corporate espionage: technical surveillance threats
Post on 16-Apr-2017
Embed Size (px)
Corporate Espionage Technical Surveillance Threats and Countermeasures
Charles Patterson, President
Understanding Targets and Threats
Espionage is a direct, deliberate attack on information and communications.
Human element is always involved Money
Biggest concern is insider threat Study of government espionage cases
revealed over 90% were from internal threats.
Same is true for corporate espionage.
Cases of Govt Espionage
Insider Threat Examples
Targets and Threats
Possible reasons why someone would commit espionage
Financial gain (personal) or financial damage to company
Revenge (against another person or company)
Ego, feeling of power
Some people want to feel like a spy (James Bond fantasy)
Targets and Threats
Media- news leaks, provocative headlines
The bad guy may not be obvious.
Technical Spy Methods
Cyber breach Rogue wifi or other hacking
Document handling Stolen or copied papers
Acoustic leaks Listening through walls, air ducts, vents
Communications system compromise Telecom and paging system manipulation
Traditional wire-taps, Software VOIP wire-taps
Electronic devices Hidden transmitters or bugs
Covert video cameras
Cellular listening devices
Cyber/ IT security breach
Physical Access Control
Rogue hotspot attached to router
Even if you have a bulk document service, personal shredders should be available and used.
Establish a clean desk policy.
Open ceiling vents allow sound to pass through ceiling.
Open HVAC passages allow sound between offices.
VOIP administrator access
Vulnerable PBX features Auto answer Call monitoring Voicemail access
Old paging speakers left in the ceiling can act as microphones, picking up sound for every room.
Paging system compromise
Electronic spy devices readily available to consumers
Battery Powered Wireless Camera
Key Fob Recorder
WiFi Transmitter Cellular Bug in Calculator
Reactive Response and Proactive Preparation: Both are important. Here are some of the reasons we have been called for a sweep.
Reactive: Incident response
Employee was fired who: Had access to confidential data and was found to be untrustworthy.
Worked in telecom or IT and knew too much.
Information was leaked- online or to the press Trade blog revealed confidential information
Competitor knows too much Bids are lost due to leaked information
Executive feels threatened Stalked or harassed by employee or others.
Theft or break-in occurred Thief had access to offices such as legal, financial, H.R.
Gifts received Items received from vendors, competitors, other countries need to be inspected.
Suspicious visitors Guests from other countries, from competitors, or just acting suspicious.
Unknown individual broke into the company on multiple occasions. He was seen on security video leaving with items taken from the offices, including taking a security walkie-
talkie from the front desk.
Espionage intrusion at Houston energy company
Reactive / Proactive
Proactive: pre planning
Upcoming meetings recognized as confidential Uncover existing or past eavesdropping attempts
Fiduciary responsibility Due diligence required for protecting information
Establishing trade secret status
Shareholders demand security
Ongoing protection- recognize active threats Spotting security vulnerabilities
Quarterly scheduled sweeps are recommended by ASIS. ASIS Protection of Assets Manual recommends conducting sweeps four times per year
Be prepared for incidents Provides a base-line for better response by the TSCM team
Compare proactive sweeps to having fire inspections of your facility- dont wait for a fire to occur.
Defense and Countermeasures
All aspects of security are needed Physical security
Locks and perimeter control
Identification and levels of access
Security Video Record of access to confidential areas
Document handling Establish a clean desk policy
Enforce document destruction
Privacy Policies Employees and staff need to know that the information they handle is confidential.
Defense and Countermeasures What can you do?
Know what information is confidential
Have an mindset for information security
Do not take chances. Err on the side of caution.
Be observant in your own space. Has furniture been moved?
Note debris from recent work, ceiling tile dust
Observe holes in ceiling, walls, furniture
Be familiar with regular objects in your office
Keep your workspace clean and neat
Follow good security practices General security practices will also help protect
Defense and Countermeasures Know how to respond when an incident has occurred
TSC M specialist Call us right away. We can discuss your situation and respond promptly if
Legal department Legal team should have policies on how to respond. Follow their advice.
Corporate investigation department If you believe the perpetrator was an employee, you may need to initiate an
Law enforcement authorities Law enforcement may need to be notified if you wish to pursue charges against
the perpetrators. Follow the advice of counsel. Police and even the FBI may not want to be involved unless a larger crime has been
committed. Local police may not have the understanding needed of eavesdropping or espionage
Defense and Countermeasures Develop a TSCM Incident Response Plan
If an incident has occurred, prepare the following information, as much as possible: Who was involved? What type of information? Where did breach happen? How did compromise take place? Why would such breach occur?
Contact a TSCM specialist right away. We will respond promptly to insure that the threat has been
neutralized. Regular proactive sweeps reveal their importance after an incident
has occurred. We would have records of your facility that will allow faster analysis and results. Radio signal mapping Equipment inspection logs
Charles Patterson, President