Stealing all your firm’s secrets

These days, you don’t need to sit outside in a van with your headphones on, listening to static for an hour before the battery runs out and the tape recorder gives a tell-tale clunk.

Tiny matchbox-sized gadgets are now capable of transmitting audio and video for hours on end to the other side of the world.

Not only that, but we are all constantly connected to the internet via mobile phones and computers, and happily share details of our work and home life on social media – all valuable information for spies.

For experts like Alex Bomberg, whose company International Intelligence provides counter espionage services to large organisations, the result is that the threats to company security are now almost too many to count.

He is casting his eye over one corporate head office to demonstrate the kind of things he “sweeps” for when giving security advice.

The organisation doesn’t want to be named – no-one is keen to have their security weaknesses pointed out publicly. Despite having identity passes and security guards, the company is still vulnerable, he says.

Traditional vulnerabilities, such as sensitive documents casually thrown into the bin or poorly paid cleaning and security staff being bribed to steal secrets, are now being amplified by technology.

Almost every meeting room is furnished with a conference phone that could be hacked. Anyone with a portable memory stick and a few minutes at a work station could download vast amounts of data or upload a virus. If you chuck out an old photocopier these days, the hard drive can hold years of stored data.

And corporate spies are continually developing new tech-based tricks.

“You pre-load a USB [memory] stick [with malware], and leave it where someone will find it,” says Mr Bomberg. “It’s human nature to wonder whose it is… especially if it says Accounts or HR on it.”

And then there’s the smartphone.

“They are very, very dangerous things,” he says. “You are bringing basically a transmitting device into a building.”

We are all effectively carrying the perfect James Bond gadget in our pockets.

“A lot of the larger companies now are creating sterile areas in which to hold a meeting. You can’t even take your mobile phone in, which is very good practice, because what have we got on our phones? A microphone.”

When it comes to business travel, executives are routinely advised nowadays to check a hotel suite thoroughly for listening devices, not to leave their laptop unattended, and to shun public wi-fi networks.

‘They’re investigating you’

But the most effective corporate espionage attacks of recent times have relied as much on human frailty as technology.

Former FBI agent Eric O’Neill is National Security Strategist at the Washington-based cybersecurity company, Carbon Black.

He says the race between virus and antivirus software has reached a stalemate – the new battleground is personal.

“Today, attackers are using sophisticated, ‘spear-phishing’ attacks,” says Mr O’Neill.

 

These are emails that have been carefully tailored to chime in with your own interests and experiences, using personal details gleaned about you from social media and elsewhere.

“They’re investigating you,” he says. “They’re learning about an individual and putting together emails that people will click on.”

The email might suggest your local golf shop is having a sale, for example, or that the renovation work on your office building is near completion. The aim is usually to entice you to click on a link containing malware.

In 2014, the US accused five Chinese military officers of spying on US industrial giants – including Alcoa, Solarworld, US Steel and Westinghouse – by sending emails that appeared to come from executives within the company, the US indictment said.