High tech plays 'I Spy'
By Cliff Edwards
SANTA CLARA Transmeta chief executive David Ditzel chuckles at the memory of the sudden interest in the company's trash weeks before taking the wraps off its top-secret new Crusoe computer chip.
But with hundreds of millions of dollars of research on the line, keeping the microprocessor's specifications secret was no laughing matter.
Ditzel and other employees at Transmeta's sprawling low-rise office complex, located in an area tightly packed with semiconductor companies, kept a careful watch on the trash bins and chased off several people, including one whose car bore the bumper sticker of a well-known rival.
"We made sure all they got were orange rinds," said Ditzel, who kept the company's mission secret for five years until January despite heavy interest from the media and industry.
Even Oracle Corp.'s hiring of detectives to dig up information on archrival Microsoft Corp., didn't shock executives in Silicon Valley, where "security" companies hired by many of those firms say it is standard procedure to get down in the dirt to muddy the image of competitors or profit off their work.
"Dumpster diving," hacking, bribery, hiring away key employees even not-so-casual conversations with unsuspecting relatives of company executives, have become conventional tools in the unconventional business of corporate espionage.
Fortune 1,000 companies lost more than $45 billion last year from trade theft, according to a survey by the American Society for Industrial Security and PricewaterhouseCoopers. Other estimates put the figure closer to $100billion.
But in the game of spy vs. spy, few players are willing to admit involvement unless caught in the act. In recent years, admissions of unorthodox tactics have come from companies including Microsoft Corp., America Online Inc., and this past week, Oracle.
Larry Ellison, the Oracle chairman, said he authorized payments to a private detective agency to spy on several trade and policy groups that publicly supported Microsoft in the federal antitrust case. He portrayed his efforts as a public service, although Oracle would benefit directly from a wounded Microsoft.
According to executives at firms who do corporate espionage, what has been dubbed "Larrygate" by some is by no means an isolated incident.
"Corporate wars are just like real wars: They're ugly, and they are won and lost in the details," said Eric Dezenhall, whose Washington firm Nichols-Dezenhall hires private detectives, former CIA, FBI, Drug Enforcement and other law enforcement officers for corporate investigations.
"A company might not want to know how you got the information, but they still want the information," Dezenhall said. "To survive in a more competitive climate, corporations need to resort to unconventional resources, and some of those resources include using deceit to stop an attacker.
"I tell them if you live by the sword, you may die by the sword. But if you live by the olive branch, you still may die by the sword," he said.
Experts say high-tech companies are especially vulnerable to espionage.
They often work to promote a casual atmosphere to their employees and overlook establishing security procedures in their rush to get out new products. Security guards are rarely posted in many companies' lobbies, doors go unlocked, computers lack intrusion safeguards.
"You can expect that your adversary is going to come through the path of least resistance, the one gateway that you didn't secure, whether it's your trash or your Internet gateway," said Amit Yoran, chief executive of RIPTech, a security-monitoring company.
"It's not something that's openly talked about, because most people think it does smell," Yoran said. "But you have to realize this is a global economy we're now talking about; in the international and global economies where we are competing, these are commonly accepted business practices."
On several occasions at optical data-switching equipment manufacturer Cyras Systems Inc. of Fremont, two men in black suits entered unannounced and made a beeline for the company's engineering department before being stopped.
Cyras Systems hired plainclothes security guards to patrol the corridors and ordered new ID cards after one incident in which a man told an employee he was there "to browse," said company spokesman Gary Clemenceau.
And earlier this month, the company hired guards at a West Coast trade show after a crate containing sensitive equipment was broken into.
"The space is increasingly competitive, and if they can't invent it, they'll try to steal it," Clemenceau said. "Unfortunately, that means many of us are having to 'Big Brother'-up the place."
Industry analysts say many such companies are doing the same.
They estimate slightly more than 80 percent of the world's companies with a market capitalization of more than $1billion have a formal intelligence program to either gather information on competitors or protect their own information.
Forrester Research in its "B2B Information Warfare" report found that while corporate spending on security represents just a fraction of total expenditures, the security spending has risen by a factor of 10 in just two years.
"No one knows the total size of the problem, but even if they don't talk about it and even if they're not quite sure what they're afraid of, it's clear they see the risk," said senior analyst Frank Prince at Forrester's e-business infrastructure group.