[ISN] Defense Against the Dark Arts

From: William Knowles (wkat_private)
Date: Thu Jun 14 2001 - 00:35:33 PDT

  • Next message: Robert G. Ferrell: "Re: [ISN] Pentagon Reverses Order to Destroy Old Hard Drives"

    June 2001
    JOHN NOLAN, A FORMER U.S. intelligence officer, took the call on a hot
    sticky day in July. It was from the CEO of a major consumer
    electronics company in California. He told Nolan that his company was
    working on a mysterious new technology that once launched, would
    change the face of his industry and double the company's revenue base.
    The CEO said he had taken "extraordinary security measures" to make
    sure no competitors found out about the new product. But just to make
    sure, he wanted Nolan, who had founded his own intelligence agency
    after retiring from the Department of Defense, to penetrate his
    company's fortifications and find out what his R&D group was working
    on, how much money was being invested and when the new product would
    be rolled outall in 30 days or less.
    It took Nolan's crew about three hours of working the phones to find
    out that one of the company's senior managers had been out of the
    office for the past three months. So they staked out the executive's
    home and early one morning, tailed him as he drove to a nondescript
    building about 15 miles from the company's headquarters. An armed
    guard let the executive through. Nolan's people made no attempt to
    follow. Instead, they took down the license plate numbers of every car
    in the parking lot and ran those numbers against Web databases until
    they had the identities and after more digging, the work titles of
    every person who had driven to the facility that day.
    Posing first as pollsters and later as headhunters, Nolan and his crew
    covertly interviewed almost all of the key engineers involved in the
    project. They not only discovered what the top secret technology was,
    how much it cost to develop and when it would be launched. They
    alsoand well within the 30-day deadlinegave the shocked CEO the names
    and contributions of six strategic partners in the project.
    Nolan, whose Huntsville, Ala.-based Phoenix Consulting Group is one of
    the best-known competitive intelligence (CI) firms in the business,
    says he only does the James Bond stuff to show companies their
    vulnerabilities. But according to Nolan and others in the field, a
    growing number of intelligence gatherers regularly transgress ethical
    and even legal boundaries on behalf of corporate clients both here and
    Such spooksmany of them former government spies who migrated to the
    civilian sector after the Cold War endedwill resort to every dirty
    trick in the book. They'll lie, misrepresent themselves, steal phone
    records and do anything they can to wiggle their way into your
    confidence. Perhaps even now they are shopping their specialized
    talents to your competitors. So, listen up and remember that
    forewarned is forearmed.
    The Espionage Price Tag
    Earlier this year, in a report to the European Parliament, a British
    investigator asserted that both U.S. and European companies routinely
    engage in corporate espionage. And many foreign corporations regularly
    receive help from intelligence-gathering networks in their own
    governments, which use the latest in information monitoring technology
    to keep abreast of supposedly private Web communiqus. According to the
    U.S. Chamber of Commerce, corporate espionage costs U.S. shareholders
    at least $25 billion a year in intellectual property losses.
    "The Internet has made it so much easier to gain access to
    information. It has actually made people and companies more open,"
    Nolan says. "It's getting harder and harder to protect your assets
    from the bad guys."
    Consider, for example, the recent unpublicized case of a California
    biotech CEO who got a call from someone claiming to be a reporter from
    a foreign television company. The "reporter" wanted to interview him,
    and the CEO was happy to oblige. "One of his crew had a shoulder video
    camera, and they walked with the CEO around his R&D lab with the
    camera running," says Alan Brill, a senior managing director at
    investigative firm Kroll Associates who is familiar with this case.
    "They were able to steal a number of secrets by videotaping the
    equipment, the settings on the equipment, and papers and notebooks
    that were lying around. And this CEO was so busy trying to be a star
    that he never noticed what they were doing or validated who they
    Some companies, like the biotech CEO's, are at a competitive
    disadvantage because they are simply unaware of the spies among them.
    Others know what's going on but are afraid to take the steps necessary
    to protect themselves. "Most companies don't like to get embarrassed,
    and they don't want to risk the bad press that comes from doing the
    James Bond stuff," says Nolan, who worked for the Defense Department's
    intelligence agency for 22 years. "We can't even use the term
    counterintelligence with the business community; they think of torture
    and assassination when we use that term. So we call it competitive
    Competitive assurance may not involve torture. But it does sometimes
    involve lying or misrepresentation. There's the old headhunter trick,
    for instance, or the potential investor who just has to know a
    company's R&D plans. The ruses are endlessly varied (see "A Ruse by
    Any Other Name," right), and what many executives may not realize is
    that they are perfectly legal. Lying to obtain information is not even
    cause for a successful trade secret lawsuitunless the imposter has
    signed a nondisclosure agreement. Ironically, the only party who can
    legitimately be charged with a trade secret violation is, in many
    cases, the employee who unwittingly shared the crown jewels. "It's not
    illegal to misrepresent yourself," says R. Mark Halligan, an expert on
    trade secret law and a principal with the Chicago law firm Welsh &
    Katz. "And the pretext itself is not actionable."
    Making matters worse, many corporate executives have a faulty
    understanding of just how to go about doing the kind of intelligent
    intelligence gathering that will keep them one step ahead of the
    competition. While corporate CI units need to know the arsenal of
    dirty tricks competitors might use against them, specialists say they
    should also understand that good competitive intelligence can often be
    accomplished without resorting to such shenanigans. If you know what
    you're doing, they say, the information you seek about your
    competitor's plans can usually be obtained by legitimate "open source"
    "You don't have to do the Mickey Mouse stuff to get proprietary
    information," Nolan says. "We get that kind of thing all the time just
    by calling the right people, going through public records and putting
    the pieces of the puzzle together."
    That doesn't mean, however, that there aren't bad guys out there. CI
    insiders say that certain Fortune 500 companies regularly rely on
    subcontractors to do their dirty work. "The fact of the matter is
    there are independent contract relationships," says Halligan,
    referring to what happens when a CI firm turns around and hires a
    subcontractor to do the work they don't want to get caught doing. The
    subcontractor "comes back with a report, and [the contractor] doesn't
    really inquire how you got the results of that report. You can call
    that plausible deniability; the fact is the corporation's relationship
    is with the first person, not with any subcontractor he may have
    Interview with the Vampire
    Marc Barry is one of the bad guys. He says so himself. A cocky fellow
    from Dorchester, a working-class section of Boston, Barry won't say
    how he learned to do intelligence work or which agencies he may or may
    not have worked for in the past. "I basically developed my skills
    working undercover for years against Asian organized crime networks
    that were manufacturing counterfeit stuff" is all Barry will
    acknowledge in a long phone interview from his office in New York
    City. But he readily confesses that people who do the kind of work he
    does have to be "highly manipulative" and "borderline sociopathic."
    (Barry is also quite friendly. After two brief preinterview phone
    conversations, he invited this reporter, a perfect stranger, to his
    loft in Manhattan to see his priceless collection of modern
    Barry, who is a founder and president of a CI firmC3I Analyticsin New
    York City, says he regularly uses false pretenses to get information
    on his clients' competitors. And he knows a lot of other intelligence
    gatherers who do likewise. "The Society for Competitive Intelligence
    Professionals [SCIP] claims that all of their members abide by ethical
    rules, that they do everything by open source," says Barry. "You know,
    information you can pull down from a company's 10K, patent searches,
    Internet searches, pollution permits, that sort of thing. But that's
    simply not true. And the reason I know this is because I have been
    hired by SCIP members to engage in some very dubious activity on their
    Barry claims he once (illegally) obtained the phone records of a West
    Coast defense contractor at the request of a prominent CI firm whose
    founder is on the SCIP's board of directors. "We do as much
    open-source stuff as anyone elseand if you know where to look, you can
    get a wealth of information without resorting to deception and
    trickery," he notes. "But when it comes to things like profiling a
    competitor's R&Dlike finding out Pfizer's formula for a drug it's
    developing for arthritisyou're not going to get that without deception
    or trickery."
    A Cereal Killing
    Consider, for example, the job that Barry undertook on behalf of a
    cereal manufacturer that directly competes with the Quaker Oats Co.
    His assignment was to uncover Quaker Oats's R&D strategy. The first
    thing Barry and his crew did was conduct a thorough Internet scrub
    (search) of people and institutions affiliated with the cereal
    company. In this way, they discovered the names of several prominent
    professors whose research Quaker Oats was funding. At which point the
    games began.
    "We would pose as just about everything," says Barry. "[We'd act as]
    grad students writing papers; we'd set up front companies and talk to
    these professors about the possibility of also funding their research.
    It's all a matter of knowing how to get the guy to open up to you."
    Barry and his minions were also able to penetrate a supposedly secure
    facility in Chicago where Quaker Oats scientists were doing all kinds
    of genetic research. "We posed as journalists from an agriculture
    magazine interested in developments in genetics as it related to crop
    production, and we were able to meet with key researchers and
    interview others over the phone."
    How did they carry off the deception? "The first thing we did was set
    up a bogus voice mail box and fax-forwarding line and e-mail address.
    And the phone lines all had the corresponding area code; so when the
    [target] called back," Barry proudly explains, "they would think we
    were in the area when, in actuality, we were talking to them from New
    York City."
    Barry's investigators also canvassed job sites such as Monster.com and
    Headhunter.net, punching in "Quaker Oats R&D," to find people with
    that credential on their posted rsums. "Half of these people were
    still working at Quaker Oats and looking for a job, or had recently
    left," Barry says. "So we interviewed them." The interviews were done
    under false pretenses, or the sources were hired as consultants and
    paid for the information they provided, he says.
    His company was soon able to report back that the main focus of Quaker
    Oats's R&D was to introduce the genetic material from corn into oats
    to improve crop yield, among other things. The information proved
    quite valuable to Barry's client. "By honing their own R&D to
    replicate what Quaker had already done, they were able to bypass
    millions of dollars in research," he says.
    To this day, Barry says, "Quaker Oats doesn't know what happened. It's
    what we call a clean extraction." Barry insists that none of the
    techniques his company used in the Quaker Oats job were illegal or
    cause for a successful lawsuit. "I know exactly where the line is," he
    brags. "I can dance on the line, but if I get caught behind the line,
    that's when I get in trouble."
    Barrywho recently coauthored the controversial book Spooked: Espionage
    in Corporate America, in which he elaborates on these tricks of the
    tradesays his clients span the spectrum of Fortune 500 companies. And
    as a result of publicity from the book, he adds, "I've picked up some
    new clients."
    Working with Raytheon, Barry is trying to land $12 million in funding
    to create a new intelligence-gathering "war room" facility to be known
    as Intelogix. According to Michael Davis, who now works for Raytheon
    and formerly worked for the National Security Agency, Intelogix will
    help American corporations use online and offline means to go after
    counterfeiting operations that market fake products such as ersatz
    Gucci bags and Rolex watches. The venture, for which Davis holds the
    title of vice president of business development, will also provide
    companies with real-time monitoring of information on the Web so that
    they can stay up to speed on what's being spread about them or their
    "Let's say, for example, a rumor starts in a chat room that one of [a
    company's] products has been tampered with or is defective," Davis
    says. Company sales have already been hurt by such false rumors,
    "which spread at the speed of light on the Web. This is a way for
    companies to see what's being said in real-time and counter it
    immediatelybefore it has a major impact on their stock price or market
    Intelogix, of course, won't be the first to use sophisticated
    technologies to help companies protect themselves. Investigative firms
    such as Kroll Associates already offer this service, and a number of
    vendors sell surveillance software, including "sniffers" designed to
    ferret out unwanted visitors to a particular company's website and
    divert them to a look-alike site that contains only superficial
    Raytheon is also marketing to the civilian sector a covert monitoring
    software package that it developed for national security agencies.
    Nicknamed Silent Runner, the software monitors ingoing and outgoing
    e-mail in real-time as well as whatever websites employees are or have
    been surfing. "It's like Carnivore [the controversial FBI e-mail
    filtering technology]," says one CI expert. "It monitors the traffic
    on a company's network so trade secrets don't go bopping out on
    e-mail. And it can be programmed to intercept sensitive e-mail."
    Despite the barrage of new electronic tools and the well-publicized
    threat from hackers, intelligence experts say that so far electronic
    break-ins have been far less frequent and damaging than the more
    traditional means of securing information through human intelligence.
    "In four out of five situations, we have found that the compromise
    occurred by word of mouth, as opposed to sophisticated
    cyberpenetration," says Alden Taylor, a managing director and practice
    head of the business intelligence service at Kroll Associates.
    The same holds true for corporate efforts to gather competitive
    intelligence. Dozens of vendors sell software packages that purport to
    help companies collect and analyze data about their competitors. But
    according to a recent study by Fuld & Co., a leading CI outfit based
    in Cambridge, Mass., these technological tools are only one part of
    the answer. (See "Most CI Software Flunks the Fuld Test," right.)
    "Technology alone is not the solution to intelligence gathering," says
    Leonard Fuld, the company's founder. In other words, the old gumshoe
    approach still prevails.
    Doing It on the Up-and-Up
    Located on an industrial backstreet in Cambridge, Fuld & Co. is hard
    to find, tucked between a larger brick edifice and a
    mysterious-looking research facility that is surrounded by a
    barbed-wire fence. But penetrating the yellow brick building that
    contains the headquarters of Fuld & Co. is as easy as walking through
    one glass door and pressing a button that automatically opens another
    glass door. The founder of Fuld & Co. is similarly unimposing, a
    graying middle-aged man sporting a frumpy tweed jacket and a friendly,
    puppylike demeanor. But appearances can be deceiving; when it comes to
    gathering information, knowledgeable people in the field say that Fuld
    and his team are seasoned pros. In the past 22 years, the CI company
    has done more than 3,000 investigative assignments for companies here
    and abroad, and Fuld insists that most of it has been done on the
    "We're not angels, and we're not nave. But there are ways to do this
    very honestly and ethically," says Fuld, who bikes the few miles from
    Brookline to work when the weather permits. "And we encourage our
    corporate clients to stay within legal and ethical boundaries."
    Consider the case that Fuld took on a few years ago on behalf of a
    U.S. food manufacturer. The company was losing market share to a
    rival, and executives were suspicious that the rival was a
    money-laundering front for the Mafia. So Fuld's company did what any
    good CI outfit does first: The staff searched the Net for any and all
    news articles about the rival company and also checked various
    computerized databases that make supposedly private information
    available for a price. "We saw from a credit report that the rival had
    paid their bills on time, which indicated that they were not starving
    for cash and were in fact making money," Fuld recalls. Then, his crew
    went to the planning department at the local town hall and obtained a
    floor plan of the rival's factorypublic information for anyone who
    knows where to find it.
    They showed the floor plan to an engineering expert in the food
    industry and soon figured out that the rival had five production lines
    up and running, compared with their client's two. They also talked to
    the rival's equipment suppliers, who helped them unravel the company's
    production process.
    "There was no putting on false names or glasses, or whatever," Fuld
    says. "We identified ourselves as a consulting firm. Not everyone
    talked to us, mind you. But this is a business where you have to do
    more with less."
    They quickly discovered that the rival manufacturer was simply doing a
    more efficient job than Fuld's client of producing the same basic
    product. That was why they could sell it at a lower price. "There was
    no money laundering going on," he says.
    Fuld is openly contemptuous of investigators like Barry who routinely
    cross the ethical divide. "We can find the same information this guy
    says he finds, but we can do it legitimately," he insists. "Most
    professionals in this business don't have to lie, cheat and steal" to
    serve their clients.
    They may not have to, but there are a growing number of investigators
    who do. And if it made the difference between winning a lucrative
    contract or protecting your company's assets, wouldn't you?
    Senior Editor Alison Bass won't answer the phone anymore. But you can
    reach her at abassat_private
    "Communications without intelligence is noise;  Intelligence
    without communications is irrelevant." Gen Alfred. M. Gray, USMC
    C4I.org - Computer Security, & Intelligence - http://www.c4i.org
    ISN is hosted by SecurityFocus.com
    To unsubscribe email isn-unsubscribeat_private

    This archive was generated by hypermail 2b30 : Fri Jun 15 2001 - 00:00:32 PDT