Forgot your password?
typodupeerror

HOWTO Commit Corporate Espionage 97

Posted by CmdrTaco
from the do-you-hear-what-i-hear dept.
bart_scriv writes "Worried about who might be spying at your company? Businessweek looks at the latest in espionage gadgets and technology in response to the recent HP boardroom scandal. The article looks at devices designed for counter-espionage, which range from mundane confidential email services to sophisticated camera and listening-device detectors. '...for every method of spying, there's a counteroffensive. One of them is the eavesdropping protection kit, manufactured by Dynasound in Norcross, Ga. To secure a room in an office building, devices are placed on ceiling plenums, floors, HVAC ducts, doors, walls or windows — basically anywhere voices can travel.'"
This discussion has been archived. No new comments can be posted.

HOWTO Commit Corporate Espionage

Comments Filter:
  • Yeah, that'll work (Score:3, Insightful)

    by Aliencow (653119) on Wednesday October 04, 2006 @09:52AM (#16304701) Homepage Journal
    WHO GOES THERE? Another protection: vanishing e-mail. Called VaporStream, the system lets people send e-mails that cannot be tracked, copied, forwarded, or printed--leaving no trail. Users pay $39.99 a year to subscribe to the service and must log into the site every time they want to send a confidential e-mail. Wow, I'm sure nobody will ever find a way to print it out or take a screenshot of it.
    • Re: (Score:3, Insightful)

      by owlnation (858981)
      Yes, but since the major preoccupations of anyone who works in Corporatia are, "covering your ass" and "passing the buck", I don't think that anyone will have any use for email you can't store and use as a future weapon against one of your backstabbing brown-nosing colleagues.
    • by Instine (963303)
      yer the print protection sounds like a fairly stupid claim too far.

      FTFA I REALLY like the lazer listener idea though. How clever is that! I want one now. But I'm not going to falk out 50,000USD for it. I'm quite sure that I could build one for less than a grand.
      • by plover (150551) *
        A friend of mine did that over 20 years ago when he was a kid, using just a homebuilt Heathkit HeNe laser. He shined the laser on a window, and aimed a telescope at the window. He taped a CdS photocell at the focal point of the telescope and built it into a simple audio amplifier. Even with that crude setup he was able to make out that loud sounds happened inside the house from across the street.

        I bet using a modern phototransistor matched to the wavelength of an off-the-shelf laser diode plus a $100 Ta

        • by Smallpond (221300)
          I was trying to think of a good, cheap countermeasure. I guess gluing a small speaker to the window connected to a white noise generator (or the company music-on-hold system) would work.
          • by plover (150551) *
            Right idea, but music is a poorer choice than white noise. A sophisticated eavesdropper could acquire his own copy of the music you use, and "subtract" the known waveform from the received waveform, leaving just the ambient room sounds. If the volume of the music makes you talk louder, it's all the better for the listener.

            And just so you don't think you're safe just because you're IMing over an SSL port, with the proper sensor (a Hamamatsu H6780-01 photosensor module) the same telescope can be used to s

    • by sootman (158191)
      Wow, I'm sure nobody will ever find a way to print it out or take a screenshot of it.

      Or take a picture of the screen. My monitor is 1600x1200 and my camera is 2048x1536. It takes "screenshots" just fine.
  • by krell (896769)
    Do these guys also sell a cell phone built into a shoe, go to with the cone of silence?
  • by ian_mackereth (889101) * on Wednesday October 04, 2006 @09:54AM (#16304721) Journal
    I had occasion to visit the office of a major oil company CEO in Melbourne (Australia) a few years ago, while it was being fitted out.

    Along with the obvious requisites like the bedroom and the seperate airconditioning (he was the only person in the building allowed to smoke!), the windows were double-glazed and had a white-noise generator in between the panes to foil any sneaky lasers from other oil companies' CBD high-rises!

    I was at first bemused at the expense of it all, but then I thought about the millions he'd get as salary, and the hundreds of millions affected by the decisions made in that office, and thought better of it...

  • by tygerstripes (832644) on Wednesday October 04, 2006 @09:55AM (#16304735)
    God knows I don't get anything out of our meetings, so how some industrial spy is supposed to is beyond me. Serve them right if they absorb non-productivity osmotically...
    • Sounds like you've got the kind of envrionment that precipitates Bozon Cloud formation ...

      Bozon: A quantum unit of stupidity.
      This term I picked up from Headcrash (Roadkill on the Information Superhighway) by Bruce Bethke. A very entertaining read, I might add. Bruce himself is a great guy too, as I discovered while he was our Special Guest at the last Chattacon (a Science-Fiction convention in Chattanooga). I could say something about the ProctoProd(tm), but I don't want to ruin the book.
    • by dptalia (804960)
      I had this really scummy guy who kept trying to hit me up for insider information... I always told him I was looking for outsider informatin! The outsiders always seemed to know more than us poor peons....
    • by garwain (688087)
      I hear you there... Nothing beats spending 4 hours sitting there drinking coffee, then walking out asking a co-worker if he had any idea what the purpose was. Only thing I find worse than an office meeting is a church meeting, that I'm not paid to attend, but don't seem to have much choice...
  • by dankstick (788385) on Wednesday October 04, 2006 @09:57AM (#16304771) Homepage
    Problem Solved [wikipedia.org].
  • How about a thumbdrive? With capacities seemingly doubling every couple months, it should be real easy to swipe off a good amount of data.
    • Re: (Score:3, Informative)

      by z0idberg (888892)
      That has a low-tech solution. Do what my (very large) company does and have Windows NT as the standard desktop. No USB support. Shithouse when you need to run any software made this century but hey! no USB support!
  • by TrueJim (107565) on Wednesday October 04, 2006 @10:00AM (#16304831) Homepage
    Note that corporate espionage for the purpose of uncovering Trade Secrets is generally illegal in the U.S. That's why companies mark documents as "proprietary," for instance; doing so identifies the document as something that the company considers a trade secret. If you use corporate espionage techniques to obtain such a document (i.e., if the company doesn't exercise due diligence in making sure that such documents aren't publicly disclosed) then relevant Trade Secret laws would apply.
    http://en.wikipedia.org/wiki/Trade_secret [wikipedia.org]
    • Interestingly (Score:4, Interesting)

      by k2r (255754) on Wednesday October 04, 2006 @11:01AM (#16305803)

      the US / NSA has been proven to use echelon for industrial espionage in other countries eg. on Enercon in Germany: www.europarl.eutopa.eu, search for "Enercon" [europa.eu]. It's quite difficult to find anything in English on this, but there's a lot of stuff in German about this case.

      k2r

      • Re: (Score:1, Insightful)

        by Anonymous Coward
        I'm in the Netherlands, and a former colleague told me he was offered a IT job once by an US company into "filter software", you know, monitor your employees surfing behaviour etc., but in reality it turned out to be the NSA. They wanted him to outsource him to work "on location" at one of their biggest customers, a huge oil company. They told him getting in and getting the job was easy because the head of IT was also employed by them... They also told him they were in a lot of countries and governments, of
  • by castlec (546341) <castlec.yahoo@com> on Wednesday October 04, 2006 @10:03AM (#16304891)
    cvs commit -m "added more theft options." corporate_espionage.c
  • by neo (4625) on Wednesday October 04, 2006 @10:07AM (#16304953)
    Sure, I've collected all this great data, but now how to I find a buyer? Do I just walk up to the competition's CEO and say "Hey, I got the goods on company XYZ, how much is that worth to you?" Do I take out an ad in the paper... or 2600? I need real answers.

    Seriously. I want this to be my full time job, but this article doesn't tell you shite.
    • by Billosaur (927319) *

      Sure, I've collected all this great data, but now how to I find a buyer?

      we-buy-secret-corporate-info.com

    • Re: (Score:3, Informative)

      by frdmfghtr (603968)

      Sure, I've collected all this great data, but now how to I find a buyer? Do I just walk up to the competition's CEO and say "Hey, I got the goods on company XYZ, how much is that worth to you?"

      You could do something like that...

      http://www.washingtonpost.com/wp-dyn/content/artic le/2006/07/05/AR2006070501717.html [washingtonpost.com]

    • It's probably easiest to use it to extort money from the company you stole it from. That way, you don't have to bother actually finding a buyer, just threatening to should be enough.
    • Re: (Score:1, Informative)

      by h890231398021 (948231)
      That's what these people [washingtonpost.com] tried. Didn't work so well, though.
      • by gd23ka (324741)
        Which is why you shouldnt try to sell Audi secrets to Volkswagen. If at all
        go after their supply chain. The F500 as well as banks and insurances cooperate.
        If youre prepared to do the time, I would recommend small to medium sized businesses
        to whom you can indeed sell competitor information. Dont expect to be paid
        millions though.
    • by mutterc (828335)
      Sell it to the company's employees, who would probably love to know what's really going on.
  • Trade Secrets (Score:2, Interesting)

    by Sensi (64510)
    Sometimes it's as easy as walking by to get all the info you need.

    http://flickr.com/photos/reboof/259086845/ [flickr.com]
  • Three words (Score:1, Redundant)

    by Billosaur (927319) *

    Cone of Silence.

  • .. that you'll pay your money, open the boxes they send you to find that they all contain egg cartons and a few tubes of pritt-stick?
  • OK, so Slashdot is famous for putting marketing FUD on its main page, but even I don't get how putting anti-spy devices in would have prevented the head of HP from spying on people. (I can imagine the work order crossing the CEO's desk: "Hmmm...here's a request from some peon for a company anti-spy installation to prevent what I'm up to. Denied, ya' think?")
  • by Rob T Firefly (844560) on Wednesday October 04, 2006 @10:24AM (#16305235) Homepage Journal
    Thank you, Slashdot, for putting up a page with this title for me to read over the company's network. I was getting ready to be fired soon anyhow.
    • Re: (Score:3, Funny)

      by Billosaur (927319) *

      If you think that's bad, how do you think your employer feels when they see you reading about Uranus...

      Note: Ha-ha! Didn't expect a Uranus joke in an article on corporate espionage, did you?!?

      • Re: (Score:2, Funny)

        by tehcyder (746570)
        Ha-ha! Didn't expect a Uranus joke in an article on corporate espionage, did you?!?
        The person reading this over your shoulder is a complete fuckwit who enjoys wearing his wife's panties on his head while masturbating to horse porn videos and smoking crack cocaine.

        Ha-ha!

  • It's Easy (Score:2, Interesting)

    by Anonymous Coward
    If you have access to the network racks it's easier than you might think. Plug a microphone into an empty network socket, a patch lead from the microphone socket to a socket in your office, and an amplifier plugs into the wall socket in your office. Boardroom meetings were bugged like this for six years by a friend of mine and nobody noticed a thing.

    Bug sweeps might not find anything because no RF is emitted.
  • and we learn this from the most amusing of monkeys: the federal government.
  • $6000 and up for a white noise generator? WTF?? Anyone with basic electronics skills can build one with parts that will cost about $10. Anyone with basic coding skills can code one for free in about 10 min.

    Am I getting something wrong here, or did corporate greed just get worse?
  • Bugging an office has never been easier, now that data cables run into all of them!
  • Old toys (Score:5, Interesting)

    by TrueKonrads (580974) on Wednesday October 04, 2006 @10:54AM (#16305683)

    Most of the toys mentioned in article are pretty lame and sucky. Granted, for the PI or Spy that buys everything off-the-shelf, the counter-surveilance mentioned works, but otherwise it sucks, here's why (pont by point)

    White-noise generators assume that You have no access to the room or that it is impossible to plant a small piece on the person. Say, bump in "accidentally" into the CEO in question and place a 5 square milimeter chip. It will have an internal clock and mic. Once the CEO is out in fresh air, it will transmit the data back in one encrypted burst and destroy the information it had.

    Pretty much the same applies for cameras. One, you assume they are broadcasting within some pre-defined spectrum and do so all the time. Again, do a remote on/off or encrypted packet burst and such suverlance mechanisms fail. Besides, with advent of WiFi, if your super agent picks up emissions in 2.4Ghz range, he'll assume it's wifi and let it rest. Also, you can sramble the transmission, do a frequeny hop and bob knows what else.

    About that phone-line tap: Do we live in dark ages? Nobody has analogue phones and taps that feed off phone current.You can't detect it over ISDN lines (most offices) and it deosn't do anything for cell networks.

    No comments on vapourstream :)

    I have to admit, that the laser window snooping is the most effective in the list, as it is probably the easiest method and most reliable. For nice security, go low-tech : Have a friendly chat near a cooler (no windows), in a bath-house (most devices choke on humid air, transmission also would suck) or in a pool or sea (waves splashing, children, loud music).

    Besides, the entire chain of communications should be scure, aka TEMPEST approach - if once bit of wire is not tempest - entire chain is invalid. If one of the two persons in conversation, repeats what he heard over dinner table with his wife - what's the point?
    • I have to admit, that the laser window snooping is the most effective in the list, as it is probably the easiest method and most reliable.

      And that's the thing. Most industrial espionage is from disgruntled employees / former employees with lose lips. You can't solve this problem with electronics. Look at the HP thing: Sure the leaker used email to talk to the reporter, but he didn't have to. Remember Deep Throat?

    • Re: (Score:2, Funny)

      by drauh (524358)
      you've forgotten the Cone of Silence.
  • Try a Wall Clock with a wifi camera and microphone.

    Something like this: http://www.spycameras.com/item4.htm [spycameras.com]

    I'd look for a more real office type wall clock, but you get the idea. After all, what corporate meeting room doesn't have wifi?
  • by Stupidfat (1009173)
    In a related story, it was found in a co-relation study that there was a relationship between privacy advocation and parental status. It was found that parents with even a single child over the age of 6 months have learned to give less than a shit about privacy.
  • by Narcogen (666692) <narcogen@narcog[ ]com ['en.' in gap]> on Wednesday October 04, 2006 @11:43AM (#16306483) Homepage
    What does one have to do with the other? The HP scandal revolves around a leak at the very top-- a member of the board of directors who supplied inside information directly to journalists. What the heck do all these amateurish gadgets have to do with anything? And how is being aware of them or being able to protect oneself from them of any value when one of your own board members is giving information to the press? There's no technological silver bullet for that kind of problem. Trying to connect these two subjects is just silly.
    • Re: (Score:1, Insightful)

      by Anonymous Coward
      This is slashdot

      News for^H^H^H^H^H^H^H^H Nerds.^H^H Stuff that matters^H^H^H^H^H^H^H^H^H^H^H^H
  • Of course, it can also be difficult to hear the person on the other end of the phone.
  • Woot! Secret decoder rings! Invisible ink! See-bak-ro-scopes! And that great key to popularity, "Fool your friends!"

    And those X-Ray Specs... (do they really see through clothing? Better get a pair, it's the only way to find out! And even if you can't, you always get a reaction by pretending they do...)

    Gee whillikers, CEOs must be saying to themselves, now that I'm a big-deal important person, I can send away for ALL that stuff! Boy, will my friends be impressed when they realize my words are so important th
  • Low Tech and Cheap (Score:3, Interesting)

    by thorkyl (739500) on Wednesday October 04, 2006 @12:55PM (#16307713)
    Go to a garage sale and buy a TV put it on channel 13 with no antenna
        White noise generator

    Defeat laser listener
        Place radio on window sill with sub woofer pointed at glass

    Stop all eaves dropping
        don't talk us a #2 pencil and legal pad
          Shred the pad then burn the shredded paper then put the ashes in a bucket of water
  • I developed a secure phone software to be used by corporate users against espionage. It uses a Microsoft PocketPc or Smartphone, encrypt the voice using AES (Advanced Encryption Standard) with 256 bits key and uses Elliptic Curve Cryptography to do key exchange (ECDH 571 bits). I don't know if into US the corporate people can use this kind of huge cryptography. My site is at http://www.raseac.com.br/ [raseac.com.br] I think if your corporate people want some privacy, this product is a good solution.
    • Given the simple principle these things work on (voice transmission over crypto wrapped data channel) the prices charged for them are generally plain rediculous, and I've seen them all over the planet.

      Furthermore, unless the source is available for the product it will not be subjected to independent review, and any claim that it's thus 'the best' or even 'secure' is thus meaningless, as is your website claim "no backdoors to our knowledge". That claim would still be valid if you allowed a US NSA official s
      • by cesarbp (1009355)
        About "Given the simple principle these things work on (voice transmission over crypto wrapped data channel) the prices charged for them are generally plain rediculous, and I've seen them all over the planet.":
        Why not ask us about our price?.

        The main problem with source code to independent review is the fact of deploying sensible code to be copied and deployed under another product name.

        About "no backdoors to our knowledge" :
        It is under contract:
        The "no backdoors" exists in our product because we
        • by cheros (223479)
          I'm game for the price - I'll email you from your website.

          As for 'not publishing for fear of duplication' - I agree, that is on one hand a problem. On the other hand, it would allow others to pitch in as well, not to mention the fact that you could publicly be seen as having the best code. So, in the middle lies the question if your code could be reviewed under NDA by an independent party.

          I can see you commit yourself contractually to the 'no backdoors', but I'm observing the fact that such a committment
          • by cesarbp (1009355)
            Thank you for your nice words. I am a small developer that have done the things totally alone, including the site.
            About "The best" i wrote in my site, was about "one of the best" encryption specifications using key exchange, i corrected the errors i wrote previously, thank you.
            About "No backdoors", i agree with you, it is not a solution to the problem, but it is a good beginning.
            About "An independent evaluation", i agree with you, the best way is deploying the source code to an independent review under a
            • by cheros (223479)
              Well yes, but you're going to sell sod all if you don't respond to email queries asking for a price. I sent you 3 in total, so enjoy being a poor developer because you're not going to get an income from this without customers.

              And I stand by my comments - there is ALWAYS a potential for unintentional backdoors. Your assurances, although well intended, are not enough to sell in the security market. Without independent product evaluation you're asking people to believe you that it's not spyware infested, wi
              • by cesarbp (1009355)
                Dear Mr. Cheros.
                Sorry if i did not respond to your e-mail, i will see what is happening because i did not receive them.
                I personally reply all incoming e-mails my site receives and your information is very important for me.
                I will deploy a message page inside my site to allow direct messages and correct this problem.

                Again sorry for this problem, my product is a decent product, works well and i have customers using it for more than two years and they enjoy it a lot.
                Regards.
                Cesar.
  • i guess i'm not the only one who is a bot dissapointed by these spy gadgets, since they all seem a bit wannabe-james-bond.
    anybody know of real high-tech (or highly sneaky) gadgets that real spies use or used?
    one of my favourites was the Great Seal Bug [spybusters.com]
  • If you are conducting business about which you don't want others to know, then face-to-face is still the best. A wooded area, away from buildings, on a windy day is just good practice. Finally, never do shady things with people you haven't known all your life.
    • by jgercken (314042)
      Naw, that wouldn't be conspicuous at all. Honey I'll be back in 4 hours. I have to drive to the hills for another business meeting. Traditionally this has been done in strip clubs, or is that what you meant by "wooded area"?

Of course you can't flap your arms and fly to the moon. After a while you'd run out of air to push against.

Working...