Corporate Espionage Technical Surveillance Threats and Countermeasures

ExecSecurity.com

Charles Patterson, President

Understanding Targets and Threats

Espionage is a direct, deliberate attack on information and communications.

Human element is always involved Money

Ideology

Compromise

Ego

Biggest concern is insider threat Study of government espionage cases

revealed over 90% were from internal threats.

Same is true for corporate espionage.

Cases of Gov’t Espionage

Insider Threat Examples

Targets and Threats

Possible reasons why someone would commit espionage

Financial gain (personal) or financial damage to company

Revenge (against another person or company)

Ego, feeling of power

Personal advancement

Harassment

Lawsuits, litigation

Reputation damage

Some people want to feel like a spy (James Bond fantasy)

Targets and Threats

Who?

Competitors

Employees

Executives

Subcontractors

Criminals

Terrorists

Media- news leaks, provocative headlines

Unethical investigators

The bad guy may not be obvious.

Technical Spy Methods

Cyber breach Rogue wifi or other hacking

Document handling Stolen or copied papers

Acoustic leaks Listening through walls, air ducts, vents

Communications system compromise Telecom and paging system manipulation

Traditional wire-taps, Software VOIP wire-taps

Electronic devices Hidden transmitters or bugs

Covert video cameras

Cellular listening devices

Cyber/ IT security breach

Physical Access Control

Rogue hotspot attached to router

WiFi Security

Cyber crime

Document handling

Acoustic leaks

Communications

Electronic devices

Document handling

Cyber crime

Document handling

Acoustic leaks

Communications

Electronic devices

Even if you have a bulk document service, personal shredders should be available and used.

Establish a clean desk policy.

Acoustic “leakage”

Open ceiling vents allow sound to pass through ceiling.

Open HVAC passages allow sound between offices.

Cyber crime

Document handling

Acoustic leaks

Communications

Electronic devices

Telecom

VOIP administrator access

Traditional wiretaps

Vulnerable PBX features • Auto answer • Call monitoring • Voicemail access

Cyber crime

Document handling

Acoustic leaks

Communications Systems

Electronic devices

Old paging speakers left in the ceiling can act as microphones, picking up sound for every room.

Paging system compromise

Electronic spy devices readily available to consumers

Battery Powered Wireless Camera

Key Fob Recorder

WiFi Transmitter Cellular Bug in Calculator

Cyber crime

Document handling

Acoustic leaks

Communications

Electronic devices

Reactive Response and Proactive Preparation: Both are important. Here are some of the reasons we have been called for a sweep.

Reactive: Incident response

Employee was fired who: Had access to confidential data and was found to be untrustworthy.

Worked in telecom or IT and knew too much.

Information was leaked- online or to the press Trade blog revealed confidential information

Competitor knows too much Bids are lost due to leaked information

Executive feels threatened Stalked or harassed by employee or others.

Theft or break-in occurred Thief had access to offices such as legal, financial, H.R.

“Gifts” received Items received from vendors, competitors, other countries need to be inspected.

Suspicious visitors Guests from other countries, from competitors, or just acting suspicious.

Unknown individual broke into the company on multiple occasions. He was seen on security video leaving with items taken from the offices, including taking a security walkie-

talkie from the front desk.

Espionage intrusion at Houston energy company

Reactive / Proactive

Proactive: pre planning

Upcoming meetings recognized as confidential Uncover existing or past eavesdropping attempts

Fiduciary responsibility Due diligence required for protecting information

Establishing trade secret status

Shareholders demand security

Ongoing protection- recognize active threats Spotting security vulnerabilities

Deterrent factor

Quarterly scheduled sweeps are recommended by ASIS. ASIS Protection of Assets Manual recommends conducting sweeps four times per year

Be prepared for incidents Provides a base-line for better response by the TSCM team

Compare proactive sweeps to having fire inspections of your facility- don’t wait for a fire to occur.

Defense and Countermeasures

All aspects of security are needed Physical security

Locks and perimeter control

Access control

Identification and levels of access

Security Video Record of access to confidential areas

Document handling Establish a clean desk policy

Enforce document destruction

Privacy Policies Employees and staff need to know that the information they handle is confidential.

Defense and Countermeasures What can you do?

Know what information is confidential

Have an mindset for information security

Do not take chances. Err on the side of caution.

Be observant in your own space. Has furniture been moved?

Note debris from recent work, ceiling tile dust

Observe holes in ceiling, walls, furniture

Be familiar with regular objects in your office

Keep your workspace clean and neat

Follow good security practices General security practices will also help protect

information.

Defense and Countermeasures Know how to respond when an incident has occurred

TSC M specialist Call us right away. We can discuss your situation and respond promptly if

necessary.

Legal department Legal team should have policies on how to respond. Follow their advice.

Corporate investigation department If you believe the perpetrator was an employee, you may need to initiate an

internal investigation.

Law enforcement authorities Law enforcement may need to be notified if you wish to pursue charges against

the perpetrators. Follow the advice of counsel. Police and even the FBI may not want to be involved unless a larger crime has been

committed. Local police may not have the understanding needed of eavesdropping or espionage

laws.

Defense and Countermeasures Develop a TSCM Incident Response Plan

If an incident has occurred, prepare the following information, as much as possible: Who was involved? What type of information? Where did breach happen? How did compromise take place? Why would such breach occur?

Contact a TSCM specialist right away. We will respond promptly to insure that the threat has been

neutralized. Regular proactive sweeps reveal their importance after an incident

has occurred. We would have records of your facility that will allow faster analysis and results. Radio signal mapping Equipment inspection logs

800-337-2001 914-819-5400

ExecSecurity.com

Charles Patterson, President