As Les Goldsmith wrote in part one of this occasional series on electronic surveillance for IT security pros, spook-like skulduggery can have a serious effect on business. And as it turns out, it's not just your competitors after your secrets -- governments are in on the act as well.
It sounds far-fetched, but intelligence agencies aren't shy about interfering in commercial processes if the outcome is deemed to be important enough to the national interest.
Negotiations around commodity prices, for example, can have a significant impact on economies like Australia's. Intelligence gathering that can tilt the scales one way or the other is performed by nation states. It's no secret -- former intelligence agents in the United States and United Kingdom have admitted to conducting industrial espionage in support of their private sectors.
The need to engage in espionage to provide a competitive edge for local companies is recognised by nations. It's extremely important in domestic markets when global companies enter the mix, and can be almost essential when large companies are competing overseas.
'Sponsored Economic Espionage', as it has come to be called, usually involves the use techniques such as bugging, wiretaps, GSM intercepts and email and Internet tracking. Many international companies have been affected by sponsored espionage, with local companies (some owned by the government) able to change their tactics to better their international rivals.
It's not just Western nations getting in on the act -- companies involved in supply of goods to developing countries are at greatest risk of economic espionage, alongside those competing for tenders or negotiating mergers and takeovers. Those without government support are still capable of obtaining information through illegal means. Common methods used by corporations for competitive advantage using electronic surveillance include:
- Hiring unscrupulous people (such as some Private Investigators, cleaners or even low-paid internal staff) to place surveillance devices and to conduct searches of office areas;
- Using GSM call interceptors to listen in to calls made via mobile;
- Hacking or tapping PBX lines, usually on outgoing call lines.
Companies operating in high risk environments should consider what measures can be taken to provide better overall electronic security. These measures should include looking at all communications methods used by key personnel in espionage hotspots, and performing a risk analysis of these locations.
A thorough risk analysis of surveillance threats should take into account how more sensitive conversations are conducted, what physical security procedures are in place, and the defined procedure for making a 'sensitive' phone call. Your sensitive call procedure should take into account the differing needs of locations such as public spaces, in car, in office and home, as well as when the location was last inspected and who has had access since then.
A professional TSCM team can operate in the different locations you conduct business on a regular basis, and work with you to provide protocols which can be used to improve your internal procedures. The actual method used to make a call is just part of the security procedures needed to provide adequate risk coverage. A comprehensive approach uses a range of precautions to reduce the chance of success of any electronic surveillance.
About the author: Les Goldsmith is a TSCM Specialist and Director of ESD Australia, a Counter-Intelligence Service provider to Government & Corporate clients throughout the Asia-Pacific.