Eavesdropping Detection Audits
FOR BUSINESS & GOVERNMENT
• executive suites
• boardrooms
• trading floors
• conference rooms
• vehicles and aircraft
• corporate apartments
• executive home offices
• off-site business meetings
• WLAN security & compliance

"Espionage is a foreseeable risk."


Home

Audits
Introduction (start here)
FAQs Estimate Worksheet
Contact us

Background
QualificationsPeople
InstrumentationHistory
InnovationsPolicy
Comparison Chart
Client Testimonials

Eavesdropping News
Kevin's Security Scrapbook
(free email subscription)

Advice
100+ Spybuster Tips
250+ Books and Movies
Ask your questions

Interesting Extras
MoviesCartoons
Eavesdropping History
Client SouvenirsArtwork
Subcontracting


Advanced Search
Translate this page automatically

Spybusters, LLC dba
Murray Associates
PO Box 668
Oldwick, NJ 08858 (USA)
+1-908-832-7900

U.S. TSCM Services FlagEavesdropping Detection Services
are available directly throughout the Americas.


European Union TSCM Debugging FlagEuropean Union Eavesdropping Detection Services
are conducted in association with Security Counsellor Group.


United Kingdom TSCM Debugging FlagUnited Kingdom Eavesdropping Detection Services
are conducted in association with Whiterock.

Services available in selected other countries via our network of local associates.

Inquiries about Eavesdropping Detection and Counterespionage Consulting services are invited from corporate, government and professional entities.

Murray Associates is classified by US Government regulations for Federal procurement purposes as a Small- Business Professional Consulting Firm.


Certified Protection Professional Banner CPP - www.asisonline.org


International Association of Professional Security Consultants Banner - www.IAPSC.org

Certified Fraud Examiner CFE - www.cfenet.com
American Society for Industrial Security ASIS
Board Certified Forensic Examiner BCFE - www.acfei.com
High Technology Crime Investigation Association

InfraGard

Digimarc Graphics Copyright Banner - www.digimarc.com

Use of this site indicates acceptance of Terms of Use, Linking, M2k, Site Map and Privacy Statements.

©1996-2008, Kevin D. Murray (080630)

 



Electronic Eavesdropping
&
Industrial Espionage

- The missing business school courses. -

by Kevin D. Murray - CPP, CFE, BCFE


Also available as a printable booklet with graphics.
Adobe Acrobat file




ESPIONAGE 101 
Intro. to Espionage

Tapped phones. Bugged offices. Purloined papers. Covert Recordings. Undercover employees (moles). Phony repair people. Car phone monitors. Fax intercepts. Pretext calls. Dumpster divers. Still with me? Competitive intelligence professionals. Renegade employees. Foreign governments. The list goes on. How are you supposed to cope? Information Security was not taught in school. You never saw this in your job description. And yet, keeping business information where it belongs is now your responsibility. Knowledge is no longer just power, it's money too. BIG money. 

Picture this. You're the Chief of R&D at a mid-sized snack food company. You have just discussed a new project with your staff of fifteen. Top secret. Your company is preparing a new cookie. Encapsulated chocolate bits make noises when bitten. From loud pops to whistles to burps, depending on speed of the bite. Your kids loved the idea. But this is only half the secret. In addition to being Sonic, it's: Natural, Oven-baked, Oil-free, Kalorie-free, and Yogurt-enriched. The staff affectionately names your pet project 'SNOOKY the Cookie.' Top management is excited. Sales potential is incredible if you get to the marketplace first. 

One evening a few weeks into the work, Sam, a young man who joined your company about a year and a half ago, goes to a party with his wife. He has a few drinks, and begins saying loudly, 'SNOOKY development' when people ask him what he does for a living. An older guest hears this laughing remark and draws Sam aside. He tells him they have something in common. He works for a food company too. "Sam, maybe we should talk. Let's get together for lunch." 

They meet for lunch, and Sam is led to believe that their meeting is really a job interview. Over a good bottle of wine, your competitor elicits from Sam all he needs to know. He has gently extracted information that gives him a feel for the overall direction of the SNOOKY project, its time frame, and half the secret to 'Kalorie-free.' He also knows that the early experiments are promising. From seemingly innocuous party conversation, the competition has learned of your project's existence. Their interest leads them to hire a "research specialist." Your dumpsters are now being checked regularly. They routinely find each day's work and results. You later learn of an 'air conditioning repairman' showing up at your company after hours, on a regular basis. No one knows why. 

Ultimately, your competitor will hit the market six weeks before you do. Their development cost was 10% of yours. And Sam well, he still works for you. The competition didn't want him. There were plenty of other ways to scoop SNOOKY without leaving an obvious trail. This left everyone in your company saying "If I were a paranoid person I'd swear they were spying, but gee, what a coincidence." Everyone except Sam. He kept quiet. Very quiet. 

Many executives, even corporate security directors, vacillate dangerously when dealing with information leaks. "I'm probably just being paranoid, but maybe we should check for bugs and wiretaps." Maybe it's the fear of looking silly while dealing with this invisible monster. It may be unfamiliarity with the mechanics of dealing with espionage. In either case, the business community is awakening to what governments have known since the dawn of time. If your information has a dollar value, or power value, it's a target. Eventually, someone will try to take it. 

Why is this such a growing problem?

The cold war was political. It's over. World War III is an economic war. It's here. Information is where the money is. Information theft is easy, safe, and lucrative. Eavesdropping laws are difficult to enforce. Advancements in electronics and optoelectronics have made communications interception easy and cheap. Competition is now global. There are more competitors than ever before. Business ethics are not what they used to be. 

In short, the personal reputation and accountability plumb lines only stretch so far. The pressure is on as never before, and in a crowded business community the haze of anonymity cloaks many kinds of questionable practices. 

Think about your location for a minute. Would anyone turn away the air conditioner person on an emergency call after normal business hours? Wouldn't the guard shut off the alarm, and open the locked doors? Would the air conditioner be serviced? Or would bugs be planted? Would phones be tapped? Would pictures be taken? Would computer disks be duplicated, papers photocopied, or data altered? 

Historically, the business response can be summed up in one word: LAG (Locks, Alarms & Guards). A good start, but rather prophetic in the description of its efficiency. 

Example: If your personal computer is stolen, it will probably be fenced (re-sold) for less than 10% of its value. The thief receives one payment of approximately $150. The risk is high, but it must be worth it... computers are stolen. Yes, a missing computer is rather compelling evidence that a theft has occurred. Businesses respond with Locks, Alarms and Guards. For street level crime this makes sense. Nobody likes replacing $1500 computers. But what protects the $1.5 million dollar R&D program? Usually, not enough. 

Industrial spies steal the information, not the containers. Information is worth more. Continuing our computer example, nothing will appear to be missing. The computer will still be on the desk. The information will still be on the disk drive. Chances of being caught stealing the information are slim. The information will be sold for what it is really worth. And... an industrious spy will sell the same information many times over. Every competitor is a potential customer. Obviously, LAG is an ineffective deterrent. 

Paranoia is often used as the excuse to avoid confronting the espionage problem. It's understandable. After all, this is a tough problem and, naturally enough, most executives are ill-equipped to deal with it themselves. 

Spy Maxim #1 - Trust Your Instincts.

With eavesdropping and espionage, the thought would not have crossed your mind if a real problem did not exist. 

Spy Maxim #2 - Only Failed Espionage Gets Discovered.

You never hear about successful eavesdropping or espionage attacks. You're not supposed to. It's a covert act. Frequency of publicity is on a par with commercial airline flights: only partially completed (failed) flights make the news. Watergate, for example, was a classic case of espionage incompetence in action. This apparent quiet gives the victim a false sense of security. Not only is information theft prevalent and invisible, it is also silent. Discovery relies heavily on the victim's intuition and preparedness to handle the problem. 

How Much Spying is Going On?

Due to the covert nature of spying, we will never know for certain. Fortunately, however, we can use the failed espionage attempts as a gauge. They reveal over and over again that the problem does exist. Also, the plethora of electronic surveillance equipment being openly sold in "spy shop" stores, and "executive toy" catalogs gives us a good indication of the magnitude of electronic eavesdropping. Word filtering back through the press and from electronic eavesdropping audit specialists can make you a believer. It's happening on a daily basis. 

  • Washington Post News Service - An article indicated consumer surveillance gear alone was now a $100 million dollar industry. In the same article, Steve Brown, a buyer for The Sharper Image said, "Maybe the Nineties are going to be the spy decade," and indicated that his company was expanding into spy gadgetry "...because it's fun, different and (will) cause excitement in the stores." 
     
  • Associated Press - Schenectady, NY "General Electric Co. of Fairfield, Conn., says a rash of industrial spying cases at its Schenectady plant cost it millions of dollars in recent years and was a factor in the layoff of thousands of employees." 
     
  • Corporate Security newsletter - "The number of wiretaps approved by federal and state courts rose 14 percent... Sixty percent of the taps involved alleged drug law violators, but the main thing for the corporate security manager to remember is that 18 percent of the approved taps were aimed at businesses. (And don't forget the illegal taps either.)" 
     
  • Newsweek - "Eighty per cent of the Fortune 1000 companies now maintain in-house snoops, according to the Society of Competitive Intelligence Professional." 
     
  • Detroit Free Press - "Gerber Will End Tours of its Baby Food Plant Gerber Products Co., citing concerns about industrial espionage and public safety, announced Tuesday that it will discontinue public tours of its Freemont baby food plant after almost 80 years. Kellogg Co. of Battle Creek canceled its plant tours in 1986 after attracting 260,000 visitors the year before. Upjohn Co. of Kalamazoo canceled its tours last year. Other companies have either cut back or eliminated tours, citing security and safety reasons." 
     
  • Meeting News - "The threat of industrial espionage is another burden for show managers and exhibitors." 
     
  • Time - "According to US officials (FBI), several foreign governments are employing their spy networks to purloin business secrets and give them to (their) private industry." 
     
  • USA Today - Reported the Securities and Exchange Commission filed a civil complaint against the Philip Morris Director of Headquarters Services and two stockbrokers. In 1988, the executive leaked insider information about the pending takeover of Kraft, Inc. to the two stockbrokers. Interesting note: The executive discovered the secret information when he was entrusted to sweep the board room for electronic listening devices. 

CONTINUED

 

About the author...
Kevin D. Murray - CPP, CFE, BCFE has been solving electronic eavesdropping, security and counterespionage matters for business and government since 1973. 

His many written works include:

Electronic Eavesdropping Detection and Industrial Espionage - The Missing Business School Courses formed the basis for his college course: Electronic Eavesdropping Detection & Industrial Espionage. Created for the John Jay College of Criminal Justice in New York City. 

Mr. Murray is a Board Certified Forensic Examiner; a Board Member of the International Association of Professional Security Consultants; and a member of the American Society for Industrial Security. 

The Murray Associates corporate client family keeps Kevin and his technical staff quite busy. However, there is always time to make a new friend, and room for one more family member. 
 

Murray Associates services are available to corporations and government agencies only, throughout North America, and is classified for government procurement as a small business.

Limited permission to reprint and distribute this briefing is available.

 

 

©1992-2008, Kevin D. Murray - CPP, CFE, BCFE