Industrial Espionage in Cyberspace
In this sample chapter from Computer Security Fundamentals, 5th Edition look into the hidden world of industrial espionage and its dangers. From trade secrets to cyber attacks, corporations face a rising threat. Explore real-world cases and learn how to safeguard your organization.
Chapter Objectives
After reading this chapter and completing the exercises, you will be able to do the following:
Understand what is meant by industrial espionage
Explain the dangers of industrial espionage
Understand the low-technology methods used to attempt industrial espionage
Be aware of how spyware is used in espionage
Know how to protect a system from espionage
Introduction
Espionage is not just for nation-states. Corporations have valuable intellectual property. Whether it is trade secrets, marketing data, or pending financial moves, this data can be quite valuable—and this brings us to the topic of industrial espionage. When you hear the word espionage, perhaps you may conjure up a number of exciting and glamorous images. Perhaps you have visions of a well-dressed man who drinks martinis, shaken but not stirred, traveling to glamorous locations with equally glamorous travel companions. Or perhaps you envision some exciting covert operation with highspeed car chases and guns blazing in faraway exotic lands. Espionage is often much less exciting than those popular media portrayals. The ultimate goal of espionage is to obtain information that would not otherwise be available. Generally, espionage is best done with as little fanfare as possible. Information is the goal, and blazing gun battles and glamorous locations are unlikely and would result in unwanted attention. If possible, it is best to obtain information without the target organization realizing that its information has been compromised.
Some people assume that such spying is only engaged in by governments, intelligence agencies (such as the CIA, NSA, MI6, FSB, and so on), and nefarious international organizations, such as Al-Qaida or ISIS. While those entities absolutely engage in espionage, they are certainly not the only organizations that do so. The aforementioned organizations desire to acquire information for political and military goals. As previously discussed, corporations can have valuable information. With billions of dollars at stake, a private company can become engaged in industrial espionage as either a target or a perpetrator. What company would not like to know exactly what its competitor is doing? In fact, corporate or economic espionage is on the rise.
The boundary between industrial espionage and the activities of intelligence agencies is becoming blurred. There have been numerous cases of industrial espionage against Western nations that at least appear to have been supported by foreign intelligence services. Tech companies have often been the targets of such attacks. In fact, there have been multiple warnings of nation-state actors targeting companies. In May 2022, the New York Law Journal published an article about nation-state actors using cyber attacks to go after sensitive information of corporations.1
While most experts believe that corporate espionage is a substantial problem, it can be difficult to assess how big the problem is. Companies that perpetrate corporate espionage do not share the fact that they do it—for obvious reasons. Companies that are victims of such espionage often do not wish to reveal that fact either. Revealing that their security was compromised could have a negative impact on their stock value. It is also possible, in certain cases, that such a breach of security might open a company to liability claims from customers whose data may have been compromised. And in some cases, the victim might not be aware of the breach. For these reasons, companies often are hesitant to disclose any industrial espionage activities. Because you will want to protect yourself and your company, it is important that you learn about espionage methods and protections. In the exercises at the end of this chapter, you will work with some of the tools you have learned about so far in this book—antispyware, key loggers, and screen-capture software—so that you can learn how they work and, hence, become cognizant of the risks they pose.
In May 2022, Xiaorong You of Lansing, Michigan, was convicted of conspiring to commit trade secret theft, economic espionage, wire fraud, and other charges. In this case, the secrets at issue involved formulations for coatings inside beverage cans. You was accused of stealing the secrets for use in setting up a new company in China.2 In 2019, Forbes ran an article on spying incidents at Apple Inc.3 In the cases examined in this article, the line between corporate espionage and state-sponsored spying was blurry. In one of the cases, Apple employee Jizhong Chen was accused of stealing trade secrets related to self-driving cars and providing them to the Chinese government. The same article estimated the cost of corporate espionage at $1.1 trillion per year.
This is a global problem. In 2021 a Swedish court convicted Kristian Dimitrievski of stealing confidential information from truck and bus manufacturer Scania and selling that information to a Russian diplomat.4