Your counterespionage consultant would be seriously remiss if only electronic eavesdropping issues were addressed. Our experience has shown that few information leaks can be blamed on active electronic eavesdropping devices alone.
Sure, theft of your thoughts is the most devastating form of espionage. That information is the freshest. But this is only one piece of the puzzle. To see the entire picture, a good spy will collect the other parts as well. Each part may seem innocuous in and of itself, but they are synergistically related.
Espionage from 15 other angles.
Lets look at attack choices through a spy's eyes. Keep in mind: Spies don't look like spies. They come in both sexes, all ages, and all colors. Spies rarely handle all of these jobs directly. Many chores are farmed out. Spies can be: hired professionals, actual end-users, employees, labor reps., etc. and most importantly each of the following attacks is preventable.
Spy in Disguise.
A good spy will be able to enter most premises, day or night, without attracting any undue attention. It may mean taking a job as an office temporary, on the contract guard force or cleaning crew. Perhaps posing as a telephone/air conditioner/computer repair person, maybe even as a company executive returning to work a little overtime. The possibilities are endless. These loopholes exist even in "security conscious" facilities.
Retrieving secret company paperwork from the trash is easier than people think. Most paper trash is collected in plastic garbage bags, section by section, from within office buildings. Each bag is clearly marked as to what section it came from. (The bags are stuffed with envelopes and other information which identifies whose garbage it is.) Most dumpsters are located in areas of public access. With this in mind, the spy merely pulls one or two papers from each bag until the bag with the target's garbage is found. The whole bag is then removed for inspection at a more comfortable location. This operation is conducted on a regular basis.
Surprise... On May 16, 1988, the Supreme Court decided that "The Fourth Amendment does not prohibit the warrant-less search and seizure of garbage left for collection outside the curtilage of a home." In other words, this practice is basically legal. This decision spawned new profit centers for many private detective agencies, who now openly advertise garbage retrieval services.
Much valuable information is left in plain view during the work day and after hours. Correspondence, manuals, appointment books, Rolodex files, wall writing boards, and other written material all contain information that is free for the looking. Some of these items can be read, or photographed (long distance) through windows.
Computers represent a gold mine of information to the spy. Whether the information can be accessed remotely, or disks can be copied on-site and carried off, the results are still the same. High value, low risk, and no evidence of loss.
To further complicate matters, sabotage is also a potential element. Imagine planting a virus in your competitor's computers, timed to erupt when its to your advantage. Chances are someone else has had the same thought about you too.
Heard it Through the Tape Vine.
Dictation tapes are a great source of fresh, and irrefutable, information.
Most building locks are on a master key system (left open, or easily pickable), and who knows how many master keys exist. Most secretaries keep keys to their boss's offices and filing cabinets stored in their desks (easily pickable). They even keep each other's desk keys there too. To make matters worse, the desks are rarely locked. You can see where this is heading. In most business's the concept of locks and keys providing security is a cruel joke.
Sometimes paperwork is clearly marked SECRET or CONFIDENTIAL. When not secured, this marking calls undue attention to the document. There are better ways to let insiders know that certain paperwork requires special handling, without alerting the outsider.
Ribbons of Knowledge.
Carbon film typewriter ribbons store useful reproductions of whatever has been typed on them. Spies will take old ribbons and replace them with new ones. No one is the wiser, and the latest correspondence is theirs. Many plain paper facsimile machines have similar carbon film rolls. There, a perfect copy of the original document can be found. Used rolls are routinely placed in the trash. A bonanza for the Dumpster Diver.
Let Your Fingers Do the Walking.
Company telephone directories may be handy for employees, but they are outright invaluable to spies, executive recruiters, and competitors. Telemarketing people consider these to be the most valuable documents they can obtain. Brokering purloined corporate telephone directories is now a recognized profession according to Target Marketing magazine.
It is not uncommon for filing cabinets to contain more than just files. Often, they are used to hold valuable documents, corporate seals, checks, keys, etc.. Unfortunately, the locking mechanisms which come with these units fall into the low security category... easily picked, shimmed or jimmied.
Help the Spy.
Photocopy machines and facsimile machines are the two most helpful tools the spy could have. Be sure to leave plenty of paper and toner, and don't audit your supplies or fax phone bills. (Just kidding.)
Protect Your Vitals.
The nerve center of most operations is probably not the president's office or the coffee machine. You could live without both for a few days. No, the most vital room in business today probably doesn't even have a working lock on the door, a fire alarm, an intrusion detector, or even paint on the walls. The telephone room is the most important room in most businesses. It's a taper's heaven, and sabotage hell. A wiretap here, or 'accidental' fire, could put a business - out of business. Do not skimp on protection here.
Most modern business telephone systems, Automatic Private Branch Exchanges (APBX), are computer driven. They often have a Remote Maintenance Administration and Testing System (RMATS or similar designation) feature which allows off-premises access to them. The purpose of this feature is to allow telephone maintenance technicians full access to the APBX from their location. With this, routine diagnostic tests, programming of station/system assignments and features, and repair assessment can be economically performed.
The RMATS feature is accessed by calling the telephone number associated with this feature and linking a personal computer with the internal APBX computer. In most cases access is password protected. However, original default passwords are rarely changed; some have been printed in maintenance manuals; and they can be "hacked" by dedicated spies, or computer hobbyists (curious or malicious). The APBX software can also be entered through an on-site terminal by: the System Administrator (an authorized company employee), a telephone company crafts-person, or an outsider who knows the proper procedures. Some of the dangers of this unauthorized access include: Complete deprogramming of the APBX. Secret reprogramming to allow access to: WATS Services, Executive Override type features (forced access to busy extensions), Bridge Taps (software created extension lines), "free" phone calls, etc. Monitoring of the Station Message Detail Recording (SMDR) memory. (SMDR maintains a record of each extension's calls in detail.)
Now Hear This.
Telephone privacy is usually assumed. However, due to the nature of telecommunications transmission (unsecured street termination's, radio transmission via satellites and terrestrial links, easy access to phone line junction boxes, etc.) only an average degree of security can be assured without using encryption techniques. This is especially true of international traffic, much of which is monitored by governments.
Now Hear This Again.
Analog cordless and cellular telephones are not secure either. Radios capable of receiving the frequencies used by home cordless telephones, coupled with amplified antenna systems, are generally available. They allow reception as far away as 1 mile. This has recently become a serious method of industrial espionage for the determined spy and opportunistic hobbyist alike. The good news: Digital transmission and encryption is available for both types of phones.
Cellular telephone communications can be received by the general public over hundreds of square miles. Note: After intensive lobbying by the cellular telephone industry, monitoring of car telephone transmissions was made illegal by federal law on January 1, 1987. This law is generally considered to be unenforceable and definitely should not be relied upon for privacy.
Again. All these attacks are preventable. You do not have to be a victim.
About the author...
Kevin D. Murray - CPP, CISM has been solving electronic eavesdropping, security and counterespionage matters for business and government since 1973.
His many written works include:
Electronic Eavesdropping Detection and Industrial Espionage - The Missing Business School Courses formed the basis for his college course: Electronic Eavesdropping Detection & Industrial Espionage. Created for the John Jay College of Criminal Justice in New York City.
Mr. Murray is a Board Certified Forensic Examiner; a Board Member of the International Association of Professional Security Consultants; and a member of the American Society for Industrial Security.
The Murray Associates corporate client family keeps Kevin and his technical staff quite busy. However, there is always time to make a new friend, and room for one more family member.
Murray Associates services are available to corporations and government agencies only, throughout North America, and is classified for government procurement as a small business.