CI versus corporate espionage: thoughts on an ABC News story
I read this news item from ABC news 'James Bond' Tactics Help Companies Spy on Each Other" and had only one thought: that guy is totally unethical and wrong.
A few years ago, an Israeli colleague commented to me that in his experience, most of the ex-secret service operatives who try and enter the commercial world of CI fail. The reason he said is that they don't know the boundaries of what is legitimate competitive intelligence collection and what is corporate espionage, and illegitimate. He also said that in many cases, they also have no real idea of budgets and what is valuable to a company strategically versus the cost of obtaining it. Most never had a budgetary role when working for the various national security services and so could not do a cost-benefit analysis effectively.
This story shows both examples. Purchasing the garbage from an organisation is not only unethical but strikes me as wasteful. Garbage is thrown away for a reason - it's not wanted and valueless. The majority of companies today have shredders and routinely shred anything that would be seen as highly sensitive. True, the mid-level material may be chucked, but not the high-level stuff. (And those that don't shred deserve what they get - I'd be surprised that any Fortune 500 companies don't have shredding contracts!)
As for the other shenanigans implied - any company that employed a consultant to use such techniques deserves to get sued and end up paying more than they gained. The trouble is some do - and the list of companies that learned the hard-way that espionage doesn't pay is still growing.
So let me make it clear: espionage is wrong, while CI is a legitimate practice that uses only ethical means to collect intelligence.
This involves declaring your identity and NOT collecting information that would be classed as secret or confidential. As Issur Harel the Israeli spy-chief responsible for capturing the Nazi war murderer, Eichmann, is reported to have said:
We do not deal with certainties. The world of intelligence is the world of probabilities. Getting the information is not usually the most difficult task. What is difficult is putting upon it the right interpretation. Analysis is everything. James Bond is not the real world.
3 comments:
Hmmm - An interesting perspective but it discounts curtilage: the expectation of privacy in the yard
(http://findarticles.com/p/articles/mi_m2194/is_n4_v67/ai_20576402/) which is the umbrella argument for investigators in the USA. It works for commercial land too.
Your argument also presupposes the competitor has a brain in their head and uses it. This is a rare occurrence in our experience. IF they don't shred, they're idiots. IF their dumpsters are not secured, they're idiots.
The items located in the garbage are always drafts of the final plans - the high level stuff as you said - that being said, the analysts can then deduce the overall direction/plans/thinking of the target.
As for speaking on the telephone; so long as you don't misrepresent yourself, pretend to be a different living person, a real company, a government official at any level - the onus is on the person speaking on the other side of the line. If they are well trained and have a modicum of social civility, they will identify the person to whom they are speaking, determine their level of access to information, and operate within those boundaries. Otherwise they should be sweeping the floor and not interacting with the public.
I agree with you that companies that don't shred plans - even drafts - are idiots. There are a lot of stupid companies out there - and even if the company itself isn't stupid, there are plenty of stupid senior executives who think that they won't be overheard on their mobile phones, or that the person sitting next to them on the plane isn't reading the presentation on their laptop.
And for those who say it's highly unlikely, think again. I was travelling to visit a client. In the next seat was somebody from one of their competitors - updating their internal financial accounts. We had a nice chat - about his company - and at no point did he ask me why I was interested. I suspect that he just thought i was being friendly and communicative to take away the tedium of train travel.
So yes - there are idiots out there.
The point is that if you depend on idiots for your CI you are going to find that when it matters most, you won't find what you need - as you won't have honed the ethical and analysis approaches that can deliver but are less straightforward and DO require skill.
It's like the story about Tom Clancy and his book The Hunt for Red October. Apparently after he wrote the book, Clancy was summoned by the CIA and ordered to divulge his sources and who had leaked confidential material - as some of the details in the book accurately described secret submarine weapon systems. In fact, all Clancy had used was articles in freely available journals such as Aviation Week, Space Technology and similar. He'd then extrapolated, made educated guesses - and worked out some of the US Navy's secrets from publicly available data - OSINT (Open Systems Intelligence).
The problem is that too many people from (so called) intelligence backgrounds discount OSINT and analysis. They want the quick hit - as supplied by dumpster diving, misrepresentation and other unethical practices. This makes them lazy - so that either they fail to find what they need on a company that IS secure, or are forced into overt espionage approaches.
I can appreciate your argument. We categorize the information gathered from the stupid as low-hanging fruit.
It's nice to have and easy to get, but I agree, dumpster diving and the like are ancillary and not main sources that warrant expending a lot of time or funds collecting.
Post a Comment