When we think of spies, we often conjure up images of the suave 007 – James Bond. While glamorous, Mr. Bond is a caricature. Today’s spies look more like attractive women in bars trying to seduce Silicon Valley Executives (as reported by the San Jose Mercury News in: “Are Russian-spy hookers targeting high tech leaders and VCs at infamous Silicon Valley ‘cougar nights’?”) and can be financed and resourced by nation states such as the People’s Republic of China (“Chinese Spies Engaged in Massive Theft of US Technology”, an article in the Washington Free Beacon).
Who Are The Spies?
How Do Spies Operate?
There are a variety of ways that spies learn about their target. Classically we think of Human Intelligence (HUMINT) where individuals employ social engineering or other ruses to gain access to sensitive and important information.
Another effective means of gaining intelligence is Image Intelligence (IMINT). The best example of this technique was when the NFL learned that the New England Patriots were videotaping the defensive signals of their opponents – “Bombshell ESPN report says Patriots’ ‘Spygate’ scandal was worse than realized” (Business Insider).
Social Media is another way that spies learn about their targets. Facebook, LinkedIn and Twitter are a treasure trove of information about people, their likes, interests and even their friends and employers.
Working from the inside is a spy’s dream. As an authorized insider, the spy has legitimate access to people, systems and any other resources available to actual employees, contractors, etc. Chelsea (Bradley) Manning and Edward Snowden are good recent examples.
Vulnerability Reduction Items
1. Know What’s Valuable
Employees need to be on the same page with regard to what information is sensitive. For example, both engineering and marketing need to agree on what information about new products can be shared with the outside world.
2. Training and Awareness
The organization needs to be aware that it is a potential target. Key employees should be provided training that helps them identify potential ‘spies’, understand espionage tactics, techniques and procedures.
3. Contingency Planning
The organization should pre-plan how to mitigate harm from industrial espionage. This would include establishing relationships with private investigative and law enforcement agencies before incidents occur. Look for organizations that employ all source intelligence – investigators, cyber intelligence, TSCM, image intelligence – in a holistic way.
4. Technical Surveillance Countermeasures (TSCM) – Bug Sweeps
Hire professionals to perform periodic sweeps of sensitive areas such as conference rooms, executive offices and other areas where confidential plans or information is likely to be discussed.
5. Think Like The Bad Guys – “Red Teaming”
Consider having brainstorming sessions where selected team members look at the organization as if they were outsiders. These Red Teams assess what information is important or valuable and figure out innovate and creative ways to get it.
6. Assume Nothing
There are no coincidences and if it looks out of place or too good to be true it probably is.
COL (R) Lawrence D. Dietz
TAL Global Corporation
General Counsel and Managing Director, Information Security
Colonel (R) Lawrence D. Dietz is a nationally recognized expert in the areas of cyber security, cyber warfare, information security and intellectual property. Mr. Dietz is a licensed attorney and also provides litigation and legal support to our clients in these matters.
As a retired Army Reserve Colonel specializing in intelligence and PSYOPS, Mr. Dietz has over 30 years of diversified military and commercial information and cyber security experience. This unique knowledge combined with the thought leadership of academia enables Mr. Dietz to bring varied approaches and solutions to clients’ challenges.
As always, we value your feedback which helps us shape our perspective on recent events, security and the services we offer.
Feel free to reply to this email and share your thoughts with our team.
Your Friends @ TAL Global