Home

Bulletins

Upcoming
Events

Posters

Recent Newsletters

Past Articles
*  Computer Security
*  Foreign Espionage
*  Industrial Espionage
*  Personal Security
*  Personnel Security
*  Physical Security
*  Security Management

VSAC Desktop
Guide

Security Books
On-Line

Other Security Links

About Us
*  ASIS
*  NCMS
*  VSAC

E-Mail Us
*  ASIS
*  NCMS
*  VSAC
*  Webmaster

We join with those who mourn the loss of life,  the injuries, and the disruption of lives caused  by the attacks  against Washington,  DC, and  New York, N.Y.    All those effected -- the brave people who helped in rescue efforts, those involved in America's response to terror and in the war with Iraq-- are in our thoughts and prayers.

During the Cold War there was always a disconnect between the “theory” of espionage and the reality.  The theory was that Eastern Block intelligence officers targeted and recruited assets and then used them to gather needed information.  The reality was that in almost all the well-publicized cases, the spy was a volunteer who compromised classified defense information.

Since the cold war ended, the FBI and American industry have increasingly recognized the threat from corporate espionage.  A recent study by the FBI and the American Society of Industrial Security (ASIS) estimated the loss in 1997 at $300B.  It counted 1,100 documented incidents of economic espionage and 550 suspected incidents.  Some of these cases have been by foreign governments, but others have been US firms targeting competitors. 

Ira Winkler’s Corporate Espionage provides an excellent account of this threat.  Especially valuables are the case studies, which make up the middle of the book.  They provide example after example of how American companies were victimized by corporate intelligence officers who didn’t just wait for a volunteer.

For example, Winkler recounts a penetration test he performed against a high-tech company.  Using the cover as a temporary employee, he bought fake business cards, won people’s confidence, and compromised almost every sensitive R&D effort in a day and a half.  In another example, Winkler tells how a Russian intelligence service stole sensitive data from the Boeing Company.  First the Russians recruited an employee and encouraged his transfer from Washington, DC, to Washington state.  When information on a Star Wars guidance system was needed, the Russians used illegals with technical skills to supplement the source’s access and execute a successful computer penetration.  In a third case, Winkler recounts how a female administrator was seduced by a corporate spy and successfully pressured into betraying her employer.

At the end of each chapter, Winkler analyzes the specific vulnerabilities which were exploited.  In the final section of the book, he lays out a series of countermeasures that companies should take.  These make an excellent checklist against which to judge our own programs.

Two of his key points stay with me.

• Information is information.  It doesn’t matter whether adversaries find a draft document in a dumpster, penetrate a computer, or copy a final report.  The information is valuable to a corporate spy--whatever its form.
• There is no common sense without common knowledge.  Security professionals are trained to understand what is valuable to the company.  That does not mean that employees do.  Many of them do not realize that openness and academic freedom can kill a company if trade secrets are compromised. 

[Editor's Note:  written in January 1998 for VSAC News and NCMS Channel Islands Newsletter.]