INDUSTRIAL

ESPIONAGE
YOUR LECTURER

Head Agent
PALMER U. MALLARI
Chief, Automated Case
Monitoring Division
INDUSTRIAL ESPIONAGE
What is Industrial Espionage?

- any illegal attempt or efforts to gain access into

information concerning a company’s plans, products,
clients, or trade secrets, with the objective of gaining
intelligence for competitive and business advantage
INDUSTRIAL…
- a form of espionage conducted for commercial purposes
between companies and corporations aimed at
developing competitive and economic intelligence.
(SOURCE: Wikipedia)
INDUSTRIAL…
THROWBACK: On January 04, 2011, the Agence
France Press (AFP) reported that the head of a German
company claimed that France is a top offender when it
comes to industrial espionage, even worse than China
and Russia.
THROWBACK: Industrial Espionage has been a delicate
problem among US businesses that in 2009, the US
Federal Bureau of Investigation and Central Intelligence
Agency told companies: “you are on your own”,
practically admitting that that there is no way they could
protect American businesses from itself or foreign
agents.
 TARGET OF I.E.
1. Proprietary Information such as:

- Trade secrets
- Confidential formulas
- Future plans and upgrades
TARGET OF I.E.
2. ONGOING RESEACH ON:

- new products
- new sales and marketing techniques
TARGET OF I.E.
3. OTHERS:

- accounting books and records

- clients
- corporate talents, consultants
 MOTIVATIONS
1. MONEY based:

- personal monetary gain

- increased profit
MOTIVATIONS…
2. Pride and Prestige

3. Revenge

4. Security – business and otherwise

 LEGALITIES
CRIMINAL:

Is Industrial Espionage punishable by penal laws?

By the Revised Penal Code (Theft, )

By Special Laws:
R.A. 8293- Intellectual Property Rights Code
R.A. 8792- E. Commerce Law
R.A. 10175- Cybercrime Prevention Act
LEGALITIES…
CIVIL:

Payment of damages
 RED FLAGS FOR
INDICATIONS OF I.E.
1. When a rival introduces a very similar product.

2. When employees in the company show suspicious

or illegal behavior
RED FLAGS…

3. When items, blueprints, schematics, proposals,

documents are noticed to be altered, misplaced or
missing.
RED FLAGS…

4. When extortion occurs for the return of stolen

information
 POSSIBLE PERPETRATORS
1. Employees (on their own volition)

- rank and file

- officers

2. Employees conniving with competitors.

POSSIBLE…
STATISTICS: “The enemy most often lies within. About
85 % of espionage crimes are perpetrated by
employees. Your intranet firewalls may be great at
keeping outsiders out, but do nothing to prevent insiders
from turning into outlaws by exporting company secrets.”
said MICHAEL ANDERSON, President of New
Technologies, Inc., a major computer software programs
company in the US.
POSSIBLE…
3. CONTRACTORS: Interested companies hiring
investigative firms, information brokers, thieves

“After the Cold War, undercover Intelligence Operatives

went mainstream and became information brokers.”
POSSIBLE…
4. Foreign and local Intelligence: Foreign governments
engaging their own "intelligence" services to acquire
trade or research secrets for their own national
purposes or industries.
 ESPIONAGE TACTICS
TACTICS Depend on the Type of Espionage:

1. Traditional Espionage
2. Computer (Internet) Espionage
3. Visitor Espionage
4. Travel Espionage
TRADITIONAL ESPIONAGE
.
1. Theft. Stealing information or goods to use for the
competition.

2. Blackmail. Extortion through the use of threat or

intimidation, i.e., by exposing critical information. This
can also take the form of "denial of service" threats to
major e-commerce firms.
TRADITIONAL…
3. Mole Planting (penetration and infiltration)
The best mole is one who established a trusted cover
within a company long before beginning any
espionage.
TRADITIONAL…
4. Eavesdropping

Listening in on private conversations using covert

listening apparatus, remotely or on-site.
(For hi-tech, intercepting WIFI transmissions, or
tapping email).
TRADITIONAL…
5. Seduction

An age-old technique using sexual offers or advances

to lure information out of an individual.
TRADITIONAL…
6. Bribery

To influence someone by offering money or a favor to

glean information or to prompt illegal or corrupt action.
TRADITIONAL…
7. Foreign Intelligence Recruits (later on called
commercial agents)

8. Conniving with Employees of Competitor

9. Bogus Job Applications/ Interviews

10. Professional Butterflies

TRADITIONAL…
11. Bogus Purchase Negotiation

Companies or teams that pose as buyers in order to

glean critical information about a company.
TRADITIONAL…
12. Research under False Pretenses

Collecting open-source or public materials or databases

with aliases to hide the fact that the information collector
is in fact a competitor.
TRADITIONAL…
13. Corporate Communications Intercepts

Intercepting phone and fax transmissions, particularly

international fax transmissions

14. Using Familial Connections

Conversations with unsuspecting relatives of company

executives
TRADITIONAL…
15. Trade Fairs
- establishing contact with experts who have
high level of technical understanding

- by simply sitting near potential targets and

starting casual conversation

- requesting for product demos and

presentations
TRADITIONAL…

16. Using Commonalities

Targeting individuals with common language,

cultural heritage, or religion for fact finding missions.
TRADITIONAL…
17. GOVERNMENT PRESSURES
Such as when naturalized citizens:

- are induced to provide information for patriotic

reasons, or when there is threat of political,
social or economic repercussions

- repatriating them to employ processes and

methods used by foreign companies.
TRADITIONAL…
18. Government Debriefing

Government debriefing of its citizens to acquire

information upon their return from a foreign country
TRADITIONAL…
19. "Dumpster Diving - Garbageology“

When criminals and their cohorts dig into garbage

cans, dumped materials and trash from target
companies with the hope of securing relevant
information about the target.
TRADITIONAL…
20. Solicitation and Marketing

Marketing and requests by foreign entities to gain

access to proprietary information or R & D through
service offers, i.e. software support, purchasing or sales,
or via employment applications, internships, or other
means.
TRADITIONAL…
21. Outsourcing / Delocalization

Foreign outsourcing can exploit methods,

processes, or information. Delocalizing under license
often leads to a loss of security in countries not bound by
copyright or trademark laws.
TRADITIONAL…
22. Front Companies

Foreign governments may own private companies

(such as import-export firms), joint ventures, or may
establish exchange or friendship organizations in other
countries in order to gather intelligence from foreigners
who have frequent contact with targeted firms or
organizations.
TRADITIONAL…
23. Joint Ventures & Bidding Process

Foreign purchasers may prompt companies to

provide copious amounts of data in the bidding process,
compromising valuable proprietary information.
TRADITIONAL…
24. Close Proximity

Joint ventures and strategic alliances may put

unscrupulous personnel in close proximity with a firm's
key personnel or technology and may allow them to gain
access to areas or information outside of their work
agreement.
TRADITIONAL…

25. Mergers and Acquisitions

Mergers and acquisitions usually allow new

company owners/partners to acquire certain
technologies not in their prior possession.
TRADITIONAL…
26. Heated Negotiating

Buyers make excessive technology information

demands during negotiations. Non-disclosure
agreements are helpful but not fool-proof especially in
countries with minimal legal protection for foreign firms.
TRADITIONAL…
27. University Research

Information collectors are often placed at

university research facilities by foreign government or
competition intelligence services.
 COMPUTER ESPIONAGE
1. Casual Copying of Files

- when employees download materials and/ or

prepare hard copies of files and either pass them on to
other sources or haphazardly leave them unattended for
vultures to prey on
COMPUTER…
2. Computer Hacking

- when suspects gain access into a computer

system or network without proper authorization and in
the process copy material information
 KEYLOGGING
- the practice of noting (or logging) the keys strokes on a
keyboard, typically in a covert manner so that the person
using it is unaware that his actions are being monitored.
The keylogger is able to note of a user's online habits
and thereafter transmit it back to the computer of the one
which installed it.
KEYLOGGING…
HOW INSTALLED:

HARDWARE KEYLOGGERS- physically installed into

the computer in such a way that the user would not
easily notice it. Mostly placed directly under the
keyboard or in the cable connecting it and the CPU.
KEYLOGGING…
NON HARDWARE TYPE- get introduced into the system
through pop-up advertisements where the user is enticed
to install the attached software for free by clicking. Other
sources include instant messaging, e-mail attachments,
download managers, online gaming, and porn-sites
 COUNTERMEASURES
1. Vigilance in custody and storage of computers and
other storage devices.

2. Regular system checks, anti-virus updates, and the

like.
COUNTERMEASURES…
3. Secure passwording. (doubtful)
- use of alpha-numerics
- if possible, different passwords for different
accounts
- avoiding password sharing
COUNTERMEASURES…
4. If possible, avoid free-softwares, applications, pop-
ups. Run anti-virus before opening attachments.
 PHISHING
Pronounced like fishing, it is a term used to describe the
act of sending an e-mail to a user falsely claiming to be
an established legitimate enterprise in an attempt to
scam the user into surrendering private information that
will be used for identity theft.
PHISHING…
When used in an email, a click on a suggested link
directs the user to visit a Web site where they are asked
to update personal information, such as passwords and
credit card, social security, and bank account numbers,
that the legitimate organization already has. The Web
site, however, is bogus and set up only to steal the
user’s information.
PHISHING…
Phishing, also referred to as brand spoofing or carding,
is a variation on “fishing” the idea being that bait is
thrown out with the hopes that while most will ignore the
bait, some will be tempted into biting.

NOTE: While PHISHING is done randomly, it becomes

more effective if an intended victim is identified and
known to be vulnerable.
PHISHING…
“Phishing” is also the act of uploading in the internet a
bogus website or a replica of a legitimate website
containing a link which directs you to a website or in
itself a webpage/website designed to collect bank or
credit information.
PHISHING…
CASE: In 2003, eBay account holders received e-mails
supposedly from eBay claiming that the user’s account
was about to be suspended unless he clicked on the
provided link and updated the credit card information that
was originally registered by the user with eBay.
PHISHING…
Because it is relatively simple to make a Web site look
like a legitimate organization’s site by mimicking the
HTML code, the scam counted on people being tricked
into thinking they were actually being contacted by eBay
and were subsequently going to eBay’s site to update
their account information.
PHISHING…
By spamming large groups of people, the “phisher”
counted on the e-mail being read by a percentage of
people who actually had listed credit card numbers with
eBay legitimately.
PHISHING…
eBay request: Your Account Has Been Suspended!

Dear eBay customer,

Your Account has been Suspended. We will ask for your password only once.
We will charge your account once per year. However you will receive a
confirmation request in about 24 hours after the make complete unsuspend
process. You have 24 hours from the time you'll receive the e-mail to
complete this eBay Request.
Note: Ignoring this message will cause eBay TKO delete your account
forever.

To make unsuspend process please use this link:

http://fakeaddress.com/ebay
PHISHING…

eBay will request personal data(password;and so on) in this email.

Thank you for using eBay!
http://www.ebay.com/
--------------------------------------------------------------------------------
This eBay notice was sent to you based on your eBay account preferences.If
you would like to review your your notification preferences for other types of
communications, click here.If you would like to receive this email in text
only,click here.
 COUNTERMEASURES
1. Being able to Identify a PHISH. How to Spot?
a. Company Name- phishing e-mails are sent out
“randomly” to thousands of different e-mail addresses,
thus, the sender has no idea who you are. Since you
have no affiliation with the company, it is fake. (e.g., if
the e-mail comes from Wells Fargo bank but you do not
have an account thereat)
COUNTERMEASURES…
b. Spelling and grammar - Improper spelling and
grammar is almost always a dead give away. Look for
obvious errors.
COUNTERMEASURES…
c. No mention of account information - If the company
really was sending you information regarding errors to
your account, they would mention your account or
username in the e-mail. In the above example the e-mail
just says "eBay customer“.
COUNTERMEASURES…
d. Deadlines – The E-mail requests an immediate
response or a specific deadline.

e. Links - Although many phishing e-mails are getting

better at hiding the true URL your are visiting, often
these e-mails will list a URL that is not related to the
genuine company’s URL.
(e.g. http://fakeaddress.com/ebay is not an eBay URL)
COUNTERMEASURES…
2. When uncertain with a received email:

Do not click links. Instead, manually type the address of

the company in the browser box. Thereafter, manually
examine the pages and search the answers to your
query.
COUNTERMEASURES…
3. Carefully examine the company name in the URL.
Con artists use URL that at first glance appears to
be the name of a well-known company but is slightly
altered by intentionally adding, omitting, or transposing
letters. For example, the URL "www.microsoft.com"
could appear instead as:
www.micosoft.com/ www.mircosoft.com
COUNTERMEASURES…
Another technique:

In the URL, the service feature should come after

the company name not the other way around. (e.g.
www.citibank-cardapplication.com and not
www.cardapplication-citibank.com)
COUNTERMEASURES…
4. Never send any personal information through e-mail. If
an email is requesting that you send them personal
information about your account or are saying your
account is invalid visit the web page and log into the
account as you normally would. Do not click on the
email’s suggested link.
COUNTERMEASURES…
5. If you are still not sure about the status of your
account or are concerned about your personal
information contact the company directly either through
an e-mail address provided on their web site or over the
phone.
COUNTERMEASURES…
6. Security Tip: Beware of spoofed websites which
appear to have padlocks. To double-check, click on the
padlock icon on the status bar to see the security
certificate for the site. Following the “Issued to” in the
pop-up window you should see the name matching the
site you think you’re on. If the name differs, you are
probably on a spoofed site.
COMPUTER ESPIONAGE…
3. Casual Information Requests

Online requests for sensitive information, to

unsuspecting low- or mid-level personnel.

“SOCIAL ENGINEERING”-
 SOCIAL ENGINEERING
- a method which is utilized to acquire information
without the use of any tangible tool but merely the ability
to speak and the power of persuasion of the person
needing the information.
SOCIAL…
The ability to speak of a suspect allows him to penetrate
the defenses of an intended victim and ultimately gain
his trust and confidence into acquiring valuable
information about the victim or others.
SOCIAL…
Social engineering allow suspects to call an intended
victim’s office and residence and acquire information that
are not available from the documents they earlier
secured.
SOCIAL…
Information are easily secured when the persons whom
suspects talk to haphazardly release information such as
“cellular phone number”, nicknames, hobbies and others
without having to notice that they are being had.
Most Social Engineers are likewise very good at
psychological profiling of their intended victims, with the
use of:

1. Shotgunning
2. Rainbow Ruse
3. Barnum Statement
SHOTGUNNING- offering a general or open statement
but with high-possibility of getting a hit from a respondent

Example:
“ I am thinking of a name, starting with a letter “M”
who has a big impact in your life.
“I am seeing a place, somewhere in the North which
is very important…”
RAINBOW RUSE- a statement which discusses both the
positive and negative aspects of a trait, thereby covering
the entire range of possibilities

Example: “you have difficulty opening up to a new

acquaintance, but the moment you have grown close,
you become very intimate about details of your life”
BARNUM STATEMENTS- general statements which
when told to a specific respondent, may be accepted by
the latter as directly pertaining to him

Example: “You feel that time is very precious that you

feel a sense of waste when you do senseless things”
 VISITOR ESPIONAGE
1. WIRED VISITORS

- visitors with concealed listening devices,

cameras, video recorders concealed in their
bodies and paraphernalia
VISITOR…

2. Conversation Detours

- sudden deviation from topics of conversations

during site visit, presentations, and the like which
is not agreed upon in advance.
VISITOR…
3. Downplaying Status or Playing Dumb

- when a visitor intentionally understates his

status, technical skill or expertise in order to
induce host to brag some more and eventually
disclose company capabilities and secrets
 TRAVEL ESPIONAGE
1. Luggage or Laptop Search/ Theft

- such as when briefcases and luggage in hotel

rooms can be searched for sensitive data and
copied; the same applies to security checkpoints or
border crossings where there is connivance with airport
or immigration personnel
TRAVEL…
2. Tapped Room Phones

- Phone, WIFI, and fax intercepts are often

employed through the traveler's hotel phone or point of
contact.
 COUNTERMEASURES

BUILDING ENTRY-POINTS:

Alarm

Install with motion detectors in high-risk areas

and with dial-up alerts to security firm or police
when alarm goes off.
COUNTERMEASURES…
Control Points

Employ security personnel to control entry ways, check

visitors in and out, or man doorways to sensitive areas;
install surveillance cameras to monitor comings and
goings.
COUNTERMEASURES…
Keys and Locks

- Special keys/locks for sensitive areas such as

Research and Development
- doors in these areas and to stairwells should be locked
at all times and connected to burglar and fire alarms
COUNTERMEASURES…

- all keys should be returned and accounted for when

employees are separated from company
- magnetic key cards previously assigned should be
erased
- ceiling and ventilation entry points regularly inspected
COUNTERMEASURES…
High-Tech Access Control

Employ biometric scanners that copy and scan parts of

the anatomy, i.e. fingerprints, handprints, voice, or
retinas for high-risk, high-tech companies.
COUNTERMEASURES…
DATA STORAGE

ON SITE:

- use of Safe

- use of immovable safe for storage of sensitive

documents, backup disks, laptops or PDAs with sensitive
information
COUNTERMEASURES…
OFF-SITE STORAGE

- use secure location (bonded warehouse, safety deposit

boxes) for storage of sensitive archives
COUNTERMEASURES…
INFORMATION DISPOSAL

- use of Cross-Cut Shredders that would frustrate even

the most patient thief from resurrecting paper records

- place shredders next to copiers and fax machines for

reminder of immediate disposal
COUNTERMEASURES…
TRASH PROTECTION

- secure dumpster areas with proper lighting, fencing,

locks, and surveillance.
COUNTERMEASURES…
COMPUTER DISPOSAL

- retired computers holding sensitive data should have

the hard drive removed and destroyed. Do not reformat
and sell.

- if need be, hard drive previously containing sensitive

data can be retained or re-used provided that it is wiped
by wiping software (DEGAUSSERS) replaced with
random data
COUNTERMEASURES…
DEGAUSSERS- used for removal of all data from disks,
tapes, or hard disks by electro-magnetic realignment.

- re-used hard drive may be used to store random data

COUNTERMEASURES…
SECURE COMPUTING

- develop a "Secure Computing Policy" that restricts

information abuse.
COUNTERMEASURES…
COUNTER-SURVEILLANCE EQUIPMENT

- electronic surveillance, utilize Internet/email security

and CCTV video monitoring (where legal), listening and
interception devices, signal jammers

- regularly sweep offices with bug detectors.

COUNTERMEASURES…
TELECOMMUNICATIONS

- use of the simplest models offer the least possibilities

for others to listen in
- use landlines and avoid cell phones and cordless
phones for sensitive conversations.
- use of voice encryption programs between individuals
using phones with encryption software installed.
COUNTERMEASURES…
STRICT POLICIES/ AGREEMENTS

- employ trade secret non-disclosure and non-compete

agreements for all employees with access to sensitive
information.
COUNTERMEASURES…
AWARENESS

- establish awareness training among employees to

detect espionage

- run discreet-simulated exercises to determine

employee awareness and preparedness
COUNTERMEASURES…
"AT RISK" EMPLOYEES

- red-flag on employees with substance abuse or money

problems, or personal stress, which may prompt illegal
activity within the company.

- make employees realize that internal espionage will be

penalized to the fullest
COUNTERMEASURES…
DUE DILIGENCE

- establish Due Diligence background checks for hiring,

outsourcing, or prospective visitors or business teams.
Note: Different jurisdictions can restrain the amount and
use of information collected.
COUNTERMEASURES…
CRISIS MANAGEMENT

- develop Crisis Management Policy for fire, systems

malfunctions, industrial sabotage, natural disaster and
terrorist threats

- review policies frequently and immediately after an

incident has occurred.
COUNTERMEASURES…
CONTINUITY

- establish Business Continuity guidelines in the event of

death or employment separation of key personnel.
COUNTERMEASURES…
ONLINE-SECURITY

FIREWALLS

- install firewalls to protect your data and system and

maintain their integrity and patches on a frequent and
regular basis.
COUNTERMEASURES…
PASSWORDS

- regularly change passwords. Disable "save password"

function on log-in scripts
- strict policy on secure passwording (use of alpha-
numerics, no password-sharing)
COUNTERMEASURES…
NETWORK SCANNING

- scan company networks regularly and directly in

advance of new product releases

- if possible, avoid free-software downloads,

applications, pop-ups. Run anti-virus before opening
attachments.
COUNTERMEASURES…
- allow system administrator to check if programs have
been altered in any way and show sign of any suspicious
activity.
COUNTERMEASURES…
STEGANOGRAPHY and DIGITAL
WATERMARKING
- techniques that control digital content by concealing
information within graphics. Mostly used for
copyright/trade mark protection online

- in lieu of the above, use Encryption or code software to

prevent unauthorized users from reading or altering
data, especially for e-mail and archiving.
COUNTERMEASURES…
VISITOR MEETINGS

SECURE ROOM:

- assume any room you use is insecure unless otherwise

proven
COUNTERMEASURES…
- screen for surveillance devices before sensitive
meetings: bugs, laser lights, concealed transmitters,
video surveillance, or miniaturized camera lenses

- run signal-jammers during meetings, if possible

COUNTERMEASURES…
BUSINESS TRAVELS

VIGILANCE:

- in securing sensitive materials

- laptops, storage devices, mobile phones

COUNTERMEASURES…
- in running physical sweep of hotel rooms, landlines and
other apparatus where listening devices, eavesdroppers
may be installed
 END OF
PRESENTATION:

Visit:
palmermallari.blogspot.com