By Charles Patterson, Jan 24, 2014
Corporate espionage strikes fear in the hearts of many executives, and rightly so. The threat is real, often not visible and not understood, and damage to the company (and to individuals) can be severe. Spying comes in many forms and guises. Cyber crimes and network hacking grab most of the headlines. They are certainly huge problems and require serious attention, but modern technology puts many advanced eavesdropping techniques in the hands of the general population as well as criminals. If you are responsible for the protection of executives, it is helpful to understand the threat that eavesdropping poses to the principals and their corporate concerns.
Corporate Threat
In the corporate arena, there are significant espionage threats from nation states, foreign competition, and other powerful adversaries. But there is also potential danger from others closer to home. Consider that most serious crimes usually begin with some form of surveillance. Disgruntled employees or executives, unscrupulous reporters or media organizations, ruthless investigators, lone attackers, and others can cause financial, legal, or political damage as well as market loss and even physical threat. From a pie in the face to an assassination, whether an employee wants to embarrass a senior executive, a competitor wants to derail a new product, or a terrorist group is planning a kidnapping, they all need surveillance to know what is going on around their target. Eavesdropping could be their weapon of choice.
Compared to international espionage, corporate level eavesdropping is less recognized in the media because many times when it has been discovered, most organizations manage to keep it out of the news, handling the situation internally. In the majority of the countermeasures sweeps we have performed where eavesdropping devices were discovered, the perpetrator turned out to be an insider, usually an employee or (and very often) an executive.
Protection against the more technical eavesdropping threats requires a professional sweep team. They will have the tools, knowledge and training needed to recognize and locate advanced devices. But what if a sweep team is not available, yet you have serious meetings taking place? There are a number of steps you can take to help secure an area or protect your executives, if you know what to look for.
Surveillance Techniques
It is important to understand the surveillance techniques used by the perpetrators. Visual surveillance is an obvious concern. Protection professionals are usually aware of this threat and keep a look out for suspicious vehicles or people hanging around in inappropriate areas. Sometimes it can be more subtle, though. Be aware of potential observation posts that might be used for eavesdropping – windows overlooking your target area, adjoining offices with connected ceilings or air ducts that allow sound to pass easily – these could be low-tech vantage points for spying on confidential meetings.
High tech eavesdropping is much more difficult to detect. Countermeasures against current technological threats require advanced equipment and a much focused effort. Electronic “bugs”, wiretaps, and recording devices are being sold openly on the internet and from numerous overseas sources. Just by the numbers of the devices being sold, you can be sure that many within your organization have had their hands on at least one or two potential eavesdropping devices. These could be as innocent as a baby monitor or a small voice recorder, but more deceptive spy devices such as covert video cameras, hidden transmitters, and GPS tracking devices with listening capability are also in abundance.
Most people are already carrying an effective spy device with them – their cell phone. Cell phones today can both record and transmit audio and images. One could easily be left behind in a meeting room or dropped into an office sofa allowing the “spy” to listen in from the comfort of their own desk, or connect from another phone anywhere in the world.
Existing Equipment Vulnerabilities
One important concern is the vulnerabilities of existing electronic or communications equipment. This can include telephone sets, intercoms, and audio-video and teleconference systems. All phone systems have built in features that can be misused for eavesdropping. Are you familiar with those features? Learn about your phone system, what does the phone look like if the speaker has been turned on? If the phone is not being used during an important meeting, it can be unplugged to insure that no one connects to it. Do your executives have reliable voicemail passwords? We have had to deal with many cases of voicemail systems being hacked that could have been prevented if secure passwords had been used.
Is your conference audio system connected to phone lines? We have found conference audio systems connected to an office phone extension and set by default to answer any incoming call and patch the caller into the ongoing conference. We could call in from outside the building and listen to everything going on in the conference room. Ask the AV operator assure that it is disconnected or disabled if you are not using it for phone connections.
Covert Devices
Key fobs, pens, and sunglasses are examples of common items sold at spy shops with eavesdropping devices built in. A tell-tale sign that a device may be designed for eavesdropping is the appearance of a USB jack or memory card slot on the side. These devices do not normally need USB connections, but those that are designed for surveillance will have one to allow for battery charging as well as downloading the stolen information.
There are also USB thumb drives that have been designed for eavesdropping, of course they have a USB connection, but upon inspection you will usually find a small hole for a microphone or slightly larger hole for a camera on the dangerous devices.
Visual Inspection
Don’t forget to do a good visual sweep. Executive protection personnel will often perform such inspections before their principal enters an area. See that your security teams know what suspicious devices might look like and make sure they report any such items including lost cell phones that may have been found in private areas.
Professional TSCM
One important note though, inexpensive spy-shop-type detection tools are not effective for countering serious threats. There are a multitude of sophisticated devices that require advanced equipment for detection. Be sure you have a professional countermeasures firm to consult with when serious concerns arise.
Contact us at www.execsecurity.com for more information on protecting your company from corporate espionage and eavesdropping.