| Corporate Espionage was once thought of as a | | | | The placement of bugging devices in offices or |
| risk that only affects the richest of companies in | | | | boardrooms is not always the first option for |
| high-risk sectors or emerging markets, the latest | | | | espionage; often the logistical problems involved in |
| trends suggest that this is far from the truth. | | | | a live covert device far outweigh the benefits. |
| The history of espionage, thought by some as | | | | However, should access have been gained via |
| the second oldest profession in the world, can be | | | | inside information or chance, many of those |
| traced back to biblical times with more than 100 | | | | carrying out espionage prefer to install hardwired |
| references in the Old Testament. Sun Tzu's book | | | | GSM based devices, solving power and distance |
| "The Art of War", written around 500BC deals | | | | issues. Cat5 cabling for example is a good carrier |
| specifically with intelligence networks and | | | | for installing covert microphones. A GSM device |
| intelligence gathering. Unfortunately as is often the | | | | being located elsewhere in the complex acts as a |
| case, history has not taught us the most basic of | | | | "voice activated transmitter" and is almost |
| lessons; that intelligence is power, whether in | | | | impossible to locate during a TSCM sweep of the |
| business or war, he who has intelligence has the | | | | given boardrooms or offices. |
| upper hand. | | | | Having a good internal security policy will aid a |
| Many are naive enough to think that espionage | | | | company and deter potential offenders. Staff |
| comes straight out of the pages of Ian Fleming's | | | | should challenge visitors not displaying a visitors |
| James Bond, confined to Governments and the | | | | badge; visitors should be met at reception and not |
| largest of corporations. They are very much | | | | left unattended. Workmen also should not be left |
| mistaken. | | | | unattended and all companies should employ a |
| No one wants to be a victim, least of all admit to | | | | clean desk policy where possible. |
| being a victim, yet the rewards for those carrying | | | | Landlines |
| out espionage far outweighs the risks or expense | | | | A device placed on the telephone line can be as |
| involved. Sad as it may seem, a simple device | | | | far as five miles away prior to the line entering |
| bought for as little as two hundred pounds can | | | | the local exchange. A simple device that tests line |
| cost a company millions through lost corporate | | | | voltage or impendence will not detect hi-tech |
| intelligence. At the lower end of the scale there is | | | | devices unavailable to the general public. These |
| the office refuse, if this is not disposed of in the | | | | varieties of device are normally of GSM type and |
| correct manner it can be yet another source of | | | | utilise the power from other sources within the |
| leaked information within companies or | | | | local exchange/cabinet. They are nigh on |
| organizations. | | | | impossible to detect without a physical check of |
| Directors, management and IT personnel of many | | | | the line up to the local cabinet (green roadside |
| companies fail to understand the fundamental | | | | cabinet) level. |
| basics of countering espionage and the techniques | | | | Securing an external landline to the property need |
| employed by those carrying out such activities. | | | | not be an expensive encryption system; replacing |
| Millions of pounds are spent each year on | | | | an analogue system with digital ISDN/ADSL |
| eavesdropping transmitters, computer keystroke | | | | system will ensure that the line is far more |
| loggers and telephone recording systems. | | | | secure. Fibre-optic cables cannot be tapped into |
| Everyone wants to know what everyone else is | | | | with ease unlike a twisted copper pair; a |
| doing in business, and for some it makes sense to | | | | "pod-splitter" and true line identification are |
| have a budget for "intelligence" prior to entering | | | | required. |
| into litigation suits, hostile takeovers or mergers | | | | Cellular telephones |
| and acquisitions. | | | | The fact is, that while it costs in excess of |
| Litigation, for example, is an area of complex | | | | £250k for the necessary equipment for |
| issues, cross border or otherwise, where technical | | | | intercepting a cell phone, jamming the phone's |
| surveillance has in the past, been used to affect | | | | signal costs less than a tenth of that price and is |
| the outcome of a given case. When a case is | | | | far easier on an operational basis. A target uses a |
| worth £500 million, spending £50,000 on | | | | cellular telephone because she/he thinks that it is |
| winning makes sense to many companies, and far | | | | the most secure way of communicating. A cellular |
| outweighs the risks of becoming the loser. | | | | jammer can be deployed to jam the cellular |
| The level of the risks involved in Corporate | | | | telephone, forcing the target to use the landline |
| Espionage is all relative to the financial rewards. | | | | that is intercepted. Keeping it simple counts, low |
| The level of the technology employed is relative | | | | risk and high gains. |
| to the investment. | | | | Computer Systems/Email |
| It is more and more evident that few security | | | | Trojan Viruses sent to targets via email can |
| companies fully understand the technology | | | | contain complex keystroke logging programmes |
| involved, how communications operate or are | | | | or open back doors to computer systems. At the |
| intercepted/manipulated, leaking vital corporate | | | | lower end of the scale, there are many of such |
| intelligence to competitors. | | | | programmes freely available on the Internet, at a |
| Some Technical Surveillance Counter Measures | | | | low cost or for no cost at all. At the higher end |
| (TSCM) firms are so far behind that the advice | | | | of the scale there can be hackers targeting a |
| that they pass on to their clients is often futile. | | | | business/director in order to gain given intelligence |
| With budgets in the tens of thousands of pounds, | | | | on sensitive financial matters. The cost of the |
| a telephone can be intercepted miles away from | | | | latter option, whilst in the thousands of pounds |
| the target location and monitored from the other | | | | mark is, as I have previously covered, worth the |
| side of the world, live. Each call is time and date | | | | risk in the larger cases. |
| stamped, in turn recorded on a computer for | | | | New, off-the-shelf, computers are not as secure |
| later evaluation. | | | | as users might think; the default settings are |
| The fact of the matter is, in some cases a TSCM | | | | insecure and need to be configured prior to |
| sweep is of no use when technical surveillance can | | | | connection to the outside world. The most basic |
| be so remote. Better understanding is needed, | | | | of steps should always be taken, updating |
| both of the modus operandi and of the latest | | | | anti-virus software on a weekly basis, backing up |
| technology. Few TSCM firms understand just how | | | | networks and installing a hardware firewall are just |
| far an espionage budget of £20k can go. | | | | some of the easiest options to employ as a |
| TSCM sweeps as part of a security housekeeping | | | | counter measure. |
| policy do make sense if carried out to include | | | | The best answer to computer security is file and |
| computer systems, rooms and telephone lines to | | | | email encryption, this though, only providing that |
| local exchange level. It is true to say that the | | | | the computer system is firewall protected. |
| basic technical principles of espionage technique | | | | Bluetooth and Wireless connections |
| have not changed too much over the past | | | | Wireless computer connections are high risk and |
| twenty years since the end of the cold war. | | | | can, if not set up correctly be intercepted at ease |
| However the movement in technology and with | | | | by external attack. This risk has been highly |
| the vast use of communications spanning the | | | | reported over the past two years, but many |
| world has lead the public into a false sense of | | | | manufacturers have still failed to change the |
| security and apathy when employing these | | | | default settings of their devices, thus enabling |
| communication techniques. | | | | other "attacking" systems to connect and |
| Any type of electronic communication can be | | | | download vital information such as address books |
| intercepted at one level or another; the role of | | | | and other files; all without the user's knowledge. |
| the TSCM firms should be best utilised identifying | | | | Overall what must be taken on board is that no |
| the areas of weakness and employing measures | | | | one wants to work in a locked down |
| to combat these possible areas of weakness. | | | | environment, but in a secure one. All security |
| Office Security | | | | recommendations need to be both affordable and |
| Many large companies fall foul of size and general | | | | workable, the simpler the better, realistic and in |
| lack of in-house security policies, making espionage | | | | keeping with the level of possible threat. |
| far easier and easier still with inside information. | | | | |