Industrial Espionage Intelligence

Industrial Espionage IntelligenceThe nurture revolution and the advances in engineering science during the agone decades has brought to fore many challenges and issues to both governments and pipelinees, the age- out of date crime of espionage or the be hold back of spying to gather secret learning is one the most potential issues facing reading-based societies such as the unify States, at once. Although, much has been scrolled as fact and fiction concerning the traditional foreign agents and spies, in todays world of multi-national, multi-billion clam corporations, and industrial espionage is a growing danger. Further much(prenominal), this is aggravated by the fact that many large transactiones atomic bout 18 physically disseminated which has distributed management and administration, and more job specialization.High technology offers the ability to invite and persona information for competitive edge over others in meeting logical argument and government objecti ves, it in like manner makes modern information and technology-based nations and businesses vulnerable as information lowlife be stolen from electronic storage media and transmitted in seconds without even physically removing the data.The paper attempts to examine and understand the challenge of espionage to industries and businesses in the States. However, in doing so, it shall also look at the historical development of espionage and examines how the advances in technology in the recent years have facilitated the act of espionage, and also the measures that whitethorn prove utile in controlling Industrial Espionage. As a prelude to the research, it may be worthwhile to understand how industrial espionage is defined, its genius and implications.Industrial Espionage Definition and personality The Federal Bureau of Investigation defines industrial espionage as an individual or private business entity sponsorship or coordination of intelligence activity conducted for the purpose of enhancing their advantage in the marketplace. Cited Boni and Kovacich, 2000 p. 48 speckle this definition may imply Industrial Espionage to be more or less the same as business or competitive intelligence, gutter F Quinn explains the essential difference between the two while business intelligence is generally under private sponsorship using an open methodology, espionage may be either government or privately sponsored and clandestine. Cited Boni and Kovacich, 2000 p. 47My definition of Industrial Espionage is it is the process of collecting information and data for the purpose of generating revenue. Generating revenue is very important prognosis for these people. They atomic number 18 not thrill overhearker, if the compensation does not justify the reward they will not bother attempting to collect the required information. Individuals who commit Industrial Espionage atomic number 18 not looking for information for information sake, but for information that will produce a big payday when acquired by a second party or when the information is viewed by unauthorized personnel the value of the information is no longer valuable. Money and motive are motivators and the s retains in todays billion dollar business environment the rewards far exceeds risks.In the highly competitive and globalized business environment, copyrighted intellectual spot and scotch information is considered the most valuable good by all nations, particularly the advanced ones. vexationes and/or governments involve in espionage activities for the purpose of un lawfully or clandestinely arriveing sensitive financial, trade or scotch insurance policy information, proprietary/sensitive economic information or critical technologies including but not limited to data, projects, tools, mechanisms, compounds, designs, formulae, processes, procedures, programs, codes or commercial strategies, whether tangible or intangible, for competitive business advantage. The proprietary informat ion so stolen may have been stored, compiled or memorialised physically, electronically, graphically, photographically or in writing and may be reasonably protected by the owner and not accessible to the general public. Boni and Kovacich, 2000 p. 48Proprietary information may be stolen by employees accessing the business and company databases, hackers breaking into the company server, or sponsored teams of burglars. While companies may lose vital business information through employees leaving the job, espionage occurs when the employee willfully looks for the data, steals it, copies it and sells it for money, or for his own unit, when he intends to produce a similar item. Espionage by competitors involve spying the activities of other businesses and unlawfully gathering of secret information, so that they quarter steer their businesses by adopting appropriate strategies and stay at par with, if not ahead of, competition in the marketplace. Interested outsiders and competitors adop t many methods including bribery, detective spying through shady agencies, searching through garbage, also referred to as dumpster diving, scams to deception workers through social engineering, or even expose loopholes and weak points in the lives of workers and blackmail them for gathering information.The theft or unlawful receipt of intellectual property and economic information, particularly by competitors and foreign governments threatens the development and production of goods derived from such information and also results in loss of profits, market share and perhaps the business itself and may thereby result in the weakening of the economic power of ones country. Boni and Kovacich, 2000 In the present information-driven business environment, businesses tend to address the threat seriously, and in their require to accession power, maintain control, increase market share and beat competition, nations and businesses espo map espionage, treating it casually and engaging themselv es in espionage, using information and technology as armaments of business and economic warfare. Jones, Kovacich and Luzwick, 2002 The ProcessThe process of Industrial Espionage provoke be divided into four categories requirements, collection, analysis, and evaluation. commencement exercise, the requirements have to be established. This is when the individual is targeted and approached to provide specific information concerning a specific job or task within a company or organization. Most often a third party will postulate to protect the inquiring person, organization, or corporation from liability. Most companies counsel their espionage efforts only on certain task or functions. The second phase allows the collector to focus their efforts. Collection is the key component of Industrial Espionage. This is the key element for payment and has the most risk involved. These individuals must evaluate the risk of obtaining the needed information or data with the value of the fee that th ey will be paid and the risks of being caught. The individual collecting/obtaining the information may procedure any of the following to obtain the required information/data physical attacks, electronic attacks, or even attacks against the employees to gain the necessary information. If the rewards are so great (finically), they will go to any(prenominal) lengths necessary to obtain the information, even murder if necessary. If the request is for a working copy of a companys product the Collector might simply have to go out and by one, then send away for the expert information any customer is entitled to. While this might see strange use of a Collector, remember some of the companies collecting information exist in embargoed nations such as Cuba or Iraq where state of the art US product are not readily available. If the request is for the complete production data for a complex computer chip the job might entail illegal, and therefore more untamed, methods such as bribery or burgl ary. Analysis follows. Now that a Collector has accumulated a mass of data and information they must take time to see what they have. This entails everything from reading the contents of documents, both physical and electronic, processing raw data, and in some cases looking at the flow of employees and information to see what might be happening and where it is occurring. Once the data has been analyzed the Collector refers to the original Requirement to see if he has meet his goals. This is the Evaluation phase. If the clients Requirements have been met the information is package, transmitted, and the Collector paid. Extra information collected is evaluated for value to the current of future clients and recorded for future transactions. In those cases where the Requirements have not been met, the Collector uses the information to afford to the Collection Phase, thus beginning the process anew.Espionage A Brief HistoryThe technological advances and the global Internet have drastica lly reformed the art of espionage. The practice of espionage has transformed revolutionarily over the years, as any aspect of life and civilization, from the grey manual and human intensive profession to the sophisticated, hi-tech pursuit of stealing electronic information in networked societies. Toffler and Heidi provide a Three Wave Evolution model to explain the technological evolution, as well as the evolution of espionage. Toffler, 1980 Toffler Heidi, 1994Accordingly, during the First Wave effect, extending from the beginning of human race to about mid 1700s and characterized by the agricultural revolution, information was passed by word of mouth or in indite correspondence. The theft of information was minimal as most of the people could not read or write and espionage was manual, relying mostly on personal observation and one-to-one contact. The Second Wave or the rise of the industrialized civilization, which followed and last until a a few(prenominal) years after World War II, experienced exponential exploitation in communications and the sharing of information, make doable by such inventions as telegraph, telephone and computers. The later years of this period saw the development and use of cryptography as communication protection and anti-espionage tool, though essentially by governments. While businesses had also begun to use computers, most of the systems were stand-alone and hence the threat of espionage was limited. Espionage was feeling of primarily as a government and/or military problem and anti-espionage measures during the period essentially consisted of some form of physical warranter of physical documents and equipment, such as combination of locks, guards, alarms and fences. Emphasis was also placed on personnel security system hiring honest and ethical employees in computer field was deemed to limit espionage threats. As only few people operated computers, the threat to electronically stored information was limited. Toffler, 1980 Toffler and Heidi, 1994The Third Wave or the age of technology and information, sweeping the world today has seen more advances in communication and information sharing, and paradoxically more threats, than the First and Second Wave periods combined. While the Internet and the globally linked communication systems serve as a mainstream business medium, objectionable feed in notice (of)s on how high-tech criminals in businesses and government intelligence agencies of all advanced nations are exploiting the possibilities of the cyber world to meet their various ends, stay on to be appal the world conscience. Today, a large number of organizational actors and individual information-brokers sponsored by government and otherwise, are using the Internet to commit the old crime of espionage in a revolutionary new way what Boni and Kovacich terms the netspionage or network alterd espionage. According to them, in the present information-driven globalized society, the distinction b etween espionage motivate wholly by military advantage and the quest for market domination is blurred of not completely eliminated. The researchers claim that the 21st century, envisaged as the Information advance or the Age of Technology to be may instead come to be known as the Age of Netspionage Agent and Techno-Spy. Boni and Kovacich, 2000 p. 5Before attempting to understand the natural event of industrial espionage in America, it may be vital to understand the techniques used by the modern espionage Netspionage agents and techno-spies so that adequate and effective measures could be adopted to stop the threat of espionage. Some of the common methods used by Netspionage agents includeData Diddling changing data before or during entry into the computerScavenging Obtaining information remaining around a computer system and in trash cans Data Leakage Removing information by smuggling it out as part of the printed documentPiggybacking/ Impersonation Physical access to elec tronic data using anothers User ID and password to gain computer access and protected information.Simulation and Modelling development the computer as a tool to plan and/or control a criminal actWire Tapping Tapping into a computers communication links to be able to read the information being transmitted between systems and networksBoni and Kovacich, 2000 p. 58Apart from the above, the use of software application programs, which are standardized over the years enable the use of a variety of hacker tools including Trojan Horse enabling covert placement of instructions in the program for unauthorized functions Trap Doors for inserting debugging acquired immune deficiency syndrome that provide breaks in the instructions for insertion of additional code and intermediate output capabilities Logic Bombsor programs executed at a specific time period and the common Computer Virus which are malicious codes that cause damage to the system information. Boni and Kovacich, 2000 p. 59The Cyber ThreatWith the advent of the cyber age where information roams free along the electronic corridors of the Internet at the speed of light, another arena has been opened up to the Collector. The tools used are those developed by Hackers and Crackers over the years joined with the good old social engineering of days past. The potential for gathering information is unlimited. The arena, of course, is the World Wide Web and the target sits on your disk as you view this HTML document.In 1997 it was estimated there were fewer than 1000 people that qualified as Professional Hackers. That is, people who are capable of creating tools or developing original methods for Hacking. 11 Therefore it is safe to assume there are very few Collectors who are true computer geniuses. Collectors are just individuals adept at turning existing tools toward collecting information. An excellent Hackers Toolkit (a software package which contains scripts, programs, or autonomous agents that exploit vulnerabili ties 6) can be downloaded from the internet with just a few hours of searching. Converting computer tools to information collection is relatively easy, because with computers everything is information and everything created for a computer collects and/or transmits information to one degree or another. Corporate web sites look into increasingly detailed information regarding a companys structure, products, employees, and the physical layout of its facilities. Some sites boast fly through tours of their facilities, pictures and bios of their executive officers, telephone numbers, and of course email addresses of key employees. The fillet of sole purpose of these web sites is to transmit the information to anyone who asks. Web browsers collect this information and provide it to the requestor who can view and store the information, as they desire. This type of information is priceless to individuals who choose to exploit it as a means to collect further information. With the wealth of information freely available in todays on-line environment Collectors can do much of their preliminary research without leaving the comfort of their own home or breaking a single law.Armed with the freely available information Collectors are now prepared use the net to gather even more information. With the bios and names of executives and key employees they can search the net for their preferred electronic haunts. Spoofing can then be used. Spoofing is defined as masquerade by assuming the appearance of a different entity in network communications. 6 telecommunicates or ICQ addresses can be spoofed, sent with the Collector poising as an investor, potential customer, a reporter, or even a student researching the rising stars of the corporeal world. aft(prenominal) receiving replies, Email spoofing can be further used to appear as someone in authority within the corporation who can direct mailing of information, the brass section of computer access accounts, and even grant great er access for established accounts. All of these gives the collector access to just a little bit more of the corporation and its secrets, all with minimal exposure of the collector and sets the stage for further attacks. These can range from accessing an unsecured port for downloading files, to exploiting any one of a number of known security holes to gain root access to a system. A good example of the potential for Cyber Industrial Espionage comes from a New York Times report that claimed Reuters Analytics, Inc. hired a Collector to steal the underlying software and codes for their rivals, Bloomberg, L.P, data terminals. Though Reuters had a head start in the industry, Bloombergs product was considered superior. Yearly gross revenue of these data terminals exceeds $6.5 Billion. 11By mixing Mundane and Cyber techniques collectors can multiply the effects of their collection efforts. The routine of the office, gathered by watching, can enable the collector to plan physical break-ins of the building. While roaming the halls of the corporation they can steal trade secrets, clone drives of key employees, and even set in place login captures, all acts that could go solely undetected because it does no involve the removal of a single piece of property. Well planned daytime entries over lunch the lunch hour can allow the informed collector time clone disks, copy key files, or even send emails from key employees desks to set into motion chains of events to outpouring information or disrupt company performance. Collectors can make use of internal networks to transmit the documents outside the building to avoid security.Industrial Espionage in America The United States being the most dominant economic power in the world today is also a major target of espionage. In 1988, the FBI accuse a author Amgen Inc. researcher of peddling secret documents concerning the wonder drug Epogen. In 1989, U.S. agents tracked down three moles working at an IBM affiliate in France after they supposedly botched a sale of confidential documents. Cited Crock, 1997 The massive information technology infrastructure enables businesses and industries to tap proprietary and secret information of competitors to gain control of the global market place. Research suggests that the threat of espionage and the loss of proprietary/sensitive information have hit the manufacturing industries particularly hard. As the R D expenses for manufacturing companies are costly, some companies, foreign or domestic, are tempted to catch up even if through unlawful means. Naef, 2003 Industrial espionage is rampant in the United States harmonise to the FBI, of the 173 world nations, 57 were actively running operations targeting the U.S. companies about 100 countries spent some portion of their funds targeting U.S. technologies. Boni and Kovacich, 2000 p. 50 A survey conducted by PricewaterhouseCoopers and the American Society for Industrial Security revealed that Fortune 1000 companies lost more than $45 billion in 1999 due to theft of their proprietary information alone. The bring finds that although manufacturing reported only 96 incidents, the acknowledged losses of manufacturing companies accounted for the majority of losses reported in the survey, and averaged almost $50 million per incident. Cited Naef, 2003 While current and former employees, suppliers and customers are considered to be responsible for 70 to 80% of proprietary/sensitive information losses, an unidentified survey suggests that 21 percent of attempted or unfeigned thefts of proprietary/sensitive information occurred in overseas locations. Boni and Kovacich, 2000 p. 50It is significant to note that the U.S is not only a target of espionage, but also actively impair in espionage activities themselves. The US government has admitted using commercial espionage phone calls were illegally tapped to determine that a French competitor of a US firm was bribing Brazilian officials to obtain an air traf fic control radar contract it was later revealed that the US firm was also bribing officials. It is generally believed that large intelligence agencies of developed nations are involved in the practice of espionage. A commission of the European Parliament suspects that ECHELON, a communications espionage system operated by the U.S. National Security Agency and agencies of the United Kingdom, Germany, Canada, Australia and New Zealand, is used for political espionage and occasionally to help American companies against European competitors. Vest, 1998 economic Espionage Act of 1996Economic and industrial espionage present many challenges to many American companies as rampant information breaches are costing companies substantial sums of money. While corporations and businesses often do not report espionage incidents to law enforcement, the Federal government today recognizes industrial and economic espionage as a crime the Congress has legislated the Economic Espionage Act of 1996 in an attempt to aid companies to protect themselves from espionage. Section 19831 punishes the theft, misappropriation, wrongful transition and delivery of trade secrets when accused parties intended to, or knew that their misconduct would benefit a foreign government, instrumentality or agent. The Act allows for legal action regarding financial, business, scientific, engineering, technical and economic information, if a company can demonstrate it has attempted to keep this information classified and protected. The prescribed maximum punishment for an individual offender is 15 years imprisonment, $ 500,000 fine or both for an organization the fine is $10 million. Kelley, 1997 It is understood that many companies dont take advantage of the Act companies safely exploit the law in full knowledge when news of the breach is known publicly. However, as Naef observes, if the trade secret theft is not publicly known, a company may have to meticulously assess the advantages and disadvantages of suing another company and thereby going public as news of the theft may damage the companys reputation. Naef, 2003 Yet, cases of industrial and economic espionage have been reported since the enactment of the Act, though scantily. In September 2003 one man was pled guilty of copying trade secrets as defined under the Economic Espionage Act of 1996 the case was the first of its kind in Northern California. The US Attorneys office later publicized that Say Lye Ow, a 31 year old originally from Malaysia, copied sensitive information on Intels first 64-bit processor when he left the company in 1998. Naef, 2003 Industrial Espionage and Corporate Vulnerability It is often the ill fortune of corporations to adequately protect their information resources that makes them vulnerable to espionage. The vulnerability and the nonchalant attitude of companies are by no means excusable, given the economic implications of the threat of espionage as well as the weakening of the economic power of the subject nation. It may be worthwhile, perhaps vital, to understand the reasons for the vulnerability of corporations in order to prevent espionage and the resulting economic losses to businesses. chorees make themselves vulnerable to espionage for a variety of reasons, including Proprietary/sensitive business information not identified Proprietary information not adequately protectedComputer and telecommunication systems not adequately protected Lack of or inadequate policies and proceduresEmployees not aware of their responsibilities Management attitude of We dont have proprietary or sensitive information and/or It cant happen to usBoni and Kovacich, 2000 p. 50These factors along with such other threats as increasing miscreants trying to steal information for money and the vulnerabilities of systems on the Internet facilitating information theft on a global scale present pervasive threat to information worth protect as well as challenge managers, security personnel and law e nforcement officials responsible for prophylactic and security of information.Employees, a Threat or DefenceWhether called societal Engineering, as in most Hacker manuals, or HUMINT (Human Intelligence), as the Department of Defense refers to it, your employees are targets of Collectors. People are a two-edged weapon in securing your corporate secrets being both the best protection, and the biggest risk. Proper training, education, and motivation can give people the tools and desire to keep your corporate secrets safe. Conversely, appealing to the vanity, greed, or vengeful nature of disenchanted or bored people has always been a tool of the traditional spy. Now these appeals can be made with protection of the electronic web. After gathering sufficient information on employees the Collector can choose his target. If the individual bites, a face to face meeting can be scheduled, if not the only thing that can be turned over the security is an email address or ICQ number, all easily disposed of with no keep up to the Collector.Another method used to attack through your employees is to take the information gathered by Mundane and Cyber means and impersonate another individual or spoof them electronically. Calls are placed over the phone, or messages sent via email pretending to be someone with the authority to make decisions. A good select would be one of those executive officers with the picture and bio on the corporate web page. Regardless of the role many bored or uncaring individuals will give out information to include IP addresses, system setup, and even passwords and userids over to phone when intimidated.Recruiting Insiders is another common practice among Collectors. Many publications on computer security identify the most common source of intentional disruption as authorized individuals performing unauthorized activity. 13 Again, much of the information on the individuals that you would like to enhance can be found in publicly accessible databases a nd web sites. From this, some casual research can yield those candidates who are most persuadable to bribes or extortion. Often after proper research the Collector can make his presence know to the Insider and have them make the first overtures. This allows the Collector to have some modicum of confidence the individual will no go running straight to corporate security. Insiders are the most valuable assets a Collector can have. They have the time and freedom to search peoples desks, read private memos, copy documents, and abuse coworker friendships. 3 The threat does not end when the Insider leaves the corporation either. In 1992 several ecumenic Motors employees were accused of taking over 10,000 documents and disks containing GM trade secrets when they defected to Volkswagen. GM sued and in 1997 received a payment of $100 million from Volkswagen. 11Inserting Agents is one of the least risky forms of Industrial Espionage. The Collector handpicks the individual who they intend to insert. They provide the training, background story, and decide at which level to attempt to insert the individual. Once hired, even in a position of limited access, the individual becomes a trusted Insider for the Collector, able to provide increasing levels of access and perform some of the Mundane and Cyber attacks from within the corporation with minimal threat of being caught.Preventing Industrial Espionage While legal measures and legislations that send strong messages against espionage can be effective in preventing its occurrence, the role and responsibility of corporations is crucial. Even as companies take a non-serious approach to espionage, there is little debate that companies should guard themselves effectively against the info-thieves, both insiders and those unleashed by outsiders, who try to get secrets by all possible means. Measures that may help companies to prevent espionage includeConducting a survey of risk assessment, and identifying potential risk areas, D eveloping a security policy without much of safety risks. Frequently evaluating the security policy and procedures and modify if necessaryClassifying and marking sensitive and valuable information Isolating information that should never fall into the hands of a competitor Detecting the vulnerable areas that could be exploited by a competitor Controlled storage of sensitive informationControlled destruction of materials Executing Nondisclosure Agreements for employees, vendors and contractors Securing computer systems and networks by installing appropriate information system security productsMonitoring email and Internet useWinkler, 1997 Boni and Kovacich, 2000 While the above methods may be useful in protecting against espionage, central to controlling the industrial espionage is security awareness and training of employees as one of the major points of vulnerability is spying activities by people be to the same organization. Security awareness and training programs can serve to in form employees about their organizations information security policy, to sensitize them to risks and potential losses, and to train them in the use of security practices and technologies Denning, 1998, p.382. By investing in security procedures and training, corporations may train employees in the areas of personnel, cyberspace and physical security they can also be made aware of their responsibilities regarding information security of the organization.ConclusionThe increasing value of trade secret information in the global and domestic marketplace and the possibilities of the information technology revolution have resulted in a significant rise in espionage activities in the recent years, particularly against the U.S. being the most dominant economic power in the world. While legislations may be useful in preventing the crime of industrial and economic espionage, the onus is largely on corporations to implement adequate security policies and measures to protect themselves from busi ness losses as well as prevent the weakening of the economic power of their country.References1. Boni W. Kovacich G.L. (2000) Netspionage The Global Threat to Information MA Butterworth- Heinemann 2. Crock, S. (1997) Business Spies The New Enemy Within? Book Review War By Other Means Economic Espionage in America By John J. Fialka Business Week Available at http//www.businessweek.com/1997/06/b351325.htm Accessed 02/26/063. Denning, D. E. (1998) Information Warfare and Security MA Addison-Wesley 4. Jones A. Kovacich G.L. Luzvick P.G. (2002) Global Information Warfare How Businesses, Governments and Others Achieve Objectives and At