Trivialization of Espionage
By Walter Felix Cardoso Junior
I am drawing attention to the issue of corporate espionage. News reports clearly show that the phenomenon is growing at an exponential expansion, as an epidemic of the business environment. However, most people who do business unaware of this or think this threat is not a reality. Perhaps can, aligning ideas clarify and guide those professionally engaged in enterprise systems, particularly in Latin America. Entrepreneurs who deal with sensitive information need to know more about self- protection; not only that, they should practice on a daily basis, proactively defensive actions to mitigate the risk of safety in its operations.
I analyze the experience and the contemporary restructuring of the world economic space as a result, largely, of the disputed financial concentration which seriously affected the United States and Europe in recent years, in the context of the current international situation, antithesis of Neoliberalism spread by first world countries to the great crisis of 2008. The phenomenon has favored the rise of regional geopolitical powers that, every day, sign their role in the whole multipolar; among them highlight Brazil, albeit with ups and downs.
My experience and analysis indicate a significant increase in casualties among knowledge workers, often as a result of misinformation about potential risks associated with activities that require intensive human relationship, especially in environments where it becomes easy to disregard Standards and Corporate Procedures already consolidated.
In the following text, I want to emphasize that attitudes can be simple, many of them without any economic cost but of great importance for functional self-protection. With the same tone, I recommend special attention to the protection of corporate intangible assets, supporting the institutional need to develop a real risk prevention mentality in the chain of knowledge production, from the planning, collection, processing and analysis and to its subsidiary spread.
Methods to operationalize espionage
The planned effort to catch illegal information inputs in corporate environments, as those in Brazil and other Latin American countries, may involve convergent processes and often being complementary ones. To better understand the phenomenon of espionage practiced here it is necessary to consider the cultural heritage of Brazilian people (subservient mainly colonizing culture Lusitanian), and its peaceful nature, inherited a history of bloody conflicts permeated by few (the last major war on the Brazilian territory occurred in the far nineteenth century), the governmental system prevailing political ideology, business practices, and what many call “ethical market”. Nevertheless, beyond the rigor of this study on anthropological bias, studying and understanding the capability of the forces that compete in regional arena, viewed as adversaries, rivals, opponents and the top of that scale, classified as enemy will be essential, in order to undertake actions adverse and illegal to obtain relevant information at any cost.
I cast a vast technological apparatus used in illegal surveillance activities, aimed at observing and tracking discrete targets, specialized devices that are available to citizens in any Brazilian cities — midrange, low cost ones -, which can be materialized in often imperceptible devices, invasive and very effective.
The Cold War’s old spy tactics cannot be disregarded in Brazil, such as recruitment1, infiltration2, extortion by blackmail, and pheromone traps, which here have been employed widely in corporate battlefields, by being classic cases. Proliferate yet discreet and illegal actions of looking for something on hotel premises to obtain evidence to be used in due course against the honor and privacy of people targeted for playback and modification or replacement of confidential documents, theft laptops and other objects to disguise intent, including collection of sensitive and careless garbage, but rich in information resources for the competitors.
It is worth mentioning that, in general, victims of equipment theft occurred in a hotel suite may possibly adverse suspect action planned by unfair competition, however, if more dependencies from the same establishment has also been “visited” and properly “cleaned”, suspicion may weaken, and the argument to prevail will then be burglary followed by common larceny.
Technical clandestine information gathering
Illegal technics of coopting people within the target organization to act on behalf of a sponsor, through blackmail or reward. Should be considered a variation of this technique, called “cooptation of useful innocent”, which consists in making a collaborator provides data without realizing the gravity of what you are doing, to ignore the true intent of the agent, who disguises through some subterfuge creative and seemingly innocent.
Illegal technics of enter upon the achievement of a normal selection process, agents in key positions in the target organization to raise and transmit data of interest.
I call ‘first line Intelligence’ that one which surprises their targets, mainly because it acts secretly and gets right to the point of interest. We can point to several recent cases of espionage with this “digital” in Brazil. For instance, in “Secrecy and Democracy,” Oswald Le Winter, former CIA (Central Intelligence Agency, U.S.), the author clarifies the intercepts of phone calls occurred in 1995 on the Brazilian authorities and company executives of the French Thomson, about a radar system that the Brazilians wanted to acquire to monitor the Amazon area. The U.S. firm Raytheon, also interested in the dispute, effectively spied on the links, and in possession of confidential information, has benefited, in the case of the Amazon Surveillance System (SIVAM), a deal that surpassed the figure of $ 1, 3 Billions US dollars. For better assimilation of the potential risk of subtle techniques applied by intelligence officers, I describe, next, the most threatening ones:
- Data Extraction: Two people can engage each other in a seeming normal conversation, but it is not, since one of them (the agent), hides his real goals, during the conversation, and protects his identity in order to obtain relevant information from another previously indicated. The technique is to let the target comfortable enough to wander about the desired informational inputs, almost always free of guilt, the “leak” of relevant sensitive information. It is an invasive practice which has recognition problems, but unable to prevent the targets from lies, or they can refuse to answer certain questions.
- Social Engineering: Using planned, covert, deliberate and intentional personal sympathy, seduction, influence, persuasion, lies and vile purely to attract, persuade, deceive, manipulate and obtain conscious cooperation and often on involuntary of one or more people, all with the purpose of gaining features, advantages and mainly a potential access to data and information of high interest of the agents, in person, at a distance, or a combination of both modalities.
- Listen Clandestine: It is generally enough for agents posting favorably in relation to targets listen to (or capture) talks, even without the aid of specialized equipment. In certain situations, one can use sophisticated and discrete devices to film and record at a distance with crystal — clear quality even in low light, and eliminate environmental noise through filters.
- Clandestine Entry: Invasion of private property, vehicles, hotel’s rooms in hotels and business or government facilities to take or copy documents, correspondence and trash, or to install or to collect electronic surveillance devices previously installed.
- Electronic Intercept: It’s a classic and important mode to obtain other’s information, in general using illegal interception of phone, using electronic devices able to collect the flow of voice and data communications.
How to protect our personal
I recall the common concept that there is no unachievable target, therefore I say it is appropriate and necessary to set aside any shred of ingenuity in the face of actual facts and take a proactive and professional stance, clear and objective against acts of espionage. First of all, know in advance your own security vulnerabilities (including the company’s), then act to minimize them, by participating in constant and updated tech training with objectives aimed at protection and always opt for decisions supported by common sense before risk situations.
Obviously, these measures are just the first steps on the scale of the necessary staff expertise within the company. They tend to improve the security status of professionals, amid ubiquitous and illegal attempt to capture information in hazardous environments. For those I suggest effective attitudes easy to perform by those comrades who seek protection against espionage:
- When away from work, turn off the computer or set to hibernation mode.
- At the end of the workday, lock drawers and files. Documents and reports, including the old ones, should be stored properly, or even destroyed if not needed. Locking doors and check the latches of the windows is also recommended, even if the office is located in the company’s internal dependency or in a building’s upper floor.
- Without it becomes obsessive, try to leave some small traps to the intruder “leave the signature” at coming into your room and accessing documents and computer: a role slightly leaning to the phone, the laptop in a certain position, an open agenda in our chosen page, imperceptible triggers that will indicate unauthorized access.
- Answer the phone calls in formal and professional way, measuring your words well in case of inadequate or trick questions. This is a basic care to protect the organization against invasive processes of social engineering. Give preference to requests about products information or services submitted in writing (e-mail).
- Grind sketches and scraps of paper containing sensitive information, and timely, important documents that are no longer needed, as I said, garbage configures an excellent resource to be exploited by spies, due to carelessness and improper functioning of the false sense that only the cleaning elements manipulate the public.
- Be very careful with the information you want to share on social networks. It’s wrong to believe there are always well-intentioned people participating in networking sites and WEB that these people work for free for the amusement of others. Social networks consist also in negotiable databases, which store addresses, names and other sensitive information that are easily accessible. By providing ideas and images that could identify individuals or organizational employees, remember you’re representing, not only you, but your family and the Company.
- In case of travel, be upfront, plan and seek to learn about all the security conditions prevailing in the area you will act, and also learn about the people who you will interact in with these environments.
- Instead of carrying the laptop in typical suitcases, which attract the attention of opportunistic prefer to disguise it in a briefcase or backpack, if you opt for the backpack, remember to carry it in the front of the body.
- Unless you receive specific guidance, do not provide personal or functional data to third parties and do not discuss service matters with strangers, travel agents and intermediaries or disclose information about the Company and the work in progress. • Ignore or avoid compromising conversations and suspicions questions. If this is not possible, respond to callers in a polite but noncommittal manner.
- In airports, subways and any external events, take extra care in cases of suspicious approaches, apparently casual, especially those made by well-articulated and attractive opposite sex.
- The commercial area employees are especially encouraged to communication and visibility, essential characteristics for success in your activity. These fellows need to be more attentive than others, because they are naturally more accessible than the others approaches from strangers.
- In risky environments do not leave visible vulnerable mobile devices such as laptops, tablets, etc., nor forsake in safes or hotel suites.
- Keep in separate the processing devices and storage media of sensitive information.
- It is recommended that your business card contains only sufficient information for institutional presentation of the employee and the Company’s name, address and phone numbers. Additional data may be added on the back of the card by hand, when and if necessary.
- Do not address sensitive issues in public transportation, elevators, restaurants, stations or other public places. If a co-worker asks about a sensitive issue, move the conversation to another topic. We never know who is listening.
- Never use unfamiliar interlocutor’s equipment to process or transmit sensitive information.
- As soon as possible, report to a proper channel, all suspicious incidents experienced.
Keeping a low profile visibility
In certain cases, considering regional characteristics, it may be difficult to establish and maintain a low profile visibility while performing work outside of headquarters. A simple tour of duty with the holding of thematic presentations, you can join the professional of government programs and important and sensitive corporate projects, which end up being attractive to practice adverse actions, such as espionage.
Behaving in an unusual manner on a daily basis in a large Brazilian metropolis like São Paulo, Rio de Janeiro or Brasilia can, in certain situations, arouse unwanted attention from malicious people. Attitudes like these are enough to significantly reduce the security status of the professional in public.
To maximize discretion in risky areas, it is prudent not to use uniform, corporate logos and buttons in public. A simple demonstration of depth domain knowledge about a specific and relevant topic reinforces the status of an intelligence target for first-line rival, and also for criminals who are always lurking.
The use of exaggerated and ostentatious means of protection can increase the security risk, because the procedure may clash over what is usually adopted by the group, eventually placing the person at an unusual focus of attention. Other risk behaviors should be avoided at all costs, such as the acquisition of objects not allowed by law, cohabitation, albeit fleeting, with people of ill repute, the consumption of narcotic substances, including alcohol and congeners, and some common practices in business travel.
Technology that facilitates the espionage practice
Cyber-espionage poses an exponential threat worldwide, Brazil being no exception. There is an increasing demand for safeguarding protected informational inputs from governments and also businesses secrets. Note that digital security experts have reported in the press that Latin America recorded significant annual growth of offensives, whereas in countries like United States, Australia and Canada, statistics indicate a decrease.
The criminal intangible assets subtracting, customarily performed by “insiders” and their co-opted, is changing format, and each passing day, it becomes easier and cheaper to get remotely sensitive information from an organization. The intensive use of Internet social networks associated with the proliferation of smartphones and tablets in corporate connections, and facilities to carry in their pockets proprietary information have inspired dangerous security vulnerability. Without a trace, hackers and spies can invade the fixed and mobile devices, and they may even have access to better protected corporate databases.
Far from willing to turn this subject into major theme paranoia, I add that the standard operating protection procedure usually suggested to executives who travel by trenches Latin America recommends the following:
- Do not use mobile phones, tablets and notebooks of own. Use pre-prepared corporate devices whose information content is extracted before departure and after arrival.
- Choose strong passwords, subjecting them to a safety test. Remember that in addition to personal, nontransferable, password possesses the feature of irreversibility, in other words, the holder cannot deny its authenticity, in case the same leak, for negligence, malpractice, even if in good faith.
- Do not enable Bluetooth or Wi-Fi functions, keeping your phone within reach and sight.
- During service meetings, turn off your phone and remove the battery from the device as it is technically possible to remotely turn on the microphone.
- Connect to the Internet only via encrypted channel (VPN) with password like “copy and paste” from an inserted USB drive (token).
- Transmit sensitive data information only by a secure channel, controlled and knowledgeable by the organization on the other end.
- Use only USB drives with encryption system to process sensitive information.
- Do not get people in hotel suites to handle confidential matters because there is a great possibility of being monitored by imperceptible electronic devices.
- Avoid being the target of lip-reading in risky situations by discretely covering part of face and mouth while using a mobile phone or addressing interlocutors in public talking about critical issues.
Ignoring espionage is dangerous, especially when operating in hazardous environments. Any informational input can be obtained without authorization, support or knowledge of the people or organizations (targets). The world is increasingly driven by business intelligence, which makes protection issues more complex and expensive.
For this to be feasible in corporations there must be good coordination between the internal sectors of Technology and Counter-Intelligence (Security). https://www.microsoft.com/pt-br/security/pc-security/password-checker.aspx
Finally, I assert that opposite to what many people think — which is most likely the result of what is seen in adventure movies, the practice of espionage in countries such as Brazil is not only about persecution in shantytowns, furtive meetings in the suburbs areas of large cities or in social sophisticated gatherings cut. It occurs most often in common use spaces, offices, happy hours and coffee breaks, mainly through the use of fleeting human abilities to perceive, seduce and persuade, when, what really counts is gain a competitive advantage. Protecting yourself from eavesdropping is a constant challenge, a goal to be pursued during the daytime by any conscious professional.