Central Coast Security

Bulletins
Upcoming Events
Posters
Recent Newsletters
Past Articles
VSAC Desktop Guide
Security Books Online
About Us
Contact Us

Past Articles - Industrial Espionage

« back

Corporate Espionage

Reviewed by Bill Uttenweiler
The Aerospace Corporation
Vandenberg AFB, CA

During the Cold War there was always a disconnect between the "theory" of espionage and the reality. The theory was that Eastern Block intelligence officers targeted and recruited assets and then used them to gather needed information. The reality was that in almost all the well-publicized cases, the spy was a volunteer who compromised classified defense information.

Since the cold war ended, the FBI and American industry have increasingly recognized the threat from corporate espionage. A recent study by the FBI and the American Society of Industrial Security (ASIS) estimated the loss in 1997 at $300B. It counted 1,100 documented incidents of economic espionage and 550 suspected incidents. Some of these cases have been by foreign governments, but others have been US firms targeting competitors.

Ira Winkler’s Corporate Espionage provides an excellent account of this threat. Especially valuables are the case studies, which make up the middle of the book. They provide example after example of how American companies were victimized by corporate intelligence officers who didn’t just wait for a volunteer.

For example, Winkler recounts a penetration test he performed against a high-tech company. Using the cover as a temporary employee, he bought fake business cards, won people’s confidence, and compromised almost every sensitive R&D effort in a day and a half. In another example, Winkler tells how a Russian intelligence service stole sensitive data from the Boeing Company. First the Russians recruited an employee and encouraged his transfer from Washington, DC, to Washington state. When information on a Star Wars guidance system was needed, the Russians used illegals with technical skills to supplement the source’s access and execute a successful computer penetration. In a third case, Winkler recounts how a female administrator was seduced by a corporate spy and successfully pressured into betraying her employer.

At the end of each chapter, Winkler analyzes the specific vulnerabilities which were exploited. In the final section of the book, he lays out a series of countermeasures that companies should take. These make an excellent checklist against which to judge our own programs.

Two of his key points stay with me.

Information is information. It doesn’t matter whether adversaries find a draft document in a dumpster, penetrate a computer, or copy a final report. The
information is valuable to a corporate spy--whatever its form.

There is no common sense without common knowledge. Security professionals are trained to understand what is valuable to the company. That does not mean that employees do. Many of them do not realize that openness and academic freedom can kill a company if trade secrets are compromised.
Reviewed: Corporate Espionage: What It is, Why It’s Happening in Your Company, and What You Must Do About It, by Ira Winkler, Rocklin, CA: Prima Publishing, © 1997, Hardbound, $26.00.
[Editor's Note: written in January 1998 for VSAC News and NCMS Channel Islands Newsletter.]