Corporate Espionage: The Million Dollar Art for Billion Dollar Theft

By CIOReview | Monday, August 22, 2016

“A crime is no crime if not proven.” The idea behind these words has crooned within the corridors of law since many centuries and till today underlines the safe zone between acquittal and adjudgement. These words emerged so powerful that they can be attributed to transforming a human instinct into a habit, and finally, into a profession—the act of stealing. This may sound petty and miniscule by today’s crime benchmark. But, take the “act of stealing,” package it with layers of sophistication, present it to someone who has millions at stake, and viola. Behold “corporate espionage,” a force that can make millions, or billions shift hands at the expense of something as simple as dumpster diving. Robert Rice, in his book “The Business of Crime” explains this espousal of villainy and business—Crime is a logical extension of the sort of behavior that is often considered perfectly respectable in legitimate business.

The FBI had estimated the loss due to data theft by 2015 end to be around $400 billion. At this point, it is important to note that any figurative estimation around espionage is never close to reality. The reasons lie on both, the purloined and the purloining ends. The purloined sides many a times do not reveal every espionage attack fearing reputational loss or security agencies getting involved. Now, one might think what is the harm in reporting to security agencies? The answer is, companies employ numerous policies for functioning and the truth is, even in one in a hundred cases, there may be few company policies that might not pass legal evaluations completely. Coming to the purloining end, today’s technology empowers malicious attackers with a curtain past which traceability is feeble. And, remember the technology at play here is not alien technology. It’s the same that businesses use to run their functions, such as encryption. Moreover, today this game is mostly played by “kite,” a contactor which has agreement with its employer under which the kite is cut loose in case the espionage act is blown. In other words, the employer can deny any involvement in the act.

This game gets more interesting as one begins to dig around. Corporate espionage is not restricted to commercial entities looking to gain advantage over competition, say by getting hold of a competitor’s product launch plan or technology behind any product. At the elite level, the players are a country’s government which back activities of spying on other nation’s companies to gain knowledge which can grant edge to its own companies. At this level the whole operation may be called economic espionage. This is a relatively new phenomenon in the world of espionage as post-Cold War countries have shifted focus from stealing defense secrets to getting hands on trade information through which they can harm a rival’s economy while bolstering their own. In this scenario, the victims are mostly developed countries which possess advantage in terms of technology or trade worth all the hardship, which makes the U.S., Europe, China and a couple of Asia-Pacific tenants the favorite spot for perpetrators. While the perpetrator could be anyone seeking gains, one should not be amazed that the same developed nations, or attackers backed by them, seal prominent spots in this list as well. This can be explained by a simple idea—for mastery in the art of larceny, strong skills are deciding factors. That is why technologically developed nations fare better in this game as they have the weaponry needed to get into another’s digital fortress and make the egress least traceable.

The Recent Spike

Technology is a double-edged sword. Let’s put it in the simplest form; a manager emails a client with the pricing structure of his/her company’s products. All you need is the credentials of that manager’s or the recipient’s email id, allowing access to that email from any part of the world with a computer or a smartphone. Once you have the rival’s asking price, the deal can easily be sabotaged by quoting lesser. And, that manager will never know what blew the deal, unless any suspicion arises.

If technology exploitation at such a basic level looks profound, imagine the digital fortresses we live in today which harbor all of our wealth. In the past, espionage did exist, but it was never conducted at a scale parallel to today. Every technology that made inroads to catalyze business growth can be implemented, in one way or another, to achieve an unintended use. The technology has painted a virtual world for us, where exchange of big chunks of data from Los Angeles to Berlin is possible through invisible channels in an instant. The same technology can enable someone, say in Madrid or Paris, to tap into that channel and extract sensitive data.

A parallel offshoot of this menace which is considered a legal, but often less yielding, is Competitive Intelligence (CI). This new intelligence gathering strategy is governed by ethical regulations which allow an agent to gather information without breaching any legal boundaries. Gathering information from trade shows, ADL Matrix, and Value Net are some of the tactics employed. Needless to say, the line separating CI and economic espionage is often blurry and before realization strikes, one might be treading on the wrong side.

How Espionage Does What it Does?

The technology and tactics employed in corporate espionage most often are conceived under government intelligence programs which flow out to the corporate shores with government spies—choice of weapons in this covert game. And the rest is fulfilled by the pundits of technology who knowingly or unknowingly expose the loopholes to baleful elements.

Keyloggers: These are software programs that infect a computer and covertly monitor all the keystrokes executed. The keylogger then sends the collected information to the agent who installed it and exposes confidential information, such as passwords.

Watering hole attacks: This is a relatively new technique that doesn’t attack its victims directly. In such assaults the attacker targets public web pages with malicious Java script or HTML which redirect the victim to a website hosting the exploit code. The compromised public web page then awaits the victim for zero-day exploit.

Eavesdropping technology: This tactic is majorly used to break into business meetings and conferences. The parabolic microphone is the simplest gadget which can pick-up conversations from meters away, keeping the perpetrator at an unsuspecting distance. But, given the glass encased high rise buildings that host most of today’s business meetings, parabolic devices are less useful. At this point, laser microphones come into play. These devices rely on laser beams pointed on the glass surface of a room which gets reflected on a photocell connected to recording or hearing equipment. The laser reflection modulates according to the feeble vibrations created on the glass surface due the voices inside. The photocell translates back these modulations into audible signals.

Apart from these measures, the economic spies employ many other tactics, such as dumpster diving and hacking. However, espionage attempts are works of experts and the tactics employed can be expected to be wrapped in secrets, which the general populace remains unaware of. Susceptible organizations need to understand that deciphering a set of foolproof formulas against corporate espionage is tough. This is mainly because identifying and plugging every loophole around any technology or solution is impossible. Moreover, as technology keeps updating, so does the ways to exploit them. It is advisable that organizations deploy and maintain updated security solutions which will ensure the maximum possible degree of digital security. Consolidating security solutions with the knowledge of someone who is familiar in this covert art is the best one could do. In this regard, organizations should consult CI agencies which posses the expertise to navigate these unknown waters. At the end, it is stressed that organizations maintain their distance from intelligence gathering shenanigans as a clear demarcation between legal and not-so-legal sides in this game is absent. And, for organizations willing to tread this path, Abraham Lincoln spoke the perfect words, “He reminds me of the man who murdered both his parents, and then when the sentence was about to be pronounced, pleaded for mercy on the grounds that he was orphan.”