CORPORATE ESPIONAGE

The saying, “if you’re not watching your competition, you’re busy creating it” can have real twisted connotations with respect to corporate espionage. Surely, it’s good management practice to be aware of what the competition is up to. But, how do you



know that your competitors aren’t using unethical means to gather information about your company and products?

Welcome to the dark side of corporate espionage.

	The Spy within An internal e-mail memo forwarded to an outsider can land your organization in trouble Protect Your assets How to safeguard your network against hack attacks Computer CRIME BUSTING Computer forensics is a growing field for detecting potential evidence on computer break-ins IP SPOOFING Attackers can manipulate an innocent host into attacking a victim To catch a spy You’ll find these tools for spying and for catching spies on the PCQEssential CD

If you think that only defense establishments, multi-national banks and government networks are attacked, it’s time for a rethink. Corporate espionage can happen at any level, and to a company of any size, as long as the information required is critical enough. In a survey by KPMG last year, the respondents from the ICE (Information, Communication and Entertainment) sector felt most vulnerable to corporate espionage. This was because their edge lay in their intangible assets like databases, knowledge pools and proprietary information. Add to that the fact that the CERT (Computer Emergency Response Team) reported 52,658 incidents of online security incidents in 2001 alone, more than double that reported in 2000.

What can be stolen, and by whom?



If you have anything that gives you an edge over competitors, be rest assured that your competitors will make all attempts to find out about it, if they don’t know it already. This information could range from source code for that great new software you’re going to launch, to intellectual property, marketing plans, trade secrets, research documents, and more.

So, who’s going to get this information? Contrary to belief, it won’t be some “script-kiddie” sitting at a computer in the wee hours of the morning trying to hack into a corporate network. A lot of corporate espionage is done by professional investigators specially hired for the job. Also a disgruntled employee could be sending your secrets to your competitors.

How’s it being done?



Now for the juicy part. For the disgruntled employee, free e-mail sites, instant messaging and FTP sites are just a few of the channels that can be used to send information. External investigators can use more organized ways to get information. A good place to start can be the Internet. Ample information is available in public databases about companies and their business. If the company has a website then the task is even easier.

With so much information and a deluge of tools readily available on the Internet, it has become easier to indulge in corporate espionage. However, this doesn’t mean that you can’t do anything about it either. Surely, if there are tools like sniffers, password crackers, keyboard loggers and spyware, then ample tools (both

hardware and software) are also there for protection.

But one must keep in mind that tools alone aren’t enough to protect your network. You could have the best security set up in the world, but what if someone from outside cons one of your new employees into sending out confidential information?

That’s where proper employee training and security policies come in. To protect your company from being spied, you need to first understand how it’s done. Finally, after all the proper practices and tools in place, if your system still gets compromised, then computer forensics comes to the rescue. It’s a vast and growing field of IT that involves hunting for evidence on a



computer that’s been compromised. In the pages to follow, we talk about all this in more detail. So, read on and
be prepared.

Anil Chopra