The spy who loved me (and my laptop)

Industrial espionage is widespread in a cut-throat world. Keeping an eye on your PC just might save your business.

Steve Boggan
Sunday 23 October 2011 07:11

Picture a scene in which a team of highly trained security men hears that a computer containing secret information has been stolen by an enemy.

Taking to the air in a helicopter, the team switches on a radio receiver to pick up signals from a transmitter hidden inside the computer. Closing in, they corner their prey, surround him and retrieve the computer. The thief may be handed over to the police or, to spare embarrassment, allowed to leave.

No, this is not a script for the next James Bond movie. This is the world of corporate security as seen by some of Britain's biggest blue-chip companies.

The days when the most serious threat to travelling executives was a drunken evening during which trade secrets were indiscreetly shared are over. Today, business executives are routinely bugged, tapped, recorded, filmed and conned into leaving laptop computers unguarded long enough for spies to download their contents. No one can say how prevalent industrial espionage is, but security companies report anecdotal evidence of a huge rise in concern over the loss of commercial secrets.

"We do regular electronic sweeps to find intercepts on fax machines and bugs in boardrooms all over the country," says Peter Hewitt, European marketing director for the London-based Communication Control Systems. "But the biggest concern seems to be over the loss of information from travelling businessmen whose laptops are stolen or accessed in hotel rooms while they're having dinner in the restaurant."

Mr Hewitt's firm is negotiating with six of Britain's biggest companies over the sale of tracker devices that can be implanted in laptops. They are likely to cost in the region of pounds 4,500 each - about three times the value of the actual computer - but the commercially sensitive information contained in the laptop is often worth far more.

There are reports from the United States of executives offering rewards of up to $80,000 for the return of stolen laptops. More alarmingly, security companies talk of cases in which thieves have demanded ransoms of up to $500,000 for the return of computers.

"Not many business people are aware of just how vulnerable they are," says Gill Upton, editor-in-chief of Business Traveller magazine. "Many executives don't have a password on their machine, they don't use encryption [scrambling] programs and they often leave laptops unattended in their hotel rooms. They need to be made aware of the fact that many countries routinely have agents in hotels. That innocent-looking maid could be working for the secret service and she'll copy your files as soon as you leave your room."

Ms Upton tells executives of the case of the two French businessmen who travelled to China to sell a top-secret multi-million dollar missile guidance system. During the first day of negotiations, their Chinese hosts appeared desperate to buy the system. At the end of the day, the businessmen were invited to dinner and advised to leave their possessions - including a laptop - with their driver.

The following day, the Chinese had completely changed their stance. They appeared totally uninterested in paying for plans of the system and the businessmen felt they couldn't give them away. Until, with hindsight, they realised they already had.

"With the ending of the Cold War, state secret services are turning their attentions to industrial espionage to give their own companies an edge on foreign competitors," says Ms Upton. "We tell travellers to assume their hotel rooms are bugged or their fax messages are being intercepted whenever they're on business. Certainly they should make that assumption whenever they travel in America, France, Russia, China or Korea."

Control Risks, a respected security analysis firm, issues advice to clients on the pitfalls of trading in the former Soviet Union. Clients, they say, should never hire local people unless the prospective employee has been vetted and recommended by their embassy's trade section; they should never leave any sensitive documents or disks unattended; they should assume that older ex-government buildings are bugged. Things get really sneaky when the former KGB gets involved, blackmailing executives or simply stealing their secrets.

Control Risks cites the example of a married businessman falling for the charms of a beautiful young woman, only to be shown an explicit video recording of their sexual encounter the following day. He was subsequently invited to co-operate with his new business partners.

But it isn't just old enemies who have turned their attentions to industrial espionage. The most commercially dangerous ally with which to do business has proved to be France. In 1993, the Independent revealed the existence of a French intelligence document compiled by the Department of Economics, Science and Technology which served as a commercial shopping list for agents, a guide to which industrial secrets France wanted most from her allies.

The shopping list included British helicopter technology from Westland, solid-rocket booster technology, satellite research and information about high-definition televisions, where European companies lagged far behind America

It also ordered French intelligence agents to penetrate Wall Street banks, securities houses and consultants, including Citibank, Chase Manhattan and Goldman Sachs, giving top priority to finding out about investment plans in Europe. And it advised agents to pay particular attention to lawyers and consultants who are often privy to clients' secrets but who are notoriously careless with documents and on the telephone.

In the same year, the American and Canadian intelligence services issued discreet warnings to companies to assume that their executives were being bugged whenever they flew first-class with Air France. The airline has denied that any of its employees were involved in the practice, but suspicions persist that they didn't need to be; there were hundreds of intelligence agents only too happy to plant bugs.

One security firm (which refuses to be identified) claims to have developed a system that could make snooping much simpler. "Every computer emits a frequency that can be picked up by our equipment and that allows us to read it by locking on to it manually," a senior executive of the firm told the Independent.

"It's a bit hit and miss at the moment, but it can be done and the technology is improving all the time."

The company claims it is already selling the equipment to intelligence agencies - something that some observers doubt - but the executive says it has been banned from supplying it to the general public. If it has developed such technology, however, it can only be a matter of time before the company spooks get hold of it.

For the time being, intelligence-gathering is far more mundane. Peter Sommer, a research fellow at the London School of Economics Computer Security Research Centre, says: "The more exotic pieces of equipment are certainly there - and the capacity of some companies for buying surveillance junk that doesn't work seems unlimited - but most intelligence is gathered in far more simple ways.

"The most common theft of information comes from the unattended computer in the office. Often industrial spies will gain access to a company as a cleaner or repair man and simply make copies on floppy disks at an unattended terminal.

"There are bugs and taps, but the amount of information that can be copied from a computer is enormous, so computers are the prime targets. Company surveillance teams also follow executives into pubs, overhearing conversations. And they gather basic information about senior personnel from newspapers and public records. It all helps to get an edge on your rival."

Even when your company has been drained of all its pricing secrets, when its commercial strategies have been siphoned off and its product development plans laid bare, you may not know it, and may continue to lose contracts to a mystery competitor who thinks you're a fool.

One such company - which remains in terrible ignorance - asked a freelance computer consultant to examine its pricing program last year. The consultant was not a security risk, but he was, he discovered later, being followed by an opposition surveillance team.

"I left my laptop in the car while I popped into a pub for lunch," he said. "When I came out, the car had been broken into and the computer had been accessed. They didn't take it, so I have to assume they just copied the pricing program. I didn't know which was worse: to tell the company directors and lose my business or not tell them and let them lose theirs."

And, business being business, he said nothing.

Join our new commenting forum

Join thought-provoking conversations, follow other Independent readers and see their replies

View comments