Dumpster-diving — going through trash bins in hopes of finding paper records with valuable information like customer names or future product plans — is alive and well in the age of USB flash drives and portable music players.
An excellent article from Robert L. Scheier in Computerworld, on Monday, December 17, 2007 entitled, Dumpster-diving for e-data, discusses the risk factors and offers some solutions.
Popular Mechanics offers advice on how to destroy hard drives.
By now you have heard of the secret intelligence files left on a commuter train in England.
Keith Vaz MP, chairman of the powerful Home Affairs select committee told the BBC: “Such confidential documents should be locked away…they should not be read on trains.”
This should be a reminder to the private sector regarding trade secrets.
Trade Secrets
A trade secret is not protected by a Patent, Trademark, or Industrial Design. A trade secret is confidential and proprietary information that you protect because of its commercial value and the competitive advantage that it produces for your company.
Competitive Intelligence
Exposing a trade secret in public by working on a critical document on an airplane, leaving a trade secret on a commuter train, or exposing it in an proposal, may eliminate the confidential nature of the data, and once you do that, you have, by definition, given up protecting it, therefore, it is not a trade secret that you can claim as proprietary — your former trade secret moves into the public domain for all to see and use.
As a competitive intelligence practitioner, I often find former trade secrets loose in the public domain due to irresponsible security practices. If the owner does not protect the trade secret, it ceases to be confidential and proprietary data, and is likely to become somebody else’s competitive advantage, or worse still, it might become a standard practice for an entire industry.
Microsoft Has Developed Windows Forensic Analysis Tool for Police
The COFEE, which stands for Computer Online Forensic Evidence Extractor, is a USB “thumb drive” that was quietly distributed to a handful of law-enforcement agencies last June. Microsoft General Counsel Brad Smith described its use to the 350 law-enforcement experts attending a company conference Monday.
The device contains 150 commands that can dramatically cut the time it takes to gather digital evidence, which is becoming more important in real-world crime, as well as cybercrime. It can decrypt passwords and analyze a computer’s Internet activity, as well as data stored in the computer.
It also eliminates the need to seize a computer itself, which typically involves disconnecting from a network, turning off the power and potentially losing data. Instead, the investigator can scan for evidence on site.
Microsoft did not develop the tools:
COFEE, according to forensic folk who have used it, is simply a suite of 150 bundled off-the-shelf forensic tools that run from a script. None of the tools are new or were created by Microsoft. Microsoft simply combined existing programs into a portable tool that can be used in the field before agents bring a computer back to their forensic lab.Microsoft wouldn’t disclose which tools are in the suite other than that they’re all publicly available, but a forensic expert told me that when he tested the product last year it included standard forensic products like Windows Forensic Toolchest (WFT) and RootkitRevealer.
With COFEE, a forensic agent can select, through the interface, which of the 150 investigative tools he wants to run on a targeted machine. COFEE creates a script and copies it to the USB device which is then plugged into the targeted machine. The advantage is that instead of having to run each tool separately, a forensic investigator can run them all through the script much more quickly and can also grab information (such as data temporarily stored in RAM or network connection information) that might otherwise be lost if he had to disconnect a machine and drag it to a forensics lab before he could examine it.
But given that a U.S. Federal court has ruled that U.S. border guards can search laptop computers without cause, this tool might see wider use than Microsoft anticipated.
I asked Guy Gweth what he valued most from my time at School of Economic Warfare of Paris (EGE). His answer is quite enlightening. The school assumes that the competitive situation will be asymmetrical (weak France vs. strong adversary) and that the U.S.A. is the chief adversary with China and Asia on the horizon as future adversaries. This does not represent anything unusual or unwise on France’s part.
However, the name of this school, l’Ecole de Guerre Economique, should make you wonder if this is just another Competitive Intelligence (CI) school or not. Continue reading ‘l’Ecole de Guerre Economique’
Four Israeli Private Investigators have been sentenced by an Israeli court on industrial espionage charges for their use of the Michael Haephrati’s Trojan software to steal commercial secrets on behalf of their clients.
Four members of the Israeli Modi’in Ezrahi private investigation firm including Asaf Zlotovsky, a manager at the firm was jailed for 19 months, with two other employees given 18 and 9 month sentences.
The US authorities demand that everybody entering their country have a passport and identity documents compliant with their security standards, but when it comes to their own passports, they have a much lower security standard than they demand of other countries.
The blank passports travel to Europe where a microchip is inserted in the back cover and then onto Thailand where they are fitted with a radio antenna. The Netherlands company that makes the covers for the passport said in October that China stole the technology for the microchips, the Times said.
The Government Printing Office’s decision to export the work has proved lucrative, allowing the agency to book more than $100 million in recent profits by charging the State Department more money for blank passports than it actually costs to make them, according to interviews with federal officials and documents obtained by The Times.
Britain drove the Industrial Revolution with a strategy of learning by experience. The age of science that followed was driven by formal education in abstract and theoretical knowledge that could be applied to many applications. The conditions and environment created by formal education produced the concept of competitive intelligence through the publication of scientific journals and the creation of the mass media.
Industrial espionage arises where the published data is non-existent or beyond the experience of those seeking to reproduce the success of others. They need somebody to show them how to put the pieces together. Sometimes, only people with hands-on experience can pass-on the knowledge.
For example, after 1916 France was desperate for field guns. They gave the USA blueprints for their 75mm gun, which was the best in the world at the time. It was so well designed that a glass of water placed on the carriage would go undisturbed as the gun fired. The Americans could not produce usable copies of the gun until French workers arrived to show them how to properly produce the gun.
After WWI, Germany’s lead in chemistry could not be exploited by the victorious allies, even with the confiscated patents and other documents. The Americans needed German chemists to show them how to make it all work. They got this expertise in the 20’s by hiring away the needed German chemists.
In earlier times, industrial espionage was the preferred method of gathering knowledge and building experience as published data was almost non-existent and experience was limited. Competitive intelligence works when you have the hands-on experience to do something constructive with collected and analysed data.
As in other forms of espionage, people usually act against their country’s interests, or that of their employer’s, for a combination of financial gain and ideology. During the Industrial Revolution era, European governments paid people to set-up businesses, but some made the move due to sentiment.
John Holker, a disaffected Jacobite, was recruited by France and became a manufacturer of textile machinery.
Michael Alcock was an interesting case. He moved to France to avoid embezzlement charges along with his mistress, leaving his wife and business partner to face bankruptcy. However, it turns out that his wife was part of the highly profitable scheme. She rejoined him, whereupon they lived ménage à trois on the upper Loire River where Alcock ran a forge and manufactured hardware.
From 1718 to 1720 France launched a systematic effort to recruit English woolens workers, glass makers, clock and watch makers, ship wrights, and especially metallurgists. The recruiter encountered a characteristic of British industry: the division of labour. Workers only knew their own small portion of the process. This made the task too costly and inefficient. It’s easy to call the this industrial espionage due to the predatory “hiring away” by France, but the next two are not such clear-cut examples of industrial espionage.
In 1764 and 1765 the French monarch dispatched Gabriel-Jean Jars to visit English mines, smelters, and foundries. Amazingly, he was well received. His reports are used today by historians for the detailed descriptions of the industrial techniques he witnessed.
Insensible to international competition, the British Board of Longitude allowed French visitors to examine the revolutionary marine clocks of John Harrison in 1769. Harrison, quite rightly, flew into a rage when he learned of this.
Competitive Intelligence or Industrial Espionage?
These last two examples raise the question, is it industrial espionage if you knowingly give the data to the competition when they openly ask for it? Were the last two models for early competitive intelligence?
An interesting post on B2B Sales Pipline:
Adam…asked a pricing question about an application component that could not be purchased alone…
…this question doesn’t pass the “Smell Test”…
Called him anyway…Cell Phone, with no company name provided…
…search Adam’s name in LinkedIn. Lo and behold - Adam works for a competitor. I called the competitors office, asked for Adam, and let him know that I would love to chat with him, since it’s always good for competitors to get to know each other. At the time of this posting, Adam has not called me back, and has likely joined the witness protection program.
This kind of amateurish nonsense passes for Competitive Intelligence far too often.
When I travel for work, I undertake what some people consider extreme measures to protect proprietary client data from theft by officials at international borders. These officials do not need warrants to seize or examine anything in your possession when crossing a border and that makes border officials excellent spies. This issue arose recently regarding the actions of the US border officials:
In Canada, one law firm has instructed its lawyers to travel to the United States with “blank laptops” whose hard drives contain no data. “We just access our information through the Internet,” said Lou Brzezinski, a partner at Blaney McMurtry, a major Toronto law firm. That approach also holds risks, but “those are hacking risks as opposed to search risks,” he said.
Creating a “blank laptop” entails more than just hitting the delete key or even using a utility to overwrite existing data. The hacking risk is also greater than most people realize, especially with wireless connections. Even with secure end-to-end encryption, traffic analysis can yield very useful intelligence.
Industrial espionage is not a new. Most industrial countries have been doing it, in one form or another, since before the Industrial Revolution.
In the 14th century, the Italians devised a machine to make silk thread. This allowed them to dominate the silk thread market until about 1670 when first French, then Dutch spies, discovered the secret of the process and machinery.
The industrial espionage of England’s Thomas Lombe paid-off in 1716. Eventually Lombe’s silk thread factory employed hundreds, preceding the Industrial Revolution by about 50 years. Silk was not a mass market good and therefore the silk thread factories did not spark the Industrial Revolution. It took the wool and cotton factories to do that.
In an article entitled, Cyberterrorism, Inc., we see the usual link between CI and industrial espionage as if the two are the same. Creating a link between the two is the work of feeble minds.
To gain an advantage over competitors, many corporations are hiring ex-military and government agents trained in the art of intelligence gathering techniques, according to a report from the SANS Institute, a Washington-based cybersecurity training organization.
These individuals are used to head new company divisions whose mission is to spy on competitors and obtain intelligence. Companies spend over US$2 billion annually to spy on each other, according to the Society of Competitive Intelligence Professionals.
In 1999, North American companies lost more than US$45 billion to theft of trade secrets and other valuable corporate data, according to the SANS report. “Today’s total losses are anyone’s guess,” the report continued.
CI is the act of creating Intelligence from open source data. Industrial espionage, on the other hand, usually involves the commission of criminal offences. I suspose the distinction is too complex for so-called journalists.
