corporate espionage recipes
Cyberspace-Junk: Three Top Ways to Avoid a Collision
The start of 2010 brought with it a spate of reporting on the dangers of cyberspace, whether it be cyberattacks on an individual, a corporation, a public utility system like an electricity grid, or nation states playing games with each other. Mid-January saw an unlikely cyberwar breaking out when Iranian hackers attacked China’s largest internet search engine, Baidu, and Chinese counterparts retaliated against Iranian websites. In this rapidly expanding arena of competition, Russia, China and a number of other countries have been accused of mounting massive operations, though in this field there are far more sinners than saints.
A McAfee survey of 600 international technology executives (‘In the Crossfire: Critical Infrastructure in the Age of Cyberwar’, available at www.mcafee.com), released in January, helped wipe away any New Year complacency. It found that recession-driven cuts in spending on online security over the past 12 months had led to an increase in threats. The result was that more than one-third of those interviewed believed their sector was unprepared to deal with a major attack. More than half felt that the laws in their country were inadequate in deterring potential cyber-attacks, and almost half lacked any faith in their government’s capacity to prevent or deter them. One expert believes that consumers will increasingly bear the cost of online crime and security breaches as organisations seek to limit their exposure in an escalating battle against such attacks.
Art Coviello, president of EMC’s data security arm RSA, for example, has little confidence in government, pointing out that data security regulations have fallen way behind the internet age. He believes that government regulation on security should focus on outcomes and not on prescriptive measures. Data breach regulation is a great regulatory initiative because it does just that. It says, if you are negligent in protecting information, you need to publicly confess. He says it’s amazing what California has done to ensure that people do the right thing because they don’t want to be embarrassed. “Compare that,” says Coviello, “with prescriptive regulation like the obligation to encrypt this or provide that. That relies on the government having the kind of technological sophistication to keep up with the threats. What do you suppose are the odds that governments are going to move quickly enough? They can’t even update the laws for the internet age, let alone data protection. It’s much easier for government to say don’t let something happen and put the onus back on the organisation to protect its infrastructure however it sees fit.”
Duel of the Designers: New Industrial Espionage War Zone
Economic and commercial espionage has a much lower profile than it deserves – dangerously low. It’s an area where many companies remain unaware of their vulnerability, believing that unless they’ve invented something like a cure for the common cold, no one is likely to be interested in what they’re doing. That’s definitely not the case, for it’s often just a missing link in a chain that a competitor is after. But despite the seriousness of the matter this arena does sometimes produce the oddest of perversities. Here’s a story that takes a lot of beating, even if it doesn’t involve a commercial James Bond having a flat tyre at a crucial moment.
One of China’s major car companies, Great Wall, which is Hong Kong listed and also one of the biggest non-state motor manufacturers, has accused Fiat of secretly photographing its production line and stealing information on its new models. Perhaps there’s nothing unusual about that, but for the fact the Chinese argue that Fiat engaged in this perfidious activity while gathering evidence for its own claim that Great Wall had copied one of the Italian company’s models. This is where things get sticky, as well as perverse.
Fiat has a compact car called Panda, and an Italian court handed down a finding in 2008 that a similar vehicle called the Peri that is produced by Great Wall was in fact an imitation of the Italian model. As a result, sales of the Peri have been halted in Europe. The Chinese are currently in litigation to have that decision overturned. Meanwhile, they claim that while Fiat was gathering evidence on the Panda case, it secretly engaged in industrial espionage at one of Great Wall’s production facilities. The Chinese are now suing Fiat and they’re citing as evidence the very evidence that Fiat itself has presented to a Chinese court to prove that it was Great Wall that did the dirty deed in the first place. Now that’s the sort of convolution that gives convolution a bad name.
Cyber Sabotage and Phone Hacking Rife
Despite the rampant nature of industrial espionage, it’s a topic that receives surprisingly little coverage in the media. When Germany announced recently that Chinese spies were costing its corporate world billions every year, as well as thousands of jobs, it was Britain’s Guardian that highlighted the story (July 22). As globalisation increasingly weaves us into its intricate pattern, most businesses still feel it’s something that can’t happen to them. Imagine being the subject of a damaging attack and not even knowing. That’s unforgivable in an era when diverse methods of sophisticated forensic investigation are readily available.
The German claim, which came from a counter-intelligence expert in one of the country’s states, warned that China was using an array of ‘polished methods’ to steal industrial secrets. Russia, he said, was also at the top of the list of nations utilising their national intelligence apparatus to help save billions on their own R & D budgets. While Russia had hundreds of thousands of agents, China had a million and ‘years more experience’. It also had the ambition of being the world’s leading economic power by 2020.
Internet spying techniques are way out in front and the areas most under attack are the automobile industry, renewable energy, chemicals, communications, optics, X-Ray technology, machinery, materials research and the arms industry. The information being gathered went beyond R & D results to management techniques and marketing strategies. The Germans see internet espionage as the biggest growth field, with what they refer to as the ‘thick fog of Trojan email attacks’ taking place against thousands of firms on a regular basis and adopting cover-up methods to disguise where the messages have come from.
Corporate Espionage: Keeping an Eye on Your Staff
The conviction in California last week of a longstanding Chinese-American employee of Boeing on charges of spying for China throws the spotlight on the difficult question of what you can do to protect your corporate secrets. Whether in the form of R & D results or intellectual property, the loss of key assets can often cripple an organization. Privacy considerations in most countries today make the task a challenging one. The multicultural nature of many societies also adds extra layers of complexity. But there are a number of ways in which a professional forensic investigation team can bolster your position. Computer forensics are often vital to this.
Of course, pre-employment screening is by far the best way to start, but even with well-entrenched staff members it’s never too late. Professional investigators can pick up telltale signs in the activity of people you would never have suspected.
The Boeing case was the first big economic espionage trial in the US and involved a former engineer who was born in China, moved to Taiwan and then the US, where he was naturalised. He worked for four decades for Boeing and other companies closely related to it, and over three decades passed a vast array of trade secrets to the Chinese government. He was involved in sensitive aircraft and rocket developments as well as in the space shuttle project. Now aged 73, Greg Chung was arrested by FBI agents in 2006 after they identified a link between him and another engineer from a hi-tech surveillance equipment firm whom they were investigating. The latter, who served as Chung’s conduit to the Chinese, was convicted and jailed for 24 years. Chung will be sentenced in early November and could face more than 90 years in prison.
India’s Vanishing Companies – Is Your Forensic Search On?
For such a computer literate country as India, on which many businesses around the world rely for skilled services, it comes as a shock to read in a Financial Times front-page story (July 15) that 121 companies have vanished there after violating filing rules. With the state of financial crime in India – let alone everywhere else – this is a salutary warning to business to link up without delay with forensic professionals who can help you avoid losing all your assets when such a company disappears into thin air.
Investigations by the Ministry of Corporate Affairs in New Delhi have revealed the identity of the 121 companies involved, which listed on the country’s stock exchanges during the 1990s. But there could be more. Those already uncovered will be prosecuted. The Ministry has also announced that India’s stock market regulator – the Securities and Exchange Board – has banned 100 companies and 378 directors from using the capital markets for five years.
Business people around the world were shocked in early January this year to learn of the Satyam scandal in India. A leading IT outsourcing company, with clients like General Electric and General Motors, the $US823 million fraud was the biggest in the country’s corporate history, causing the company’s share price to drop by 78 per cent and sending India’s benchmark Sensex Index down by 7 per cent. It was quickly nicknamed India’s Enron scandal.
New Spy Chief Slip-Up Highlights Technology Dilemma
Virtually every household’s lexicon is replete these days with terms like Facebook, My Space, Twitter, MSN Chat, hi5 and Skype. As useful as social networking is to many people, we need to consider what happens when this private world meets – if not intrudes upon – the professional domain of business and government? In some cases the answer is disaster. The security, for example, that your firm’s operations depend upon can be obliterated in one innocent flash, and possibly without you even knowing. In this day and age it pays to have experts in forensic investigation on side who can warn you of where your danger spots are. Corporate intellectual property can be exposed by over zealous engineers posting their findings on the web or by marketing personnel giving `sneak’ previews of a new product launch to their Twitter group.
A lesson in how alert you have to be came in Britain a few days ago when the country’s new spy chief, Sir John Sawers, 53, found himself in hot water over his wife’s Facebook page. It was speedily removed by the government after its contents were published in a newspaper. To many, it looked innocent enough: shots of the Sawers and their three children at the beach and a selection of vacation photos. David Miliband, the Foreign Secretary – read Minister – who is responsible for the Secret Intelligence Service (commonly known as MI6), ducked and weaved by claiming that it was hardly a state secret that Sir John wore Speedos.
The problem was that the Facebook site also revealed the location of the family’s London home, transport details and shots of other senior officials with whom Sawers and his wife are friendly. Lady Sawers had imposed no privacy protection on her account and hence it was available to some 200 million users. Currently Britain’s ambassador to the United Nations, Sawers is due to take over MI6 in November. Even before he went to New York, the Facebook site should have been removed for simple security reasons. He was, after all, an MI6 spy himself before he moved on in his career to work in Yemen, Syria, Egypt and Iraq. He has also been closely involved at the policy level with Iran, Iraq and Afghanistan.
Foreign Government inspire Cyber Attacks on Corporate Targets: Forensic Protection
The corporate sector has been caught up in the latest phase of internet enabled cyber attacks by hacking groups inspired or controlled by foreign government espionage agencies. Corporations can be seen as an easy target with a repository of valuable information: few corporations have in-house computer forensics teams to track cyber attacks or data theft. Preventing and detecting hacking attempts is a fundamental aspect of computer forensics.
The British Government has announced a new Cyber Security Operations Centre at its top secret listening post, GCHQ, at Cheltenham. This comes amid claims that a new “cyber cold war” is under way, with Chinese and Russian hackers capable of crippling computer systems that control the nation’s water supply, power grid, air traffic and even its banking system. Americans have similar concerns, as do others. If you’re in business and read this, it’s likely you’ll shrug and move onto something more important. In reality, a state intelligence apparatus might at that moment be hacking into your most closely guarded corporate secrets while you’re blissfully unaware. Not knowing why and how this could happen is unforgivable, especially when computer forensic skills and other sophisticated investigative methods exist that can tell you what sort of target your firm is and how you can guard against attack.
If you do suffer serious loss from such a hit – and you actually find out – your board and probably the financial press as well will be scathing in its criticism of your old world attitude that allowed this to happen.
Pre employment screening: an anti-fraud tool
Fraud has become one of the greatest threats to corporations and organisations over the past decade. Forensic fraud investigators are often deployed to uncover fraudulent activity after suspicions are raised or a tip-off. Though estimates for the totals amount defrauded from corporations, institutions and governments vary wildly, they all agree on one point; the frequency and quantity of loss to fraud is increasing. One of the best estimates is conducted by the Association of Certified Fraud Examiners (ACFE) which calculates that U.S. organisations lose an estimated 7 percent of annual revenues to fraud - a staggering estimate of around US$994 billion for U.S. organisations in 2008.
Various surveys conducted by international accounting firms over the past 5 years have found that one of the best ways to combat fraud is to hire the most honest, qualified and experienced personnel available. This reduces the chances of hiring current or potential fraudsters and sets a minimum level of quality and ability for personnel hired. Intellisec believes the most effective way to do this is to perform pre-employment screening on all prospective hires, contractors and interns prior to engaging them.
What is PES?
PES is the abbreviation commonly used for `Pre Employment Screening’. PES generally refers to the method whereby a prospective employer arranges for information relating to a potential candidate or contractor to be checked and verified to confirm suitability for employment and whether they have a criminal record / history of being involved in dishonest activities.
Computer Forensics – Swine `Flu Scammers: 3 Live Case Stories
The US Better Business Bureau [BBB] says more than 250 website domain names have so far been registered with the term “swine flu”. The fear is that many of these will be used to commit fraud and scam consumers. The BBB is especially warning internet users not to take up offers to purchase swine flu vaccines as no such thing exists.
As the internet continues to make the world smaller and allows us to communicate with each other around the globe, scammers utilize the same networks to infiltrate computer systems. The scammers quickly seize upon world events in the news as a means to mount their attacks on unsuspecting victims. Recent examples include phishing attempts by sending emails with the subject titles of `Italian Earthquake latest news’ and of course `Swine flu latest news’ as an inducement to get the recipients to view the email and open attachments posing as images.
Wikipedia defines phishing as “the criminally fraudulent process of attempting to acquire sensitive information such as usernames, passwords and credit card details by masquerading as a trustworthy entity in an electronic communication”. The Scammers also seek to infect computer systems with viruses, trojans and key-stroke logging programs as a method to steal information. This activity can result in the unauthorised copying, manipulation & deletion of files or logs on a computer system. There is now an established industry seeking to combat these attacks, including companies such as Norton and AVG.
Attacks using phishing or trojans applications are usually discovered only after the event. This often results in the system administrator or users being the first to note that files have been altered or deleted, or else data have been copied without authority. At this point, administrators often turn to experts in computer forensics or digital forensics to ascertain the extent of the compromise, what information has been altered / deleted / moved / copied.
Starwood & Hilton Hotels: A case of corporate espionage
The term `corporate espionage’ has been around for decades and is often used by the media to infer a top secret method used by a foreign power to winkle out industrial secrets which could make or break western civilization [Chinese American Scientist Lee Wen Ho, who was accused in 1999 by US Federal authorities of stealing nuclear arsenal secrets for China, springs to mind]. However, far more common than this is the corporate espionage that affects the business operations of everyday entities ranging from small businesses to large corporations. A case in point demonstrating Intellectual Property & Brand Protection abuse involving Hilton Hotels and Starwood are before the courts right now.
The type of information which is usually targeted during a corporate espionage operation is somewhat mundane in comparison to government backed spying operations but can be equally damaging to the victimized organisation. Likewise, the players in these operations tend more to be managers who happen to have access to crucial information due to chance, proximity or reporting structure rather than a grand design by a foreign spy network.
A good example is the recent stoush between the hotel groups Starwood and Hilton. According to media reports, Starwood has accused Hilton of poaching their senior employees as well as stealing thousands of documents regarding their successful W Hotel and St Regis Brands. Hilton denies this. Starwood claims that two of their top executives took with them thousands of documents when they jumped ship to Hilton. These documents supposedly contained the bulk of the Intellectual Property [IP] developed by Starwood over years of operating their luxury chain. This IP included such diverse information as how to negotiate with property developers, training employees, development plans, marketing, demographic data and methods for operating the whole hotel. Starwood contends that this IP is worth tens of millions of dollars and effectively allows a competitor to leapfrog the failures and setbacks of developing their own brand.
