corporate espionage: technical surveillance threats

Download Corporate Espionage: Technical Surveillance Threats

Post on 16-Apr-2017




4 download

Embed Size (px)


  • Corporate Espionage Technical Surveillance Threats and Countermeasures

    Charles Patterson, President

  • Understanding Targets and Threats

    Espionage is a direct, deliberate attack on information and communications.

    Human element is always involved Money




    Biggest concern is insider threat Study of government espionage cases

    revealed over 90% were from internal threats.

    Same is true for corporate espionage.

    Cases of Govt Espionage

  • Insider Threat Examples

  • Targets and Threats

    Possible reasons why someone would commit espionage

    Financial gain (personal) or financial damage to company

    Revenge (against another person or company)

    Ego, feeling of power

    Personal advancement


    Lawsuits, litigation

    Reputation damage

    Some people want to feel like a spy (James Bond fantasy)

  • Targets and Threats








    Media- news leaks, provocative headlines

    Unethical investigators

  • The bad guy may not be obvious.

  • Technical Spy Methods

    Cyber breach Rogue wifi or other hacking

    Document handling Stolen or copied papers

    Acoustic leaks Listening through walls, air ducts, vents

    Communications system compromise Telecom and paging system manipulation

    Traditional wire-taps, Software VOIP wire-taps

    Electronic devices Hidden transmitters or bugs

    Covert video cameras

    Cellular listening devices

  • Cyber/ IT security breach

    Physical Access Control

    Rogue hotspot attached to router

    WiFi Security

    Cyber crime

    Document handling

    Acoustic leaks


    Electronic devices

  • Document handling

    Cyber crime

    Document handling

    Acoustic leaks


    Electronic devices

    Even if you have a bulk document service, personal shredders should be available and used.

    Establish a clean desk policy.

  • Acoustic leakage

    Open ceiling vents allow sound to pass through ceiling.

    Open HVAC passages allow sound between offices.

    Cyber crime

    Document handling

    Acoustic leaks


    Electronic devices

  • Telecom

    VOIP administrator access

    Traditional wiretaps

    Vulnerable PBX features Auto answer Call monitoring Voicemail access

    Cyber crime

    Document handling

    Acoustic leaks

    Communications Systems

    Electronic devices

  • Old paging speakers left in the ceiling can act as microphones, picking up sound for every room.

    Paging system compromise

  • Electronic spy devices readily available to consumers

    Battery Powered Wireless Camera

    Key Fob Recorder

    WiFi Transmitter Cellular Bug in Calculator

    Cyber crime

    Document handling

    Acoustic leaks


    Electronic devices

  • Reactive Response and Proactive Preparation: Both are important. Here are some of the reasons we have been called for a sweep.

    Reactive: Incident response

    Employee was fired who: Had access to confidential data and was found to be untrustworthy.

    Worked in telecom or IT and knew too much.

    Information was leaked- online or to the press Trade blog revealed confidential information

    Competitor knows too much Bids are lost due to leaked information

    Executive feels threatened Stalked or harassed by employee or others.

    Theft or break-in occurred Thief had access to offices such as legal, financial, H.R.

    Gifts received Items received from vendors, competitors, other countries need to be inspected.

    Suspicious visitors Guests from other countries, from competitors, or just acting suspicious.

  • Unknown individual broke into the company on multiple occasions. He was seen on security video leaving with items taken from the offices, including taking a security walkie-

    talkie from the front desk.

    Espionage intrusion at Houston energy company

  • Reactive / Proactive

    Proactive: pre planning

    Upcoming meetings recognized as confidential Uncover existing or past eavesdropping attempts

    Fiduciary responsibility Due diligence required for protecting information

    Establishing trade secret status

    Shareholders demand security

    Ongoing protection- recognize active threats Spotting security vulnerabilities

    Deterrent factor

    Quarterly scheduled sweeps are recommended by ASIS. ASIS Protection of Assets Manual recommends conducting sweeps four times per year

    Be prepared for incidents Provides a base-line for better response by the TSCM team

    Compare proactive sweeps to having fire inspections of your facility- dont wait for a fire to occur.

  • Defense and Countermeasures

    All aspects of security are needed Physical security

    Locks and perimeter control

    Access control

    Identification and levels of access

    Security Video Record of access to confidential areas

    Document handling Establish a clean desk policy

    Enforce document destruction

    Privacy Policies Employees and staff need to know that the information they handle is confidential.

  • Defense and Countermeasures What can you do?

    Know what information is confidential

    Have an mindset for information security

    Do not take chances. Err on the side of caution.

    Be observant in your own space. Has furniture been moved?

    Note debris from recent work, ceiling tile dust

    Observe holes in ceiling, walls, furniture

    Be familiar with regular objects in your office

    Keep your workspace clean and neat

    Follow good security practices General security practices will also help protect


  • Defense and Countermeasures Know how to respond when an incident has occurred

    TSC M specialist Call us right away. We can discuss your situation and respond promptly if


    Legal department Legal team should have policies on how to respond. Follow their advice.

    Corporate investigation department If you believe the perpetrator was an employee, you may need to initiate an

    internal investigation.

    Law enforcement authorities Law enforcement may need to be notified if you wish to pursue charges against

    the perpetrators. Follow the advice of counsel. Police and even the FBI may not want to be involved unless a larger crime has been

    committed. Local police may not have the understanding needed of eavesdropping or espionage


  • Defense and Countermeasures Develop a TSCM Incident Response Plan

    If an incident has occurred, prepare the following information, as much as possible: Who was involved? What type of information? Where did breach happen? How did compromise take place? Why would such breach occur?

    Contact a TSCM specialist right away. We will respond promptly to insure that the threat has been

    neutralized. Regular proactive sweeps reveal their importance after an incident

    has occurred. We would have records of your facility that will allow faster analysis and results. Radio signal mapping Equipment inspection logs

  • 800-337-2001 914-819-5400

    Charles Patterson, President