💾 Archived View for aphrack.org › issues › phrack39 › 9.gmi captured on 2021-12-03 at 14:04:38. Gemini links have been rewritten to link to archived content

View Raw

More Information

-=-=-=-=-=-=-

                                ==Phrack Inc.==

                  Volume Four, Issue Thirty-Nine, File 9 of 13

                               THE OPEN BARN DOOR

                  U.S. Firms Face A Wave Of Foreign Espionage

                               By Douglas Waller
                         Newsweek, May 4, 1992, Page 58


     It's tough enough these days for American companies to compete with their
Pacific Rim rivals, even when the playing field is level.  It's a lot tougher
when your trade secrets are peddled by competitors.  One Dallas computer
maker, for example, recently spotted its sensitive pricing information in the
bids of a South Korean rival.  The firm hired a detective agency, Phoenix
Investigations, which found an innocent-looking plastic box in a closet at its
headquarters.  Inside was a radio transmitter wired to a cable connected to a
company fax machine.  The bug had been secretly installed by a new worker -- a
mole planted by the Korean company.  "American companies don't believe this
kind of stuff can happen," says Phoenix president Richard Aznaran.  "By the
time they come to us the barn door is wide open."

     Welcome to a world order where profits have replaced missiles as the
currency of power.  Industrial espionage isn't new, and it isn't always
illegal, but as firms develop global reach, they are acquiring new
vulnerability to economic espionage.  In a survey by the American Society for
Industrial Security last year, 37 percent of the 165 U.S. firms responding said
they had been targets of spying.  The increase has been so alarming that both
the CIA and the FBI have beefed up their economic counterintelligence programs.
The companies are mounting more aggressive safeguards, too.  Kellog Company has
halted public tours at its Battle Creek, Michigan, facility because spies were
slipping in to photograph equipment.  Eastman Kodak Company classifies
documents, just like the government.  Lotus Development Corporation screens
cleaning crews that work at night.  "As our computers become smaller, it's
easier for someone to walk off with one," says Lotus spokesperson Rebecca Seel.

     To be sure, some U.S. firms have been guilty of espionage themselves --
though they tend not to practice it overseas, because foreign companies have a
tighter hold on their secrets.  And American companies now face an additional
hazard:  The professional spy services of foreign nations.  "We're finding
intelligence organizations from countries we've never looked at before who are
active in the U.S.," says the FBI's R. Patrick Watson.  Foreign intelligence
agencies traditionally thought friendly to the United States "are trying to
plant moles in American high-tech companies [and] search the briefcases of
American business men traveling overseas," warns CIA Director Robert Gates.
Adds Noell Matchett, a former National Security Agency official:  "What we've
got is this big black hole of espionage going on all over the world and a naive
set of American business people being raped."

     No one knows quite how much money U.S. businesses lost to this black hole.
Foreign governments refuse to comment on business intelligence they collect.
The victims rarely publicize the espionage or report it to authorities for fear
of exposing vulnerabilities to stockholders.  But more than 30 companies and
security experts NEWSWEEK contacted claimed billions of dollars are lost
annually from stolen trade secrets and technology.  This week a House Judiciary
subcommittee is holding hearings to assess the damage.  IBM, which has been
targeted by French and Japanese intelligence operations, estimates $1 billion
lost from economic espionage and software piracy.  IBM won't offer specifics,
but says that the espionage "runs the gamut from items missing off loading
docks to people looking over other people's shoulders in airplanes."

     Most brazen: France's intelligence service, the Direction Generale de la
Securite Exterieure (DGSE), has been the most brazen about economic espionage,
bugging seats of businessmen flying on airliners and ransacking their hotel
rooms for documents, say intelligence sources.  Three years ago the FBI
delivered private protests to Paris after it discovered DGSE agents trying to
infiltrate European branch offices of IBM and Texas Instruments to pass secrets
to a French competitor.  The complaint fell on deaf ears.  The French
intelligence budget was increased 9 percent this year, to enable the hiring of
1,000 new employees.  A secret CIA report recently warned of French agents
roaming the United States looking for business secrets.  Intelligence sources
say the French Embassy in Washington has helped French engineers spy on the
stealth technology used by American warplane manufacturers.  "American
businessmen who stay in Paris hotels should still assume that the contents of
their briefcases will be photocopied," says security consultant Paul Joyal.
DGSE officials won't comment.

     The French are hardly alone in business spying.  NSA officials suspect
British intelligence of monitoring the overseas phone calls of American firms.
Investigators who just broke up a kidnap ring run by former Argentine
intelligence and police officials suspect the ring planted some 500 wiretaps on
foreign businesses in Buenos Aires and fed the information to local firms.  The
Ackerman Group Inc., a Miami consulting firm that tracks espionage, recently
warned clients about Egyptian intelligence agents who break into the hotel
rooms of visiting execs with "distressing frequency."

     How do the spies do it?  Bugs and bribes are popular tools.  During a
security review of a U.S. manufacturer in Hong Kong, consultant Richard
Hefferman discovered that someone had tampered with the firm's phone-switching
equipment in a closet.  He suspects that agents posing as maintenance men
sneaked into the closet and reprogrammed the computer routing phone calls so
someone outside the building -- Heffernan never determined who -- could listen
in simply by punching access codes into his phone.  Another example:  After
being outbid at the last minute by a Japanese competitor, a Midwestern heavy
manufacturer hired Parvus Company, a Maryland security firm made up mostly of
former CIA and NSA operatives.  Parvus investigators found that the Japanese
firm had recruited one of the manufacturer's midlevel managers with a drug
habit to pass along confidential bidding information.

     Actually, many foreign intelligence operations are legal.  "The science
and technology in this country is theirs for the taking so they don't even have
to steal it," says Michael Sekora of Technology Strategic Planning, Inc.  Take
company newsletters, which are a good source of quota data.  With such
information in hand, a top agent can piece together production rates.
American universities are wide open, too: Japanese engineers posing as students
feed back to their home offices information on school research projects.
"Watch a Japanese tour team coming through a plant or convention," says Robert
Burke with Monsanto Company.  "They video everything and pick up every sheet of
paper."

     Computer power:  In the old days a business spy visited a bar near a plant
to find loose-lipped employees.  Now all he needs is a computer, modem and
phone.  There are some 10,000 computer bulletin boards in the United States --
informal electronic networks that hackers, engineers, scientists and
government bureaucrats set up with their PCs to share business gossip, the
latest research on aircraft engines, even private White House phone numbers.

     An agent compiles a list of key words for the technology he wants, which
trigger responses from bulletin boards.  Then, posing as a student wanting
information, he dials from his computer the bulletin boards in a city where
the business is located and "finds a Ph.D. who wants to show off," says Thomas
Sobczak of Application Configured Computers, Inc.  Sobczak once discovered a
European agent using a fake name who posed questions about submarine engines to
a bulletin board near Groton, Connecticut.  The same questions, asked under a
different hacker's name, appeared on bulletin boards in Charleston, South
Carolina, and Bremerton, Washington.  Navy submarines are built or based at all
three cities.

     Using information from phone intercepts, the NSA occasionally tips off
U.S. firms hit by foreign spying.  In fact, Director Gates has promised he'll
do more to protect firms from agents abroad by warning them of hostile
penetrations.  The FBI has expanded its economic counterintelligence program.
The State Department also has begun a pilot program with 50 Fortune 500
companies to allow their execs traveling abroad to carry the same portable
secure phones that U.S. officials use.

     But U.S. agencies are still groping for a way to join the business spy
war.  The FBI doesn't want companies to have top-of-the-line encryption devices
for fear the bureau won't be able to break their codes to tap phone calls in
criminal investigations.  And the CIA is moving cautiously because many of the
foreign intelligence services "against whom you're going to need the most
protection tend to be its closest friends," says former CIA official George
Carver.  Even American firms are leery of becoming too cozy with their
government's agents.  But with more foreign spies coming in for the cash,
American companies must do more to protect their secrets.

                              How the Spies Do It

MONEY TALKS

     Corporate predators haven't exactly been shy about greasing a few palms.
In some cases they glean information simply by bribing American employees.  In
others, they lure workers on the pretense of hiring them for an important job,
only to spend the interview pumping them for information.  If all else fails,
the spies simply hire the employees away to get at their secrets, and chalk it
all up to the cost of doing business.

STOP, LOOK, LISTEN

     A wealth of intelligence is hidden in plain sight -- right inside public
records such as stockholder reports, newsletters, zoning applications and
regulatory filings.  Eavesdropping helps, too.  Agents can listen to execs'
airplane conversations from six seats away.  Some sponsor conferences and
invite engineers to present papers.  Japanese businessmen are famous for
vacuuming up handouts at conventions and snapping photos on plant tours.

BUGS

     Electronic transmitters concealed inside ballpoint pens, pocket
calculators and even wall paneling can broadcast conversations in sensitive
meetings.  Spies can have American firms' phone calls rerouted from the
switching stations to agents listening in.  Sometimes, they tap cables attached
to fax machines.

HEARTBREAK HOTEL

     Planning to leave your briefcase back at the hotel?  The spooks will love
you.  One of their ploys is to sneak into an room, copy documents and pilfer
computer disks.  Left your password sitting around?  Now they have entry to
your company's entire computer system.
_______________________________________________________________________________