The Cold War of Economic Espionage

The cold war of ideologies and military domination may be over for now, but the war of economic and financial domination wages on, fiercer now than it ever was.  There are no clear front-lines or alliances in this not-so-new war—a war waged by individuals and corporations that is ongoing and which started long before the cold war of the 20^th century.

The stacks are just as high in the economic and financial war, with the mission being to preserve our way of life and the economical and financial domination we currently enjoy.  So, with whom are the U.S. corporations fighting?  The answer may surprise some of us: we are fighting with everyone and with each other, from world-wide businesses to small and medium-sized businesses.  The economic & financial war knows no national boundaries nor respects corporate charters.

On October 11, 1996, the Economic Espionage Act was signed into law, for the first time explicitly criminalizing the theft of commercial trade secrets and slapping substantial penalties on those convicted. What kind of trade secrets does the law seek to protect? All kinds: computer source code, chemical formulas, R&D data, financial info, manufacturing processes, lists of suppliers and/or customers, even marketing strategies.

Still the war wages on.  According to Ira Winkler, a former analyst with the National Security Agency, American companies lose billions of dollars each year through preventable information leaks. In Corporate Espionage, he shows how much of it is pilfered by unremarkable efforts – looking at memos, sifting through trash, peeking on desktops, or simply asking for it.

This occurs regularly, to U.S. companies of all sizes. Respondents were asked about intellectual property and proprietary information losses incurred between July 1, 2000 and June 30, 2001. About 40 percent of the companies polled reported suffering the loss of this type of confidential information. Based on the survey responses, the study concluded that U.S. companies suffered up to $59 billion in intellectual property and proprietary information losses between July 2000 and June 2001. Most of those losses resulted from legal fees and lost revenue associated with the theft of this privileged information. Areas affected included research and development, customer information, and financial data. For more information about this survey please go to: (source: Trends in Proprietary Information Loss, American Society for Industrial Security and PricewaterhouseCoopers).

When we think of spies of any kind we think of spies as “bad guys” with certain stereotypical traits. Well, think again. In the war of economics and finances, the players are well known names like Hitachi, Oracle, and other companies, often government-backed, from Canada, China (PRC), France, Germany, India, Israel, Italy, Japan, Russia, South Korea, Taiwan (ROC), United Kingdom, and some close to 100 other countries according to FBI.  In the war of economics & finance, the United States has no friends, according to the FBI.

With the revolution in digital information technologies and availability, economic and commercial espionage is easier than ever.  However—and this very important point—spies do not care how they obtain the information they are looking for. It could be digital—or not.

There are many ways of spying or gathering confidential information, and they are not very different from the traditional methods used during the cold war. The following are four of the most common methods spies employ in their operations:

1.      Inside job.  There are many forms of insider jobs and they can be the most damaging.  An insider can be hired into or bribed from within an organization.  Often times, an insider will reach out and try to sell the information he or she has obtained.  It is not uncommon for insiders to work as a team and use combined accesses and knowledge to obtain valuable information.

2.      Social Engineering is the next most-used method.  Kevin Mitnick is a well-known former computer criminal.  He was arrested by the FBI on February 15, 1995.  Although often portrayed as a technical expert, most of Mitnick's attacks were based on social engineering techniques rather than sophisticated technical methods or expertise.  There are many ways to conduct social engineering.  To find out more, please read our white paper regarding Digital Information Age Deception – Social Engineering.

3.      Packet "Sniffing." Many people do not realize that 99.99% of the emails traveling through the world can be very easily captured and read.  99.99% of today’s emails are what we call “clear text”— in other words, they are like regular postal mail in that anyone who can open the envelope can read their contents.  A good rule to follow is not to have any information sent via email that you do not want anyone other than the intended recipient to read.

4.      Backdoors and Trojan Horses.  These methods do not just involve software, as is commonly referenced by these terms. Backdoors and Trojan Horses are also in firmware and in hardware used for espionage purposes.

It is estimated that 70 percent of the average enterprise's value is held in its information (source: Trends in Proprietary Information Loss, American Society for Industrial Security and PricewaterhouseCoopers, 1999).

So, how can we minimize the exposure to data espionage?  Unfortunately, there are no quick and easy answers, much less perfect ones.  Just like there are multiple ways spies can try to penetrate an organization’s defenses, there are multiple defenses an organization can build and implement to protect confidential information.

Below are list of some high-level steps one can take to start working on protecting the most valuable assets of the organization:

1.      Vulnerability Assessment

2.      Security Policy Review or Creation

3.      Penetration Test

4.      Real-time Security Monitor and Management

5.      Operating Systems Hardening

6.      Biometric Authentication

7.      Rights Management

8.      Virus and Content Filtering

9.      High-Availability Systems Design

10.  Disaster Recover Plan

11.  Security Training

In a competitive marketplace where information is a priceless commodity, espionage is not going to go away. Based on the recent news, espionage is definitely on the rise, especially with the help of Internet and 007-like technologies available to anyone. Comprehensive network security programs should address the growing threat of content theft. Though espionage cannot be eliminated, implementing network safeguards will at least minimize electronic proprietary information loss.

By Benson Yeung, Senior Partner

Back to Top