http://www.mybroadband.co.za/nephp/?m=show&id=3022
Industrial espionage made easy
By: RHYMER RIGBY, Financial Times, 2 June 2006 posted on 06-02-2006.
"Last year Manchester United discovered that its
dressing room talks about team tactics had been
bugged during a crucial match. Tapes of the talks
had been offered to The Sun newspaper."
Similarly, the Japanese bank Sumitomo in London
was alerted last year to its computers being
physically bugged with keystroke loggers by a
gang hoping to steal 220m Pounds; the bugs were
thought to have been attached by cleaners.
In 2003, Boeing was stripped of US Air Force
contacts worth Dollars 1bn when it was discovered
that it illegally obtained documents from rival Lockheed Martin.
With all the worry about crime in cyberspace and
tight physical security in the aftermath of
terrorist attacks, businesses may sometimes
forget that there are plenty of other
opportunities for private information to be
secretly obtained and misused. "Everyone's very
keen to control who comes in and out of the
building and protect cyberspace," says Crispin
Sturrock, chief executive of information security
company White Rock. "But there is a big hole in
the middle. Far fewer companies prepare for industrial espionage."
Peter Yapp, deputy director of network forensics
at Control Risks Group, adds: "If people want
information from you, they'll go for the weakest
link. If you've got a good well-managed
fire-wall, that won't be it. It might be the
bins, it might be overhearing conversations in
the pub, it might be (bribing) a cleaner to
obtain information. It doesn't have to be sophisticated."
Brian Stapleton, head of financial investigation
at the risk-consulting group Kroll, says
companies appear to be increasingly "actively and
regularly targeted". He ascribes this to the huge
amounts of money that investors can make very
quickly with access to secret information.
Eavesdropping on businesses has become easier as
bugs have become more available, cheaper,
powerful and smaller. A concealed MP3 player, for
example, can record days of conversation. A phone
bug can be planted in a room and dialed into from
anywhere: the call often escapes detection
because it resembles an ordinary mobile phone
call. They are, says Mr Sturrock, "the current bug of choice".
They are readily available in shops such as
Spymaster in London and on the internet and cheap
enough to be disposable. Other James Bond-style
gadgets, small and easily concealed - a fake
smoke detector with a hidden camera, for example - are also very affordable.
Would-be spies are also happy to raid your
rubbish. Many businesses believe a shredder takes
care of sensitive information, but that faith is
misplaced, Mr Sturrock explains. Shredding
devices have six grades. Six is the most
effective, but three is the most common. Any
documents shredded by a machine below level five
can be reconstructed with software or by sending
the waste to be sorted in a country with cheap labour.
Technology has made spying easier, but so have
new employment trends. The spying device at
headquarters or in a hotel room or a bar may be a
person. It might be the low-paid, probably
unvetted and possibly temporary cleaner. It could be a disgruntled employee.
Staff can be persuaded unknowingly into giving
out passwords, or they may give away information
by talking loudly on a mobile phone or by
mislaying a BlackBerry. Spies might operate near
top-level staff's homes, looking for an open
Wi-Fi ÂÂconnection or cordless phone.
Industrial espionage tends to take place at times
of high sensitivity and risk to a company, says
Norman Bolton, a director of the security
consultancy C2i International: "We usually find
it happens to companies that are suffering." This
often provides the combination of incentive (the
company may be ripe for a takeover bid) and means
(the employees are likely to be miserable or worried about job security).
Commercially sensitive information may not always
take the form most obvious to staff: as well as
information affecting a company's area of
operation, spies could be interested in the
details of a joint venture or technology transfer.
Many developing countries have neither the
intellectual property law nor culture of
information security that have developed in the
west and far more is considered fair game.
Bill Waite, chief executive of Risk Advisory
Group, says: "It's not unknown for hotel rooms to
be entered at night and entire laptop hard drives
to be copied. Those who this happens to usually
don't have any idea what has gone on."
Spies can be defeated. On the bugging side,
counter-surveillance companies can sweep the
premises and throw "electronic blankets" over
rooms during secure meetings. Very determined
spies can use lasers to "read" the vibrations of
a conversation or film videos through long lenses
to be viewed by lip readers, so if the meeting is
really sensitive, businesses can use secret locations with private entrances.
On the staffing side, prospective employees
should be checked, and staff should be encouraged
to tidy away papers and anything of a sensitive
nature from their desks. They should not use
shared printers for sensitive documents and
should be wary when carrying sensitive
information on their laptops. More businesses
should remember that the only way to erase
information on an old hard drive is to destroy the disk.
An important part of minimising risk, says Mr
Stapleton, is maintaining loyalty and morale
among employees. "Our view is that if you have a
disgruntled and demotivated workforce, they will
be far more open to approaches from outside
agencies - and that is the easiest way to get
information out." Industrial espionage may have
replaced industrial action as a way of acting on a grievance.
"Don't forget", says Mr Stapleton, "there is
still a lot of sensitive information inside people's heads."
----------------------------------------------------------------------------------------------------
We Expertly Hunt Real Spies, Real Eavesdroppers, and Real Wiretappers.
----------------------------------------------------------------------------------------------------
James M. Atkinson Phone: (978) 546-3803
Granite Island Group Fax: (978) 546-9467
127 Eastern Avenue #291 Web:
http://www.tscm.com/
Gloucester, MA 01931-8008 Email: mailto:jm..._at_tscm.com
----------------------------------------------------------------------------------------------------
World Class, Professional, Ethical, and Competent Bug Sweeps, and
Wiretap Detection using Sophisticated Laboratory Grade Test Equipment.
----------------------------------------------------------------------------------------------------
Received on Sat Mar 02 2024 - 00:57:26 CST