Analysis: The Industrious Spies- I

By SAM VAKNIN, UPI Senior Business Correspondent

SKOPJE, Macedonia, May 13 (UPI) -- The Web site of the Generic Universal Role Playing System lists 18 state-of-the art equipment used for advanced spying. From binoculars to read lips, voice activated bugs to laser mikes that can decipher and amplify voice-activated vibrations of windows, it's enough to make James Bond jealous.

But rather than the unreality of 007, such contraptions are an integral part of industrial espionage. The American Society for Industrial Security estimated that the damage caused by economic or commercial espionage to American industry in 1997 was $300 billion.


The average net loss per incident reported was $19 million in high technology, $29 million in services, and $36 million in manufacturing. These figures are mere extrapolations based on anecdotal tales of failed espionage. Many incidents go unreported.

In his address to the 1998 World Economic Forum, Frank Ciluffo, deputy director of the CSIS Global Organized Crime Project, made clear why: "The perpetrators keep quiet for obvious reasons. The victims do so out of fear. It may jeopardize shareholder and consumer confidence. Employees may lose their jobs. It may invite copycats by inadvertently revealing vulnerabilities. And competitors may take advantage of the negative publicity. In fact, they keep quiet for all the same reasons corporations do not report computer intrusions."


Canal Plus Technologies, a subsidiary of French media giant Vivendi, in a lawsuit filed last March, accused NDS of hacking into its pay TV smart cards and distributing the cracked codes freely on a piracy Web site. It sued NDS, a division of News Corp., for $1.1 billion in lost revenues. The case provided a rare glimpse into information age, hacker-based, corporate espionage tactics.

Executives of publicly traded design software developer Avant! went to jail for purchasing batches of computer code from former employees of Cadence in 1997.

Reuters Analytics, an American subsidiary of Reuters Holdings, was accused in 1998 of theft of proprietary information from Bloomberg by stealing source codes from its computers.

Last December 2001, Say Lye Ow, a Malaysian subject and a former employee of Intel, was sentenced to 24 months in prison for illicitly copying computer files containing advanced designs of Intel's Merced (Itanium) microprocessor. It was the crowning achievement of a collaboration between the FBI's High-Tech squad and the U.S. Attorney's Office Computer Hacking and Intellectual Property -- unit.

U.S. Attorney David W. Shapiro said: "People and companies who steal intellectual property are thieves just as bank robbers are thieves. In this case, the Itanium microprocessor is an extremely valuable product that took Intel and HP years to develop. These cases should send the message throughout Silicon Valley and the Northern District that the U.S. Attorney's Office takes seriously the theft of intellectual property and will prosecute these cases to the full extent of the law."


Yet, such cases are vastly more common than publicly acknowledged.

"People have struck up online friendships with employees and then lured them into conspiracy to commit espionage. People have put bounties on laptops of executives. People have disguised themselves as janitors to gain physical access," Richard Power, editorial director of the Computer Security Institute told MSNBC.

Raytheon, a once thriving defense contractor, released "SilentRunner," a $25,000-65,000 software package designed to counter the "insider threat". Its brochure, quoted by "Wired", says: "We know that 84 percent of your network threats can be expected to come from inside your organization.... This least intrusive of all detection systems will guard the integrity of your network against abuses from unauthorized employees, former employees, hackers or terrorists and competitors."

This reminds many of the FBI's Carnivore massive network sniffer software. It also revives the old dilemma between privacy and security. An Omni Consulting survey of 3,200 companies worldwide pegged damage caused by insecure networks at $12 billion.


(Part 2 of this 3-part survey will appear Tuesday.)

Latest Headlines


Trending Stories


Follow Us