The Grey Line
Modern Corporate Espionage and Counter Intelligence
by
Andrew Brown
Amur Strategic Research Group
The Grey Line: Modern Corporate Espionage and Counterintelligence
Copyright 2011 by author
All rights reserved
Cover Artist:
Kathleen Laval
Published by Amur Strategic Research Group
Discover other titles by the author on Amurstrategic.com
Smashwords Edition, License Notes
This e-book is licensed for your personal enjoyment only. This e-book may not be resold or given away to other people. If you would like to share this book with other people, please purchase additional copies. If you’re reading this book and did not purchase it, or it was not purchased for your use only, then please return to Smashwords.com for your own copy. Thank you for respecting the hard work of this author.
This work is first dedicated to my family, for all of their love.
~~~~~
To the many treading on both sides of the grey line today, and to three in particular:
AE/Wintermute
AE/Seraphim
NI/Starlight
~~~~~
For your knowledge, insight and friendship.
~~~~~
Note: For obvious reasons many of the people who contributed their knowledge and experiences towards the writing of this book wish to remain anonymous. For that reason they are listed herein only by their cryptonym designation.
Table of Contents
Part I. Intelligence Collection
Part II. Intelligence Analysis
Part III. Other Intelligence Actions
Part VI. Corporate Espionage in Practice
“The future has already arrived. It’s just not evenly distributed yet.”
William Gibson
It is a warm spring morning in Northern California. A fit young man takes the elevator to the 7th floor of a nondescript office building where his company, Playtronics, has its offices. Like so many other startups located in the building, the office suites are intended to impress potential investors more than to provide actual work space for the yet to be hired programmers. Arriving early, he carefully checks and adjusts his equipment. This is a very important day. He and his team have been working towards this moment for months now. Endless hours of meticulous preparation, deep research and periods of manic activity all leading to this single day. Digital recorders activated he adjusts his headphones again and waits.
Across the street at the Boomerang Corporation headquarters, it is business as usual, save for one thing. The information technology staff is unveiling a new series of security protocols to protect their long awaited and massively expensive set of secured servers. Boomerang's senior executives are gathered in Conference Room B on the 10th floor, excited to hear the IT presentation about the innovative security set up. They have all read horror stories about computer hackers laying waste to other companies and can now rest easy in the knowledge that their systems are impervious. Today they will receive the pass codes to allow them access to their brand new impregnable system. There is, however, an extra attendee to this important conference that no one has invited. From across the street at Playtronics, the young man smugly observes the action in Boomerang's Conference Room B via a very small remote-operated bug. No one notices the device planted in the flower arraignment on the refreshment stand next to the over-priced fair trade coffee. It had taken weeks to find the right personal assistant to take those flowers into the room. But it took even longer for the IT team to finally finish their penetration testing and activate the new security. All that work, and now it is about to be penetrated on the very day of activation by means which no one in the conference room, especially the IT security team, ever imagined. As the overpaid computer security guru droned on into his second hour, the only one paying even the slightest bit of attention anymore was Boomerang’s uninvited guest.
Once the young man recorded the pass codes and operational procedures that he needed, with a weary sense of accomplishment, he quickly compressed the digital audio file and sent it off into the ether. Within 48 hours, the class A hacker on his team's retainer had completely compromised Boomerang’s new impenetrable security system, stolen massive amounts of data and left an untraceable series of backdoors for future access. Terabits of data went streaming out via anonymous servers in Osaka and Leon. The young man and his team were long gone, the fake Playtronics offices were deserted and Boomerang was six months away from bankruptcy.
If you are thinking that perhaps you picked up a serial spy novel by mistake and have just double checked the cover of this book to be sure, don’t be alarmed. The names and location in the above short story have been changed, but the actions described are all too real and occur all too frequently. Companies like “Boomerang, Inc.” are targeted and penetrated to their core regularly. In the modern business world achieving total information dominance, by whatever means necessary, over rival firms like Boomerang allow competitors to lay bare a company’s inner most secrets through an increasingly common practice…corporate espionage.
“Difficulties mastered are opportunities won”
Winston Churchill
Espionage and spies have been around for a very long time. The great military philosopher Sun Tzu devoted extensive portions of his works to the utility of intelligence in gaining advantage over ones foes. Spies are even mentioned positively in the Bible. Traditionally espionage has served nations, their secret services and militaries. State based clandestine intelligence groups work to further the vital goal of national security by discovering information which their strategic competitors and their allies wish to keep hidden.
Today numerous companies are beginning to adopt practices and develop resources, such as private intelligence arms, which were previously the sole preserve of sovereign countries. The main reason for the growth of corporate espionage is that companies are becoming more powerful and the costs of failure more extreme. Corporate competition for resources, access, market share and innovation is fueling a race for information advantage across the spectrum of human economic activity. Global sales for large multinationals often exceed the total economic output of all but the most developed nations. Both large and small companies have discovered a need for well funded political action arms, private militaries and now, advanced covert intelligence gathering capabilities. Adoption of covert intelligence practices can serve both defensive and offensive purposes. Increasingly, however, advanced intelligence gathering and other covert actions capabilities are being used offensively to gain advantage over rival firms.
State-run corporate intelligence programs have been in place for decades. The vast majority of such operations are focused on the United States and her companies. During the Cold War, the Soviets had hundreds of spies operating in the states, leeching out advanced military technology and other industrial secrets. The successful theft of American industrial technologies saved the Soviets years of research and development and other costs. A wide body of opinion holds that such military and industrial secrets are responsible for propping up the Soviet economy for years longer than would have been possible had the secrets of American companies stayed secret.
The Soviets were not alone in expending vast resources to spy on American industry. The allies of the United States were, and are, just as busy operating clandestinely around the country, stealing commercially valuable information to help their domestic concerns compete. State sponsored corporate intelligence is as pervasive today as it was during the Cold War. Indeed, with the information technology revolution, advanced materials R&D and blooming bio-tech industry, American companies, both large and small, have never been such attractive targets.
While state-sponsored corporate intelligence programs abound, this book's main focus is the growing field of private intelligence. Companies are increasingly and constantly developing and employing professional intelligence resources to spy on other companies. Corporations around the world engage in espionage against their rivals on a truly staggering scale. Conservative estimates place the level of loss to American companies alone at over 100 billion dollars a year and rising annually. Companies that engage in corporate espionage include some of the biggest names in the business world. Every year that list expands exponentially.
The tremendous benefits to a company that steals the secrets of its competitors are game changing. Whereas, the drawbacks to crossing the grey line to acquire commercially valuable data are few. The practice of privately funded corporate intelligence is an omnipresent threat to businesses around the world and in the United States in particular. This trend shows no signs of diminishing. Those that choose to willfully ignore the danger of information theft and direct action make extremely soft targets for the growing cadres of private industry spies.
The purpose of this book is to explain what corporate intelligence is, how it is practiced, who the targets are and how companies can protect themselves. Make no mistake, corporate intelligence is a real and growing threat to companies across the entire business spectrum. How targeted companies choose to deal with the threat of corporate espionage may well determine their fate in the hyper-competitive 21st century business world.
Disclaimer
This book consists of two main sections. First the art and practice of espionage is examined. Understanding what spies actually do, how they recruit sources inside of companies and penetrate their technical defenses is a crucial first step in building an adequate defense against modern corporate espionage. The second section of this book explains how a company can build passive and proactive defenses against corporate intelligence operators. Taken together this resource will provide a broad understanding of the threat faced by companies as well as the scale and practices of such activities.
Much of the material found in these chapters may seem like a 'how to' guide for corporate spooks. In no way is this book endorsing the act of covert intelligence gathering against companies or individuals. The acts that make up private covert operations are, by and large, illegal in almost every nation around the globe. The resources provided herein are meant to inform and forewarn the reader, and are not to be used by private law-abiding citizens maliciously. The first thing that readers will have to do is discard what they think they know about private intelligence. Hollywood has not prepared you for the realities of the modern corporate espionage. In this book we will detail exactly what it is that modern corporate spies do, how they operate against private targets and what steps can be taken to mitigate this risk for individuals and corporations alike. Knowing how an enemy thinks and operates is, after all, half of the battle.
Using Corporate Intelligence
Companies absolutely require massive quantities of timely and accurate information to compete in the trench warfare like environment of modern international business. In this age of information, the appetite for data is insatiable. Intelligence, regardless of how it is obtained, is the life blood of corporations large and small. The better the information a company has access to, the more likely they are to succeed in the cut-throat international business world. A large number of legitimate corporate intelligence companies operate well above the grey line and have proven to be a vital adjunct to internal company information gathering. The practical utility of such information gathering companies is difficult to over-emphasize.
However, on the other darker side of the grey line, a growing number of groups operate covertly to ferret out commercially valuable data for their clients. Companies across the globe routinely employ less than honest persons to provide secret information about their competitors that is not available via legal means of discovery. The pressure within companies to capture information about their rivals is the mainspring behind the growth of covert corporate intelligence in the modern business world. This competitive pressure is not going to diminish and thus the existence of covert intelligence gathering capabilities can only grow in the future.
Benefits of Corporate Intelligence
Information is power. The more of this raw power a company has, the more successfully they can compete with rivals at home and abroad. As more companies discover the significant benefits of using covert means to penetrate and strip their rivals of secret information, they quickly and regularly start to employ these tactics. Morality in business can be summed up as what a company can get away with at any one time. The risk/benefit calculus of corporate espionage is heavily tilted in favor of those that employ this tactic.
The simple truth is, corporate espionage works. It works so well that the number of companies regularly employing corporate spies has seen dramatic increases every year for decades. Imagine the benefits of total informational awareness of every move that competitors planed to make before they made them. Achieving that kind of strategic dominance is what clandestine corporate intelligence, and only corporate intelligence, can provide. The temptation of having this kind of knowledge and power over the competition has proven to be more than many companies can resist.
Drawbacks to Corporate Intelligence
Stealing data and conducting direct actions against a business competitor is illegal, period. The individual acts that make up corporate intelligence gathering and direct action are almost all illegal everywhere a company may operate. Just to name a few types of laws broken, corporate espionage violates trademark, intellectually property, fraud, breach of contract, theft, criminal breaking and entering, copyright, the Foreign Corrupt Practices Act and many other local and international laws. Residual moral constraints, in addition to the potential for legal blow back, are what have kept universal acceptance and employment of covert corporate intelligence action somewhat in check. As the historical tide ebbs on the nation state as the defining center of human organization, and as corporations become ever more powerful, notions of right and wrong with regard to corporate action are shifting dramatically.
Corporate empowerment of this kind can already be seen in countries where the government has been more or less shaped to serve business interests first. Companies emerging from such environments prove to be more willing to employ covert intelligence gathering, private military groups and other direct actions against their rivals. These resources are no longer considered the sole tools of state power. Former US Secretary of State Henry L. Stimson once quipped when shutting down America’s only non-military intelligence operation, “Gentleman don’t read each other’s mail.” Today such naiveté seems ludicrous for a nation, indeed almost criminally dangerous. As companies increase global competition and find utility in taking up the tools of states, a similar adherence to antiquated moral norms in business becomes just as dangerous.
Despite the blatant illegality of corporate espionage, there are rarely any instances of discovery, let alone prosecution. Companies that engage in acts of espionage take great pains to protect themselves from legal liability. The desire for legal insulation and plausible deniability is the corner stone of the growing covert private intelligence industry. The general lack of interest or priority by countries around the world to police or bring to trial corporate espionage cases, even if discovered, is another reason that this industry has been allowed to flourish.
Perhaps the most important factor which makes corporate espionage a relatively safe and risk free activity, is that the target company rarely uses precautions to prevent or take the actions needed to uncover a penetration. If information theft is discovered, the victimized company is more likely to cover up the news of the invasion than resort to public exposure of their lack of security. The very motivation of a company to deny the reality or extent of corporate intelligence action is the espionage industry's best protection against prosecution.
Trends in Corporate Intelligence
If private covert corporate intelligence groups were listed on the NASDAQ, analysts would rate these as “buy now” stocks across the board. This clandestine industry has nowhere to go but up. Covert intelligence groups are being fed by two major trends. The first is the growing demand from private industry for real time commercially actionable intelligence about their rivals, regardless of the source. The information revolution does not just involve YouTube and iphones. The unending appetite of companies for the advantages gained by information dominance makes corporate intelligence from both sides of the grey line, a very marketable item.
The second trend pushing private intelligence growth is the end of the global war on terror (GWOT). When the Soviet Union collapsed there were a huge number of out-of-work spies dumped precipitously onto the market. Vast numbers of unemployed KGB, Stasi and other agents went straight into the private sector, possessing a very narrow, but potentially valuable skill set. This espionage talent dump in the 1990’s created a massive swell in private intelligence activity targeting companies around the world. The main target for corporate intelligence has been, and remains to this day, companies located in the United States and her first world allies.
After September 11th, the USA and other Western nations went on a spy hiring binge. Scores of very clever people were scooped up by the CIA, MI-6 and other national intelligence organizations. These agents were highly trained and sent out across the globe to sharpen their skills against some very hard targets. However, after ten years in the counter terror trenches, these skilled operators are opting into the private sector market every year in vast numbers. A new renaissance is taking place in the private intelligence world. This new burst of activity comes from the large cadres of trained intelligence agents emerging from under the skirts of Western state intelligence as the GWOT slowly winds down. Huge numbers of highly trained American, British, French and other spies are looking for work in a private sector that provides few legitimate well-paying outlets for such specialized skill sets.
Integration of spies into private enterprise is leading to a golden age in corporate intelligence. Fueled by the perfect storm of increasing demand and a steady supply of skilled covert operators, the world of private intelligence is growing by leaps and bounds. A reassessment by Western business people of the utility and acceptability of corporate espionage is opening new markets for operators from across the globe. When highly skilled and available talent is paired with skyrocketing demand, you have a ready mix for explosive growth. Corporate intelligence is absolutely no different than any other industry when it comes to growth, and is set to continue on this path well into the foreseeable future.
Intelligence Groups vs. Freelancers
Corporate espionage operatives can be organized into two main categories, spies that work for an intelligence group (either in-house or private) and those who operate freelance. In the past, freelance corporate espionage operations were much more common than what is found in today’s market. While they do exist, freelance operators are steadily being replaced with larger, better organized and well-funded professional groups. The reason for this change is due to access and resources. As a freelance spy, the biggest problem is not in generating the intelligence, but in selling it. In the modern business world, as more companies develop their own in-house intelligence capacity or rely on better equipped professional intelligence groups, the list of potential clients is steadily shrinking for freelancers. Conducting successful intelligence operations is more expensive and technology intensive than it used to be. Currently, modern corporate intelligence operations often require the use of advanced technical teams and, perhaps most importantly, skilled computer hackers. Specialized operational materials and cover identity costs are also on the rise. These personnel, services and resources require money and connections to acquire. Skilled covert operators, seeing this trend, have started to band together to pool talent and resources in order to increase operational efficiency and profits. Just like any other industry, increased efficiency in synergistic groups has led to the demise of the smaller or less capable individual intelligence cadres. Terms like demise or die off are figurative, but sufficed it to say, most corporate spies today operate within the fold of a clandestine intelligence group or as part of an in-house corporate intelligence team.
More and more we see international companies creating in-house intelligence gathering capabilities. The teams are covert in nature and will not be found listed under “our corporate spies” in a company’s records or order of battle. In most cases, an in-house covert operations team is described as either a tertiary subsidiary within a corporate group or as a stand-alone consulting firm funded as part of a company’s black budget.
The utility of maintaining an in-house intelligence capability versus contracting out work to a private intelligence group is twofold. First, an in-house intelligence team can be specifically tailored to the requirements and targets of their parent company. This means that the company can create and maintain a group precisely fitted to their specific information gathering needs and keep skilled operators on staff long enough for them to provide extra value through experience targeting a select group of rival firms. The second, but by no means less important, aspect here is security. Keeping intelligence operations in-house acts to generate loyalty among company operatives and can more easily keep them in line. In-house teams also reduce to the bare minimum the number of people in the loop, which is always a good thing when it comes to keeping secrets.
The Intelligence Cycle
The way that spies operate in the private sector is very similar to how they work when employed by the state. The pattern of intelligence operations can be summed up as the intelligence cycle. The first step in this cycle is to identify a need. The client company is generally informed on the overall activities of their rivals. From this basis of knowledge, they determine the kind of inside information they are seeking. Often the desired degree of information awareness on rivals can only realistically be obtained by illicit means.
Once a spy is assigned to gather certain protected information they move on to the next stage, collection. The process of actually obtaining secret information through clandestine means is what espionage is all about. Professionally trained spies are needed because they are adept at the covert acquisition of information. They operate individually or in small teams and their training gives them a significant edge against law enforcement and internal corporate security assets. Once a spy uncovers the information they are tasked with providing, they transfer that data back to the client company for the next stage, analysis.
The company takes the stolen information and uses it to advance their own business interests or to formulate action against their rivals. After information has been assimilated and acted upon, the cycle repeats with the company using their new found understanding of the rival firm to create further intelligence taskings for their private spooks. The circular simplicity of the intelligence cycle belies the complexity of the many arcane arts and illicit acts that make it function. For companies trying to avoid being penetrated, understanding the intelligence cycle and actively working to disrupt it is the key to their defense.
The Future of Corporate Intelligence
Where will corporate intelligence be as an industry in ten years? In fifty years? If present trends are any indication of future action, corporate intelligence activity will be an omnipresent feature in the business world of the 21st century. Certain features of corporate intelligence will play a greater part in the mix, such as the in-house deployment of advanced cyber weapons to penetrate or attack other companies directly. An increase in direct action by companies against their rivals outside of the net is also a likely trend. The advent of the internet has revolutionized intelligence gathering and will undoubtedly play an increasing role in the acquisition, communication and analysis of intelligence. For counter intelligence, the game will become even more skewed against them as technology places more advantages in the hands of the attackers.
Corporate intelligence is here to stay. It is already a major force in the business world today. Though little talked about, espionage is a vital aspect of corporate operations for many firms across the globe. Companies that do not take steps to mitigate the potential damage such covert actions can inflict on them, will operate at a great disadvantage against those companies who construct efficient defenses. There is no such thing as a perfect defense against corporate intelligence. Even purpose-built intelligence organizations like the CIA get penetrated to their core from time to time. No private company can hope to match the level of internal defenses that national intelligence organizations possess.
For the corporation of the future, and indeed for companies today, the best that can be achieved defensively is the emplacement of obstacles and delay in the path of corporate spooks. This is why companies should immediately begin to take a more proactive approach to corporate intelligence. The odds are so stacked in favor of the offense in corporate intelligence that to play a strictly defensive game is to lose before you even start. Companies that embrace the strategic use of corporate intelligence, whether offensively or defensively, will be infinitely more capable of competing in a market thick with spies.
As you read this book, keep the above injunction well in mind. Corporate intelligence is a murky and dark world filled with unsavory characters and jaded spies, but it is the shape of things to come. Companies have a limited window to prepare themselves and their defenses to meet this emerging threat. The efficient use of intelligence by companies, just like nations, can mark the difference between survival and destruction today and more so in the future.
Intelligence Collection
“Few men have virtue to withstand the highest bidder”
George Washington
Information is the corner stone of human existence. It is the ability to generate, remember and disseminate knowledge and experience which has allowed the human species to evolve to our present position in the world. Knowledge sharing has elevated us over the course of millennium, but during this evolution human beings also acquired the ability to lie and to keep secret information which we did not want others to know. As societies developed there arose the necessity of creating in-groups and out-groups. These segregated groups have always been defined by their access to information. Some bits of information are guarded more closely than others. Concurrent with the very primal human desire to keep secrets, emerged the need by others to discover them. From this need has emerged a group of people who have made it their profession to uncover secrets and share that knowledge with others who seek it for national, personal or business reasons. These men and women are spies.
In our modern world, after the information revolution, society and business have become awash in vast oceanic levels of data. This unceasing flood of data has not changed the overall basis of human interaction, the delineation of difference through access to information, fundamentally. However, it does add an additional need for clarification and context which, in many cases, only a human source can provide.
The majority of modern commercially relevant information is freely available and can be gathered through open source research into whatever area one explores. With the availability of open information there has been a corresponding raise in the amount of secret information which nations, organizations, companies and individuals desire for whatever reason to keep hidden. It is this undisclosed information which others seek to possess that has created the need for professional intelligence operators and drives their actions.
In no other realm has the open secret of active intelligence operation been more prominent and yet so poorly understood than in corporate espionage and private intelligence gathering. National intelligence organizations and their various operations, real or imagined, are a constant source of fascination for a public drawn to the perceived power of the secret world. There is no doubt in the public mind that there are significant forces, controlled by individual nation states, at work today concocting and carrying out a wide array of secret information gathering and other clandestine activities. Yet ask the same public about corporate or privately run intelligence and they can name precious few real world examples. Generally, they out and out relegate such activity to the realm of fiction. The unfortunate or fortunate truth, depending on which side one happens to be on, is that private intelligence targeting corporate entities is real and pervasive throughout the business world. The costs to companies that find themselves unprepared are staggering. Even for companies that invest wisely in counter intelligence assets and have a strong policy of deterrence and active defense, few resources exist outside of the company to prevent or disrupt company-on-company intelligence operations. The reality of corporate intelligence and the silence that surrounds it is one of the key areas that will impact corporations and individuals around the world.
Intelligence can be anything, from the top secret designs of a latest generation fighter aircraft to company gossip and a person’s favorite ice cream flavor. Intelligence is simply defined as knowledge held by one and valued, but unavailable, to another. For obvious reasons, some knowledge has greater relevance to certain parties than others. All groups and people, whether as large as a nation or as small as an individual, place limits on the information which is considered appropriate to share with others.
The creation of in-group and out-group information sharing protocols is the first line of defense against information leakage. Limited access to information is the prime motive force for spies and their varied activities. By designating a piece of information as “secret”, people on the inside know not to share it cavalierly with those who are on the outside. A need for covert means of extracting inside information exists because knowledge is power. Nowhere is this axiom truer than in the modern business world.
While a tremendous amount of information can be obtained through overt means about any given subject, often relevant and commercially useful information is held to be secret and can only be obtained by more covert measures. This concept defines corporate intelligence as gleaning protected information held within a company that can only be obtained through covert means.
The allure of secrets is as old as society itself. Breaking trust to obtain secret information has gone hand-in-hand with the keeping of secrets over the long ages of humanity. People engage in covert information gathering on a daily basis among their peers, often with mixed results. When the practice of information gathering is applied to organizations and companies it enters into the realm of corporate espionage. Spying is often called the second oldest profession and with good reason. The anti-social aspects of uncovering secrets, the lying, cheating and subterfuge, come as naturally to a select few as certain similar aspects of the oldest profession do to others.
There are many myths and illusions about how information is gathered covertly by people, companies and nations. If you believe Hollywood, intelligence collection mostly involves very attractive people engaging in heart pounding daring do, matching wits with cunning adversaries in exotic locations and exchanging pieces of microfilm over martinis and baccarat. The truth is a great deal more mundane but no less damaging to the target because of it. Gathering of covert intelligence generally involves a tremendous amount of research, covert asset development processes and dry application of technical measures. Moments of crushing anxiety and fear are bookended by preparation and tedium. Much like war, the extraction of closely guarded information from protected sources is fraught with potential dangers, never ending cycles of trial and error and a great deal of hurry up and wait.
The first step in gathering intelligence covertly is to clearly identify exactly what kind of information is sought. The client usually has a specific idea of the kind of information that they would find useful. Given the vast oceans of data created everyday by a major company and one can easily understand the need for clarity of purpose and specific targets for a spy. Imagine commercially valuable intelligence as akin to a few grains of gold in a beach of ever shifting sand.
Once a spy knows the specific genre of intelligence to target, the next step is to determine where and by whom that information is held and then decide the most efficient and safest means of extracting it. Obtaining information is done through open source research, technical means, suborning of human sources within the target organization or a combination of all three. After the target is determined and approach set, the next critical stage is to lay in the covert infrastructure for extraction. When the information extraction process involves the use of grey or illegal means, preparations for an operation are done covertly. Undetectable extraction can be extremely time consuming and must be attended to carefully, lest the spy leave traces of the operation for the opposition to work with if the process is detected. Spies are paid to be discreet and not leave trails back to the hiring firm. Subtlety and deniability are the reasons companies hire trained spies to operate covertly for them.
Once the ground work is in place it is time to actually implement the established operations plan. Using whatever human sources or technical means that plan may call for, the actual extraction and delivery of information is usually rather swift when compared to the long process of preparation. Extractions can be continued as long as is necessary, assuming that the sources of the information remain covert and in place. Clandestine activities are, by their nature, caustic to even the best laid plans. The ability to use hard won experience to improvise effectively in the face of uncertainty is another reason that companies use trained spies. Once the target information is extracted, the spy still has to move the data and escape the area of operations intact and undetected.
Accessing information has been made simpler and more covert with the advent of the internet; the best espionage tool ever invented by man. The heavy lifting still falls to a skilled and resourceful spy to carry out but with modern tools like the internet their job has been made a great deal easier and infinitely more covert. Receive a target, develop access, acquire the data, move the data, sell, get paid and get away, find the next job and repeat. This, in a nut shell, is the intelligence cycle for spooks in the corporate world of today.
The development of covert intelligence sources, when targeting business, like when targeting government or military agencies, involves many steps and a great deal of technique to effect. Most of these operational processes are illegal. By its very nature, the trade in covertly generated data is illicit. Operations to find, develop and sell information are invariably carried out under multiple layers of secrecy and security. Legitimate business intelligence firms do not cross the grey line into covert intelligence or utilize illegal information gathering techniques. However, such firms are merely the candy coating on an entire clandestine industry operating on the darker side of the grey line.
Covertly pilfering data and many of the individual processes that make such an act possible are illegal nearly anywhere in the world. Defenses as well as penalties within countries vary from the massively draconian to the unaccountably lax. Whether technical penetration of a target system, suborning of a human source, technical interception of communications or whatever other means a spy may use to covertly obtain information without explicit authorization, it should never be forgotten that there are laws against and penalties for these actions which require the acts to be carried out clandestinely.
The need for intelligence, particularly in the modern business world, has never been stronger. As ever greater numbers of large corporate entities emerge to vie for intrinsically limited resources and market share, the demand for quality information will only increase within companies that wish to succeed. Markets are deeply competitive and only getting more so as international competition increases. While much information can be obtained on the lighter side of the grey line, companies which cross over and work with covert intelligence assets hold a tremendous advantage over those who do not. It is this advantage, or at the least the perception of advantage, that is driving the growth of the modern private covert intelligence industry.
The penalties imposed upon a corporation engaging in covert intelligence work are quite nominal, short term and do not serve as much of a deterrent. Target rich environments such as the United States remain astoundingly open and unprotected, offering a wide range of easy targets for corporate spies and those who derive advantage from them. It is a combination of these factors, business advantage, ease of access and lack of penalty that are shaping the corporate intelligence world into a vital part of the business landscape in the present century.
Sources and Methods of Intelligence Collection
Human Intelligence (HUMINT)
Human intelligence is information held by or obtained through a person. It is a very simple definition for a very complex and arcane art. Obtaining information from a human source is at the core of almost all intelligence gathering activities because it works. People hold knowledge and secrets. It is from people that secrets can frequently best be obtained, even in our interconnected high-tech world. It is individual people too who hold the keys to computer based information systems and this makes them the primary targets for corporate spooks.
Seeking information through human sources contains many potential pitfalls. Human beings can be as shifty and dishonest as those who seek to obtain secrets from them. People are also fragile creatures needing constant attention and care in order to be useful over long periods of time as covert information sources.
The initial contact and approach to a potential covert information source is critical. The means of bending a source to a spy’s will and suborning them to their purpose is eerily similar to the first stages of a romance. Each party has their own interests and needs. Meshing together conflicting interests into a single forward movement is an extremely delicate process, as any spy or would be Romeo can tell you.
Once a spy identifies and hooks their information source, the care and feeding of the new asset often proves to be the most trying aspect of the entire operation. Simply put, what a spy asks their source to do in secret is to lie, cheat and steal for them. These types of actions cut against the grain of cultural and ethical norms for most people, making them prone to insecurity, remorse, guilt, fear and other emotionally destabilizing states. Psychologically propping up and reassuring an agent in place is one of the spy's most critical duties.
Human intelligence offers superior advantages in the field of corporate espionage. With a well-placed human asset, the spy possesses all of the access that source has within their company. This includes, but is not limited to, all network and technical access and provides invaluable context for the information that is obtained from inside. A human source can also act as a talent spotter for further asset recruitment. Covert sources can be used to gather basic information on the security and structure of a company, identify others for recruitment, steal secrets directly, access a company’s internal systems and perform direct action tasks that only a person on the inside can accomplish.
The use of human sources within a target company is the primary means of covertly extracting valuable information in corporate intelligence. The costs of recruiting and running a human source within a target company often prove to be but a fraction of the value in information that such an inside source can provide. People would be shocked at just how cheaply a trained spy can turn an employee. Costs, of course, are all relative. Even if a source demands hundreds of thousands or even millions of dollars for the information they can access, if the information that they provide allows the sponsoring competitor company to scoop billions in business, it is a relatively small price to pay. Sources are rarely aware of the real commercial value of the information that they have access to. A single file can be the genesis for informed decisions which have ramifications measured in billions. The real costs of running a clandestine intelligence operation lay in the operative spies and the necessity for redundant and covert infrastructure to support them.
Despite the myriad costs and potential pitfalls of recruiting a human source within a company, most firms invest little or no resources towards hardening their staff against conversion. Regardless of how much a company spends to defend their internal digital information and resources, if the staff can be compromised all other defenses are moot. The sheer breadth of access that a human source can provide and the fact that they are often left completely uninformed and unprotected by their companies, makes recruiting a human asset the preferred method a spy has to breach a company’s defense.
Technical Intelligence (TECHINT)
Technical intelligence is the gathering of information via technical, or nonhuman, means. This can be aided by human sources within an organization, but in its purest form is an outside attack on the communications, data systems, or other technical aspects of an organization.
Collecting technical intelligence can take the form of bugging, tracking, compromising computer systems, the interception of communications or any means that involves non-human sources of information gathering. There are several advantages to technical intelligence over human intelligence as well as many drawbacks. The main advantage of technical intelligence gathering is that most firms only harden a fraction of the potential penetration vectors and leave the rest to the mercies of a technical savvy spy or one with recourse to specialist help.
As technology evolves, more information is held on external memory sources. People, companies and nations have invested heavily in protecting these machines and systems from external attack. The weakest link in any security system will always remain the human element, and this goes double for computer defenses. Information systems and security protocols are only useful if they do not overly impede daily use. It is through those people authorized to access and hold information that a spy most easily obtains covert access. One can use the human penetration agent to gain covert access to a system, thereby bypassing much, if not all, of the complex of built-in defenses.
Attempting to compromise computer systems from the outside, while by no means impossible, is a difficult and highly sophisticated task requiring significant expertise to do effectively. However, once a system is compromised, there is virtually no limit to the scope of information that can be obtained. The persistence of technical penetration also means that a system can be open to the spy over a longer period of time than may be the case with a human asset. Another advantage to systems penetration is the very covert nature of the action. Few, if any, other people will be aware that a spy has covert access. If the penetration is done correctly that means fewer traces and a lower potential for being caught.
A key advantage to technical information gathering is the strange psychological quirk that consumers of covert intelligence have which holds that raw information from the source, for example an intercepted telephone conversation or data taken directly from a compromised computer system, is more trustworthy and therefore of higher value than information obtained via a human source. Despite the fact that data is infinitely easier to manipulate than people, information coming from a covert technical source is often held in higher esteem. "Paper over people" is something of a mantra in intelligence organizations both national and private.
This belief opens up some very interesting avenues of defense for companies who wish to protect their most valuable data and can lead to a great deal of pressure on intelligence agents who are often called upon to obtain hard copy proof of their human source derived intelligence.
Open Source Intelligence
Open source intelligence is information obtained through ordinary overt means and open sources. This is an often overlooked area of intelligence gathering since it involves no covert operations to obtain. A commonly held opinion within the intelligence community is that the more difficult the process is to obtain information, the truer that information has to be. The savvy intelligence operator, however, will quickly realize that a tremendous amount of valuable information is simply out there on the net waiting to be plucked and used. Open source intelligence is most often obtained directly from the internet, at conferences, via published trade materials and from the company itself. This is one of the most powerful tools in the arsenal of the corporate intelligence agent. Overt open source research engenders little or no risk of detection and can yield tremendous amounts of commercially valuable information which often gives as clear a picture of a company’s actions as any form of covertly developed internal information could.
There is an old adage that a good spy is a good researcher and that the Central Intelligence Agency could learn more by reading the New York Times then the Times could learn from reading CIA cables. This has held true time and again and is an avenue that should never be over looked by the corporate intelligence agent or, for that matter, by those inside of a company trying to thwart the spies.
Another area in which open source information has become useful is in the preparation work needed to conduct covert operations against a company or an individual. Countless people place a massive amount of personal data about themselves online every day. Previously private information is freely accessible and can be used to target sources and develop an approach tailored by personal information against a specific target individual. A quick check of open sources such as Facebook, linked-in, twitter, and eHarmony can provide a corporate intelligence agent with virtually all of the personal information they need to effectively operate against a targeted individual or even an entire company.
Direct Action
Aside from the suborning of a human source within an organization, using technical means to penetrate a company or open source research to gather information, there are other means a corporate intelligence agent can use to gather intelligence about an organization or individual. Alternate techniques involve direct action to obtain intelligence materials. Collection of information by direct action against a company or person can be highly effective but may entail a significantly increased risk of discovery to the spy. Breaking into a company or an individual’s home to steal information, collecting personal or corporate trash for examination, direct actions to change policy and other methods all fall into this category and will be discussed in detail later.
There are various means of gathering intelligence, each with their own unique benefits and drawbacks. An adaptable intelligence agent knows how and when to use the most appropriate method or methods to obtain the desired result. The first step in any intelligence gathering action is to identify and work towards a specific collection goal. The means by which that particular goal is achieved is a matter of choosing which tool best suits the situation.
Human Intelligence
Human intelligence means using a Joe, mark, source, asset, or whatever a spy chooses to call their suborned human source on the inside, to obtain information on behalf of their client. Wittingly or not, using an inside person to gather information, gain access or recruit others for the spy is the oldest and by many measures, the most effective means of collecting information covertly.
The benefits of human intelligence, or using a human source, are numerous. Chief among them is that all systems, from the nation state to the company, are nothing more than collections of people with varying degrees of rightful access to information. By suborning an individual within an organization with the proper access, the spy can gain a direct route to the information that they desire straight from the source. Not only are human assets conduits for direct information transfer, but they are also full of secondary information about the organization, people within it and can provide invaluable context for the information being passed along.
One of the most appealing factors of using human intelligence sources in corporate espionage is the ease with which people can be turned to a spy’s purpose. Everyone, from the lowest cleaning person to the highest chief executive, has weaknesses and needs. Identifying their needs and weaknesses will allow a clever intelligence agent to easily manipulate a person with access to the information that they seek. Unlike state organizations, people who work for companies often have a much lower degree of attachment or loyalty to their organization which makes them infinitely softer targets for recruitment. Not having to deal with sentiments of patriotism, religious fervor and ideological betrayal is one of the key features that make targeting companies a safer and easier game than states or terrorists. Today's employees are highly mobile, often underpaid, overworked, accustomed to changing jobs regularly, feel under the down-sizing or lay-off ax and therefore are less likely to hold deep rooted or sentimental attachment to the company or trust for the people in it.
Another key difference and advantage for corporate spooks over their state based brethren is that they are not subject to recruitment barriers by their employers. In most state intelligence organizations, there exists a highly detailed code defining the type and background of persons who can and cannot be approached for recruitment. Government guidelines are often based more on political expedience than on operational effectiveness. Such handicaps are rarely applied to corporate operations. The field of covert recruitment is open to a much wider cast of characters in the private world than would ever be available to a state sponsored intelligence agent.
Key Benefits of Human Intelligence:
Direct access to information
Ease of turning vulnerable sources within an organization
Access to total range of potential clandestine sources
Human sources can provide context for information unavailable within the raw data
The ability to create cutouts and a “fall guy” in the event of trouble
The possibility of using a human source within an organization to circumvent technical data collection counter-measures
The chance to look an asset in the eye and detect falsehood
The possibility of using that asset to spot and recruit others within an organization for direct actions against the target company
Persistence and mobility within a company of a recruited source, the ability to maneuver the source to the area that the spy wishes to penetrate.
Sources have a right to secret information as part of their function within a company so little suspicion will fall on them for accessing that information on the spy’s behalf.
~~~~~
There are distinct limits to the usefulness of human intelligent assets. Primarily, it may prove difficult to recruit a source within the narrow circle of people who have direct access to the specific information that a spy seeks. One thing to remember is that not just the senior echelons in a company have access to commercially valuable information and protected internal systems. Secretaries, IT staff, cleaning people, assistants, family, lawyers, lower level coworkers and many others can gain access overtly or covertly to virtually every part of a company’s data network or other intelligence nodes. Sources are prone to lie, fabricate information, have doubts and guilt or be turned against the spy by the opposition. Human assets are fragile beings who require a significant amount of care, particularly if they are in place over an extended period of time. Due to the fragile nature of the human psyche and sheer bad luck, human assets are the most likely avenue by which corporate intelligence agents are caught.
When a person has made the decision to lie to their employer and their peers, it can be quite empowering and potentially habit forming. The power of holding secrets over others and the utility of deception imparts an almost narcotic like high. This sense of power can bleed over quickly into attempts to deceive the spy on the part of the source. The tendency for a human intelligence asset to lie, make themselves seem more important than they are or provide false or misleading information to please or punish their handler is always there and needs to be protected against at all times. Knowing precisely the asset's ability to conduct covert acts and level of access to certain kinds of information is a critical aspect of proper asset handling. It is always necessary to maintain a tight rein on intelligence sources and if possible, double check their information against other sources to verify the information received.
Drawbacks of Human Intelligence
Difficulty of recruiting sources within the narrow circle of people with access to the information that the spy seeks
The possibility of fabrication or inflation of data from the source
The necessity of direct contact with the source for recruitment and running
The fragility of human beings when faced with the pressure of a double life
The potential for counter intelligence to use sources to feed false or misleading information to the spy
~~~~~
The essence of being a competent corporate spy is not just in the preparation work, the tradecraft and knowing how to take care of oneself in the field, it is in the care of one’s recruited assets.
A properly maintained asset in place can yield all of the vital information a spy requires and do it in such a way as to remain undetectable for years. Assets, however, are civilians prone to breaking down emotionally and physically from the stresses of leading an operational double life. This vulnerability is one of the main drawbacks to using a human intelligence asset in place. If an asset falls apart, they can be detected. If the insider is detected or defects, not only does the spy not obtain the information that they are seeking, but they too can be caught. At the very least, the target organization will realize that there is an immediate threat and increase levels of defense in response, making the spy’s job much more difficult.
Given its wide and international usage, detection, arrest and prosecution of corporate espionage agents is remarkably rare. Discovery is almost always the result of careless or disintegrating human assets being turned by the opposition to expose their handlers. When an intelligence agent is using human assets to penetrate an organization, they are well-advised to use tight trade craft at all times and keep a close eye on their human sources to detect the possibility that they are under opposition control.
Signs that an Intelligence Asset has been Turned or is Ready to Crack
The asset is suddenly extremely nervous and anxious when communicating or meeting with the handler
The quality or quantity of information being provided by an asset changes suddenly
The asset becomes evasive about their behavior and recent actions
The asset becomes smug and superior in their attitude to the handler
The asset insists on meeting in person in a location or time of their, not the handler’s, choosing
The asset tries to warn the handler by subtle sign or action that they are under control
Good tradecraft means teaching the source some simple key words to use when communicating with their handler to indicate that they are under opposition control.
Use occasional spot surveillance of the source to ensure that they are at liberty and operating for, not against, the spy.
~~~~~
Given the list of disadvantages and fragility of human nature, one might ask why an intelligence agent would choose to use human sources at all when almost any category of information sought is available via technical means or through the company’s own computer network. The short answer is complexity and technical knowhow. Breaking into an organization’s computer system, tapping a target cell phone, or any of the myriad technical means of modern covert data collection require a certain degree of expertise and specialized equipment which the intelligence agent in the field may not possess. There is also a high probability of encountering tight internal systems security. Most companies in the world invest very heavily in protecting their technical infrastructure, particularly their computer systems. The typical spy does not have the expertise or access to staff capable of breaching systems to the degree necessary for obtaining the information required, or if they do, the cost may be too high. This lack of technical expertise or resources leads back to using a human source.
If a spy can recruit a single person with access to the information systems that they need, they can usually completely bypass all of the security measures that a company has placed in the path of outside intruders. One lesson that corporations have yet to learn is that no matter how state of the art their technical defenses are, the weakest link is always going to be the human element. Time and again, companies have been penetrated to their very core by employees who are left completely defenseless and unmonitored against the advances of a corporate intelligence agent. It is a known fact that corporate espionage regularly costs companies hundreds of billions of dollars each year around the world. And yet effective internal security and counter intelligence operations in most companies are practically nonexistent. Private businesses operate in such a laughably poor state of preparation to defend against the predation of trained and resourceful intelligence agents that in most cases there is little challenge in breaking through a company’s internal security.