A QUESTION & ANSWER SESSION WITH DR. ROBERT ING, D.Sc., F.A.P.Sc. - AUTHOR OF "IMPROVISED TECHNOLOGY IN COUNTER-INTELLIGENCE APPLICATIONS."
 
(Copyright 1997 by Limelight Books, a div. of Tiare Publications)
 
Q: How much of a threat is corporate espionage to a medium sized company
compared to a large corporation?
 
A: Corporate espionage is a threat to any business whose livelihood depends
on information. To a medium sized company in the service sector, the
information could take the form of detailed client lists or supplier
agreements. To a large corporation, the target information could be research
materials on/or plans for a new product or service; or the company marketing
strategy. Regardless, should any of this information find its way to a
competitor, this would surely have a devastating effect on business.
 
Q: What are the basic security measures you would recommend for any
business?
 
A: The basic first line of defense against any form of corporate espionage
is a two-pronged approach. Controlled access and knowing your employees
and customers. Controlled access means using good quality deadbolt locks
and steel clad doors at your place of business, adequate security lighting
at night, and installing a monitored alarm system on the premises. Important
information concerning your business should be kept under lock and key, and
only those who need to know or use this information should have access to it.
 
Knowing your employees means verifying the backgrounds of new employee
applicants or employees assigned to work on sensitive projects. Confirm that
they are who they say they are and not an undercover operative looking to
photocopy company secrets for profitable sale to your competitor.
 
Knowing your customers means not freely providing detailed pricing,
"satisfied customer lists," or other information without first verifying the
legitimacy of the request. This can easily be done by asking the person who
telephones, specific information such as their name, company name, address,
and telephone number, and then offering to call them back with, or mail the
information to them. For information requests by mail, return address and
other information provided with the request should be noted. Regardless of
the method of the request for company information, the information provided
by the person making the request should be confirmed through the telephone,
city, or industrial directory. Many companies have generic overview
brochures that are used for such "cold" requests. These brochures give
general details on the company without divulging the names of customers,
suppliers, and pricing data. It may sound incredible but a national business
survey found that 4 out of 10 businesses actually give out information on the
telephone and in their marketing literature that could be used to increase
the business of their competitors!
 
Q: There is so much business information stored on computers, is there
any way of protecting it from prying eyes?
 
A: Sensitive information about your business should never be stored on a
computer network, but kept on a stand-alone computer which has no connection
to any other computer or telephone line. This computer must be kept in a
separate locked office or room at all times, and must also have anti-virus
and password security software. This computer must be checked for viruses
on a weekly basis and the password used to access files must be changed just
as often. The computer hardware must be locked or bolted down to a very
large piece of furniture or to the floor or wall. It is also in your best
interest to place a security device known as a disk drive lock over the
disk drive bays of your computer to stop anyone from making a copy of your
files on a floppy disk, or worse, inserting a disk and placing a virus in
the computer. The disk drive lock can only be easily removed with a special
key.
 
Q: We often hear of hackers breaking into e-mail and voice mail systems.
Can anything be done to reduce this risk?
 
A: Change your password often and if your system permits, make your password
a combination of numbers, letters and punctuation marks for e-mail, numbers
and the "#" and "*" keys for telephone voice mail systems. Another point
worth mentioning is, never leave a voice mail message or e-mail broadcast
message that gives your exact business itinerary or names and telephone
numbers of clients or key people in your organization where you can be
reached. This information could be useful to both a hacker and competitor.
If you're not in the office or are out of the city, just say so and state
when you'll return, or the e-mail or telephone extension of who's filling
in for you - nothing more.
 
Q: The Internet is rapidly becoming a business tool. How secure is it?
 
A: While many companies currently doing business on the Internet have taken
every security measure that is technically possible, I would still advise
caution and would not use the Internet to transfer sensitive information.
If pressed and I had no choice but to send a file or document across the
Internet, I would convert the text to a code or cipher and then break the
document into at least two or more sections depending on its size. If I
broke the document into only two parts, part one would contain even numbered
pages, part two odd. I would then send either part one or part two from one
Internet provider/account and then send the remaining part some hours later
from another Internet provider/account. Of course the recipient would have
to know how to decode the document and the number of parts making up the
document. The most important advice here is if there are other, more secure
methods of transferring sensitive information, use them. The Internet is an
excellent public system, but it is very public-accessible.
 
Q: It has been said that sending information by FAX is much more secure
than discussing it over the telephone. Is this true?
 
A: While this could have been said twenty-five years ago when telephone
facsimile technology was only available to those with deep enough pockets,
it is not true today. A person with a digital recording device, monitoring
your FAX line can record your FAX transmissions and receptions, play the
recording back into a modified Group III or Group IV FAX machine and have
an exact copy of your message without your knowledge. Even without having
your FAX line monitored, a FAX sent to a "communal" FAX machine usually
ends up getting read by several office staffers before it gets retrieved
from the incoming FAX basket for delivery to you. The answer to this is to
always convert the document into a code or cipher and have a FAX machine that
only you have access to. Better yet, don't use a FAX machine to send
sensitive information.
 
Q: There are several telephone services such as banking by phone, telephone
ordering services, and credit card account information by telephone to name
a few, that rely on the user entering account numbers and passwords from a
telephone keypad. How secure is this?
 
A: For most ordinary citizens it is fairly secure but it is not completely
without risk. Should someone happen to monitor your telephone call, either
by picking up an extension or by tapping your telephone, they can either
record the tones that represent your account number and password using a
tape recorder, or attach a special device to the line that will provide
a decoded print out of each key that you pressed when you entered this
information. The tape recording may be played through a decoding device
at a later time or the recording itself may be replayed through the telephone
by an unauthorized person to gain access to your account. Never use these
services from a cordless or cellular telephone. Use these services with
caution and discretion.
 
Q: In the past we have seen in the news several examples of how cellular and
cordless telephones can be monitored by anyone with a scanner radio receiver.
With new privacy legislation and new and improved telephones boasting privacy
and secure features, has the ability to listen in on cellular and cordless
telephone conversations become a thing of the past?
 
A: The potential of someone being able to listen in to your cellular and
cordless telephone conversations will always exist. Passing laws to make
this activity illegal only placates special interest groups in the cellular
industry and gives consumers a false sense of security. Likewise, many of
the new privacy and secure features offered on cellular and cordless
telephones only provide privacy protection from about 70% of those who could
do so prior to the introduction of these new features. As for the other 30%,
they possess the necessary technical skills to adapt their equipment to
monitor most of the telephones with the newer features. This is the main
reason why you should never discuss private or sensitive business on these
telephones. Likewise, avoid giving telephone numbers, addresses, account
numbers, client names, or using a person's full name on these telephones.
The golden rule of privacy when using a telephone is, if it doesn't have a
cord connected between the handset and its base . . . it can be monitored
by anyone with a radio receiver within a one mile radius.
 
Q: Are two-way radios and pagers more secure than using cellular or cordless
telephones?
 
A: Absolutely not! Using a computer, special software, and a radio receiver
all messages sent to a numeric or alphanumeric pager can be received, stored,
and read. Two-way radios are easily monitored by anyone who has a scanner
radio receiver. Many businesses who dispatch vehicles to regular clients
use code numbers or names to identify client names and locations to reduce
the risk of having their competitors compile a new customer list at their
expense. Regardless of how secure you are told it is, never discuss private
or sensitive business matters when using a two-way radio.
 
****************************************************************************
Free use of all or part of the preceding is authorized provided the following
credit is given: Dr. Robert Ing, D.Sc., F.A.P.Sc., is the author of
"Improvised Technology in Counter-Intelligence Applications," published by
Tiare Publications/Limelight Books, which details inexpensive methods of
determining whether one is under electronic surveillance. The manual is
available from the publisher for US$29.95 plus US$3.00 shipping & handling.
To order, or to arrange a more detailed personal interview, please contact
the publisher at 1-800-420-0579 or (414) 248-4845.
*****************************************************************************
 
INDUSTRIAL ESPIONAGE CAN KILL YOUR BUSINESS
 
72% of businesses which have not taken measures to reduce their vulnerability
to industrial espionage, and suffer a resulting loss, will go out of business
within two years, according to a survey conducted by the Canadian Security &
Intelligence Service. The same survey indicates that 43% of American
corporations have had an average of six incidents involving corporate
espionage.
 
An increase in unemployed intelligence officers since the Cold War ended and
the proliferation of advanced technology has made corporate spying much
easier. Dr. Robert Ing, author of the recently published, "Improvised
Technology in Counter-Intelligence Applications," says that "instead of
missile launch codes, the new targets of choice are technological and
scientific data concerning flat-panel TV, electric cars, new computers,
competitive strategies, and innovative manufacturing/distribution processes."
 
"Even a whiff of such a security breach can cause a company's stock prices to
tumble, or a deal to fall through," says Dr. Ing. That may be the reason why
42% of the companies which replied to a 1995 survey by the National Counter
Intelligence Center said they had not reported suspected incidents of
corporate espionage to authorities.
 
"The ability of field investigative and corporate security personnel to
detect and neutralize electronic surveillance devices is of paramount
importance in the reduction of losses due to corporate espionage," says Ing.
"However, equipment used to detect these devices is only available through
limited sources, and the very presence of such equipment may draw unwanted
attention. Furthermore, with cost cutting measures being applied in both the
public and private sectors, the premium prices of such equipment and the
cost of training non-technically inclined field staff to use it is often
difficult to justify."
 
Improvised Technology in Counter-Intelligence Applications gets around those
obstacles. Based on material Dr. Ing developed for the workshops he conducts
for field personnel of U.S. and Canadian government agencies, this manual is
the only up-to-date reference which provides practical methods for electronic
"bug" detection without the need for expensive equipment and previous
technical knowledge. The manual was written specifically for non-technical
field staff and intelligence officers. It presents improvised methods for
the effective detection of telephone taps, hidden radio and infrared
transmitters, as well as video cameras and vehicle tracking devices.
Originally restricted to federal intelligence officers, the information
given in Dr. Ing's workshops is now available to the public and to the
private law enforcement, security and investigative communities.
 
If you need to know if your privacy is being compromised electronically, or
don't have the budget to buy highly specialized equipment - or the technical
background to operate it - this manual is your answer.
 
Improvised Technology in Counter Intelligence Applications is available for
US$29.95 plus US$3.00 shipping/handling from Tiare Publications/Limelight
Books, P.O. Box 493, Lake Geneva, Wisconsin 53147, U.S.A. Visa/Mastercard
orders: 1-800-420-0579 (M-F, 0900-1700 CST).
*****************************************************************************
 
BIOGRAPHY: DR. ROBERT ING, D.Sc., F.A.P.Sc.
 
Dr. Robert Ing has been involved in radio and telecommunications since the
early 1970's. He has degrees in Forensic Science, Electrical Engineering
Technology, and holds a Doctor of Science degree in Radio Communications
Engineering. He holds appointments as Adjunct Professor in Electrical
Engineering at LaSalle University (U.S.), Senior Board Member of the
Electronics Technicians Association International, a former Director
of the International Society of Certified Electronics Technicians, and
is a professional member of the Armed Forces Communications & Electronics
Association. Dr. Ing is also listed in Canadian Who's Who, Ontario Who's
Who, and International Engineering & Technology Who's Who.
 
Dr. Ing has given workshops and lectured extensively on electronic counter-
intelligence (C4CM) and improvised technology issues under the auspices of
the federal governments of the United States and Canada. Other areas of
activity include workshops, training, and consulting for corporations and
the private security industry on executive protection, privacy and topics
of interest. Based in Toronto, Canada, he enjoys amateur radio and
automobiles when he can take time from his busy schedule.
 
For further information on workshops/training, or to arrange an interview
with Dr. Ing you may contact him via the Internet:
74543.2716@compuserve.com OR ring@inforamp.net
OR via his publisher 1-800-420-0579.
 
RETURN TO NAIS NEWSLETTER