When people think of corporate espionage, they tend to imagine scenarios ripped out of a 1990s spy thriller. In the real world, however, intellectual property theft is much more mundane and, unfortunately, much more common. In some instances, the illegal disclosure of intellectual property may be done unintentionally or out of ignorance of the legal consequences. In other cases, it is the end result of a sophisticated and years-long operation to uncover a company’s trade secrets. The methods by which corporate espionage is conducted are myriad, and security managers would be well advised to keep all of them in mind when formulating their security plans.
One of the most common methods for gaining access to a company secrets is simply to hire away some of its talent. Despite nondisclosure agreements, a company’s best practices may, over time, simply seep away as the firm’s workers leave for employment elsewhere. In other cases, illegal disclosure is more clear-cut. One of the most famous cases of modern industrial espionage involved a disgruntled IBM computer scientist named Raymond Cadet. In the early 1980s, Mr. Cadet left IBM with detailed information on one of IBM’s advanced mainframes. He later sold the information to Hitachi, a Japanese competitor, for several hundred thousand dollars.
Dumpster diving is another tactic used by intelligence professionals and criminals alike. By sifting through an organization’s trash, collectors hope to gain vital information on a company’s operations, strategy, and technology. Although risky and time intensive, many organizations tend to be careless about what they throw away. That is why this time-honored, yet unglamorous, tactic continues to be effective.
Another longstanding technique used by firms throughout the world is reverse engineering. In many cases, however, it is entirely legal so long as companies acquire products legally and do not infringe on patents. However, this is not always the case. For example, last year American Superconductor Corporation discovered that one of its Chinese customers had illegally reverse engineered a computer system used to control wind turbines, resulting in severe adverse consequences for the firm’s operations in East Asia.
The oldest form of espionage is perhaps the simplest: the acquisition of sensitive information through everyday human interaction. In the intelligence community, this is known as human intelligence and it continues to be a popular method for gaining information. In fact, trade shows, conventions, academic conferences, and foreign delegations have all been popular venues for intelligence collectors of various stripes.
However, corporate spies have also been known to target business travellers. For instance, it is common for high-level corporate executives to be the subject of elicitation, especially when traveling overseas. Often these individuals are asked rather sensitive questions about their company’s operations over the course of a casual conversation. In some cases, these individuals have even had items such as laptops and cell phones stolen from them, or had their hotel rooms broken into.
One of the easiest ways to gain access to sensitive company data is to gain cooperation from an employee on the inside. Individuals betray their organizations for a number of reasons. Sometimes they are bribed, sometimes they are blackmailed, in other instances a romantic interest involved. Recently, however, there has been an increasing effort by intelligence agencies to exploit the national loyalties of expatriates working for foreign firms based abroad. Even though incentives may vary, moles often share one thing in common. They are motivated to conduct espionage, at least in part, because they are dissatisfied with their employer, often feeling cheated in some way.
Despite the potential effectiveness of human intelligence, if companies relied solely on themselves to conduct corporate espionage, then the scope of this threat would be significantly reduced. The reality is that national governments often support their firms’ efforts to acquire foreign technology. China’s intelligence services are perhaps the most active in the world in economic espionage. However, they are by no means the only perpetrators. Russia and even some Western countries have leveraged their intelligence services in order to provide their home firms a technological advantage.
However, it should be understood that corporate espionage does not always have to be surreptitious. Indeed, there is much information that is easily obtainable. For example, it is not uncommon for information collectors to simply request information from firm employees through the phone or e-mail. While this is not the best way to gain truly sensitive data, it is a good strategy to gain general information that can later prove useful. Even open source information, freely available on the Internet, can be of value in the hands of a professional. Another way firms gain intelligence on foreign companies is to approach them as a potential business partner. They leverage this relationship in order to gain access to sensitive data, only to terminate the relationship at a later date.
It is not surprising that in our modern age, technology is increasingly being used to conduct corporate espionage. For instance, the proliferation of cell phones, embedded cameras, and microphones mean that firms need to be conscious of the threat of video or audio surveillance. In fact, it is not uncommon for companies to hire technical surveillance specialists to ‘sweep’ facilities, especially before important meetings and conventions. However, when it comes to corporate espionage, the cyber realm probably presents the greatest threat to a company’s informational security.
In the past, corporate spies were limited by the fact that a single individual could only access a set amount of information or smuggle out a finite number of prototypes and equipment. Moreover, these operations were often lengthy processes requiring months of preparation work. In contrast, a hacker on the net has the potential to access a huge chunk of a firm’s information almost instantaneously. One security breach in cyberspace could literally have catastrophic consequences for the entire company. That is why security professionals will increasingly concentrate their resources on the cyber realm in order to protect themselves against corporate espionage.
This article has detailed many of the methods corporate spies have used in order to gain access to proprietary data. Although businesses have legal recourse in the event of intellectual property theft, many instances of corporate espionage occur across borders, making them significantly harder to prosecute. Yet, almost every firm has significant vulnerabilities both in the physical and the cyber realm. For those firms whose competitive edge depends on the superior technology and trade secrets, these vulnerabilities cannot be ignored.