[ISN] Espionage is the real thing

From: InfoSec News (alerts@private)
Date: Sun Jul 09 2006 - 23:02:35 PDT


July 8, 2006

Background checks, fingerprint scans and government-trained security 
agents manning the doors - welcome to Corporate America 2006.

Roughly $60 billion a year is lost to industrial espionage because all it 
takes is one successful spy to alter the fate of a company or even an 
industry, security experts told the Daily News.

"Something like 70% of a company's value is tied up in proprietary 
information and it's also where a company is at its most vulnerable," said 
John Villines, an Atlanta-based security consultant. "Today, if we had a 
threat level assigned to this problem, it would be 'red.' "

Last week's arrests of a 28-year-old Bronx man and two alleged accomplices 
- including an administrator at Coca-Cola - for trying to sell the 
soft-drink giant's secrets to Pepsi underscored the risks that even the 
most successful companies face.

In the Coke case, Ibrahim Dimson allegedly convinced one of his 
accomplices to stash secret documents in a Girl Scout cookie box. They 
then requested $1.5 million from PepsiCo to see the confidential files, 
authorities said. Rather than pay, Pepsi executives called the FBI.

Unlike Dimson, the accused thieves are not always caught.

In February 2005, hackers stole the personal information of 145,000 
customers at ChoicePoint, a major supplier of ID and credit verification 
services. The theft caused ChoicePoint to lose business and pay $26.4 
million in fines and legal fees.

"Espionage is an ever-present problem," Villines said. "And it's not just 
people hacking in, but current employees, former employees, contractors 
and vendors who pose the biggest risk."

To prevent a mole from leaking information, consultants urge corporations 
to set up elaborate background checks that include thorough interviews 
with former employers. Experts also counsel executives to be mindful of 
disgruntled workers.

"Corporations should profile their employees to determine who could be the 
biggest threat," said James Dallas, president of Dallas Security 
Investigations, based near Philadelphia. "The most important factors are 
their length of service and if they believe they have been mistreated."

Impressive physical security is encouraged. Visitor passes embedded with 
ID chips, laptops with sophisticated encryption systems and other modern 
technology are a powerful weapon in combatting thieves.

"If we're talking a formula, like in the Coke case, that is the lifeblood 
of a company, it must be handled like a piece of gold," Dallas said. "It 
must be locked in a safe place - or better yet divided into pieces and put 
in several safe places.

"No assistant should even see it, only the top executives should have 

Some companies even hire teams of experts, usually ex-FBI agents, to act 
as "sneakers" who try to steal the company's own information or assets as 
the ultimate test of the corporation's defenses. The teams then report 
their findings and security adjustments are made.

"No measure is too drastic," Villines said. "The bad guys keep adapting 
and companies need to too." 

Attend the Black Hat Briefings and
Training, Las Vegas July 29 - August 3
2,500+ international security experts from 40 nations,
10 tracks, no vendor pitches.

This archive was generated by hypermail 2.1.3 : Mon Jul 10 2006 - 08:44:17 PDT