming the halls of the corporation they can steal trade secrets, clone drives of key employees, and even set in place login captures, all acts that could go totally undetected because it does no involve the removal of a single piece of property. Well planned daytime entries over lunch the lunch hour can allow the informed collector time clone disks, copy key files, or even send emails from key employee's desks to set into motion chains of events to leak information or disrupt company performance. Collectors can make use of internal networks to transmit the documents outside the building to avoid security.
Whether called Social Engineering, as in most Hacker manuals, or HUMINT (Human Intelligence), as the Department of Defense refers to it, your employees are targets of Collectors. People are a two-edged weapon in securing your corporate secrets being both the best protection, and the biggest risk. Proper training, education, and motivation can give people the tools and desire to keep your corporate secrets safe. Conversely, appealing to the vanity, greed, or vengeful nature of disenchanted or bored people has always been a tool of the traditional spy. Now these appeals can be made with protection of the electronic web. After gathering sufficient information on employees the Collector can choose his target. If the individual bites, a face to face meeting can be scheduled, if not the only thing that can be turned over the security is an email address or ICQ number, all easily disposed of with no trace to the Collector.
Another method used to attack through your employees is to take the information gathered by Mundane and Cyber means and impersonate another individual or spoof them electronically. Calls are placed over the phone, or messages sent via email pretending to be someone with the authority to make decisions. A good choice would be one of those executive officers with the picture and bio on the corporate web page. Regardless of the role many bored or uncaring individuals will give out information to include IP addresses, system setup, and even passwords and userids over to phone when intimidated.
Recruiting Insiders is another common practice among Collectors. "Many publications on computer security identify the most common source of intentional disruption as authorized individuals performing unauthorized activity."  Again, much of the information on the individuals that you would like to recruit can be found in publicly accessible databases and web sites. From this, some casual research can yield those candidates who are most susceptible to bribes or extortion. Often after proper research the Collector can make his presence know to the Insider and have them make the first overtures. This allows the Collector to have some modicum of confidence the individual will no go running straight to corporate security. Insiders are the most valuable assets a Collector can have. "They have the time and freedom to search people's desks, read private memos, copy documents, and abuse coworker friendships.  The threat does not end when the Insider leaves the corporation either. In 1992 several General Motors employees were accused of taking over 10,000 documents and disks containing GM trade secrets when they "defected" to Volkswagen. GM sued and in 1997 received a payment of $100 million from Volkswagen. 
Inserting Agents is one of the least risky forms of Industrial Espionage. The Collector handpicks the individual who they intend to insert. They provide the training, background story, and decide at which level to attempt to insert the individual. Once hired, even in a position of limited access, the individual becomes a trusted Insider for the Collector, able to provide increasing levels of access and perform some of the Mundane and Cyber attacks from within the corporation with minimum threat of being caught.
Industrial Espionage is not practiced solely by corporations. Many countries are turning their vast intelligence collecting machines from the military targets of the Cold War to winning an economic advantage for their industries at home. "Three years ago, FBI Director Louis Freeh told Congress that his agents were involved in 800 separate investigations into economic spying by foreign countries, and the agency lists at least 23 countries actively involved in economic espionage against the United States."  This serves to highlight the magnitude of the Industrial Espionage threat from around the world. It is not just the other countries that are engaged in this activity. In the case of the US, "=85the National Security Agency uses sophisticated computers to monitor millions of phone calls, e-mail messages and faxes from around the globe." Much of the information gleaned now appears to be headed for the desks of US Trade negotiators. Our closest neighbors and allies engage in Economic Espionage to their advantage. A high-tech intercept of the U.S. ambassador to Canada's car phone conversation allowed Canada to underbid the United States on a $5 billion wheat deal with China. While this was an example of country Vs country many nations are directly helping their corporations. France's spy agency has been alleged to have purchased trade secrets from a Corning Inc. employee and provided them to a rival French corporation. .
The threat to the Gross National Product through loss of competitiveness by US firms has not been taken lightly by US lawmakers. The result is a law, the Economic Espionage Act, enacted in May of 1996, which criminalizes the theft of trade secretes. While many doubted wide spread enforcement of this new law it was noted in a 1999 article posted by Schultz Roth & Sabel LLP on their web page that "=85the federal government has not only reasserted its commitment to tackling this significant problem, but has backed up those statements by deploying the extensive resources of the FBI and the Justice Department to ferret out trade secret theft, conduct covert investigations and initiate prosecutions."  Insiders appear to be the greatest threat. Of three major indictments brought under the Act, all involved the use on an Insider to perpetrate the theft. In two of the cases Insiders clearly instigated the attempted theft by contacting competitors and trying to sell company trade secrets. It should be noted in two of the three cases listed in the SRS article the companies contacted by the Insiders appeared to have cooperated with the FBI. In the third case, an Insider at Avery Dennison sold information to a rival corporation, Four Pillars Enterprises, of Taiwan. In an Associated Press article dated January 6, 2000 it was reported that the man received six months of home confinement and Four Pillars Enterprises was fined $5 million. This was the first case prosecuted under the 1996 Economic Espionage Act. But all is not without problems. Collectors are a tenacious lot. In one of the cases cited above involving a FBI sting, Bristol-Myers Squibb, Co. cooperated fully with the FBI who apprehended the Taiwanese culprits in the act of receiving trade secret documents. In a bold legal maneuver defense claimed the defendants had a right to the documents in the course of preparing for trail. A federal judge agreed and ordered Bristol-Myers to turn over the very trade secrets they sought to protect by cooperating with the FBI. The decision is currently under appeal, but again it goes to show how vulnerable information is to a determined Collector. 
"The potential loss to corporate America from the theft of intellectual property may amount to more than $300 billion a year, according to a recent survey of Fortune 1,000 companies and the 300 fastest-growing U.S. companies that was conducted by the American Society for Industrial Security."  This is up from the $24 billion to $100 Billion estimates found in Ira Winkler's "Corporate Espionage" published in 1997.  These numbers are just estimates because in many cases businesses are reluctant to admit either committing or being victimized by espionage.  Still, with these high stakes, Industrial Espionage Experts will be a growing career field for years to come. The government of the United States has fought for years, and gone to great expense, to battle the more traditional form of espionage, nation verses nation. While successful on the most part, the failures have been spectacular. Corporations do not have the luxury of being non-profit, as does the government. They must be ever watchful of the bottom line and have less recourse against employees who violate rules. This means corporate security will have to allow collectors a chance to succeed when the costs of absolutely protecting the information began to exceed the intrinsic value of the information itself. For this reason the threat of espionage will be with us in the information field for many decades to come.
 Cohen, Fredric; "The All.net Security Database"
 Ing, Robert; "Improvised Technology in Counter-Intelligence Application"
 Walker, Ira; "Corporate Espionage" Prima Publishing c1997
 Ignatius, David; "Bugged at the State Department", an article for the Washington Post, 22 Dec 1999
 Article; NewsMax.com; "China Spy Manual Discloses Ruse", January 4, 2000
 Scandia Report, SAND98-8667, "A Common Language for Computer Security Incidents" Printed Oct 1998
 Blumenthal, Les and Doyle, Michael; Article for the Sacramento Bee, Washington Bureau
 Schultz Roth & Sabel LLP; 1999 article posted on their Web page, "Update: Economic Espionage Act"
 Article; Associated Press; "Father, daughter sentenced in Industrial Espionage case" dated January 6, 2000
 Buerkle, Tom of the International Herald Tribune; "Cyberburglars Weave a Web Around Globe"
 Denning, Dorothy E., "Information Warfare and Security" Addison-Wesley 3rd printing July 1999
 Parker, Donn; "Fighting Computer Crime" Wiley Computer Publishing c1998
 Cohen, Fredric; "Protection and Security on the Information Superhighway" Wiley c1995
 White-Paper; "Internet Security" Last modified March 1999
 Article; "Corporate Snoops Sharpen Skills" Washington Times 08/31/98