- A QUESTION & ANSWER SESSION WITH DR. ROBERT ING, D.Sc., F.A.P.Sc.
- AUTHOR OF "IMPROVISED TECHNOLOGY IN COUNTER-INTELLIGENCE APPLICATIONS."
- (Copyright 1997 by Limelight Books, a div. of Tiare Publications)
- Q: How much of a threat is corporate espionage to a medium sized company
- compared to a large corporation?
- A: Corporate espionage is a threat to any business whose livelihood
- on information. To a medium sized company in the service sector, the
- information could take the form of detailed client lists or supplier
- agreements. To a large corporation, the target information could be
- materials on/or plans for a new product or service; or the company
- strategy. Regardless, should any of this information find its way to
- competitor, this would surely have a devastating effect on business.
- Q: What are the basic security measures you would recommend for any
- A: The basic first line of defense against any form of corporate espionage
- is a two-pronged approach. Controlled access and knowing your employees
- and customers. Controlled access means using good quality deadbolt
- and steel clad doors at your place of business, adequate security lighting
- at night, and installing a monitored alarm system on the premises.
- information concerning your business should be kept under lock and
- only those who need to know or use this information should have access
- Knowing your employees means verifying the backgrounds of new employee
- applicants or employees assigned to work on sensitive projects. Confirm
- they are who they say they are and not an undercover operative looking
- photocopy company secrets for profitable sale to your competitor.
- Knowing your customers means not freely providing detailed pricing,
- "satisfied customer lists," or other information without
first verifying the
- legitimacy of the request. This can easily be done by asking the person
- telephones, specific information such as their name, company name,
- and telephone number, and then offering to call them back with, or
- information to them. For information requests by mail, return address
- other information provided with the request should be noted. Regardless
- the method of the request for company information, the information
- by the person making the request should be confirmed through the telephone,
- city, or industrial directory. Many companies have generic overview
- brochures that are used for such "cold" requests. These brochures
- general details on the company without divulging the names of customers,
- suppliers, and pricing data. It may sound incredible but a national
- survey found that 4 out of 10 businesses actually give out information
- telephone and in their marketing literature that could be used to increase
- the business of their competitors!
- Q: There is so much business information stored on computers, is there
- any way of protecting it from prying eyes?
- A: Sensitive information about your business should never be stored
- computer network, but kept on a stand-alone computer which has no connection
- to any other computer or telephone line. This computer must be kept
- separate locked office or room at all times, and must also have anti-virus
- and password security software. This computer must be checked for viruses
- on a weekly basis and the password used to access files must be changed
- as often. The computer hardware must be locked or bolted down to a
- large piece of furniture or to the floor or wall. It is also in your
- interest to place a security device known as a disk drive lock over
- disk drive bays of your computer to stop anyone from making a copy
- files on a floppy disk, or worse, inserting a disk and placing a virus
- the computer. The disk drive lock can only be easily removed with a
- Q: We often hear of hackers breaking into e-mail and voice mail systems.
- Can anything be done to reduce this risk?
- A: Change your password often and if your system permits, make your
- a combination of numbers, letters and punctuation marks for e-mail,
- and the "#" and "*" keys for telephone voice mail
systems. Another point
- worth mentioning is, never leave a voice mail message or e-mail broadcast
- message that gives your exact business itinerary or names and telephone
- numbers of clients or key people in your organization where you can
- reached. This information could be useful to both a hacker and competitor.
- If you're not in the office or are out of the city, just say so and
- when you'll return, or the e-mail or telephone extension of who's filling
- in for you - nothing more.
- Q: The Internet is rapidly becoming a business tool. How secure is
- A: While many companies currently doing business on the Internet have
- every security measure that is technically possible, I would still
- caution and would not use the Internet to transfer sensitive information.
- If pressed and I had no choice but to send a file or document across
- Internet, I would convert the text to a code or cipher and then break
- document into at least two or more sections depending on its size.
- broke the document into only two parts, part one would contain even
- pages, part two odd. I would then send either part one or part two
- Internet provider/account and then send the remaining part some hours
- from another Internet provider/account. Of course the recipient would
- to know how to decode the document and the number of parts making up
- document. The most important advice here is if there are other, more
- methods of transferring sensitive information, use them. The Internet
- excellent public system, but it is very public-accessible.
- Q: It has been said that sending information by FAX is much more secure
- than discussing it over the telephone. Is this true?
- A: While this could have been said twenty-five years ago when telephone
- facsimile technology was only available to those with deep enough pockets,
- it is not true today. A person with a digital recording device, monitoring
- your FAX line can record your FAX transmissions and receptions, play
- recording back into a modified Group III or Group IV FAX machine and
- an exact copy of your message without your knowledge. Even without
- your FAX line monitored, a FAX sent to a "communal" FAX machine
- ends up getting read by several office staffers before it gets retrieved
- from the incoming FAX basket for delivery to you. The answer to this
- always convert the document into a code or cipher and have a FAX machine
- only you have access to. Better yet, don't use a FAX machine to send
- sensitive information.
- Q: There are several telephone services such as banking by phone, telephone
- ordering services, and credit card account information by telephone
- a few, that rely on the user entering account numbers and passwords
- telephone keypad. How secure is this?
- A: For most ordinary citizens it is fairly secure but it is not completely
- without risk. Should someone happen to monitor your telephone call,
- by picking up an extension or by tapping your telephone, they can either
- record the tones that represent your account number and password using
- tape recorder, or attach a special device to the line that will provide
- a decoded print out of each key that you pressed when you entered this
- information. The tape recording may be played through a decoding device
- at a later time or the recording itself may be replayed through the
- by an unauthorized person to gain access to your account. Never use
- services from a cordless or cellular telephone. Use these services
- caution and discretion.
- Q: In the past we have seen in the news several examples of how cellular
- cordless telephones can be monitored by anyone with a scanner radio
- With new privacy legislation and new and improved telephones boasting
- and secure features, has the ability to listen in on cellular and cordless
- telephone conversations become a thing of the past?
- A: The potential of someone being able to listen in to your cellular
- cordless telephone conversations will always exist. Passing laws to
- this activity illegal only placates special interest groups in the
- industry and gives consumers a false sense of security. Likewise, many
- the new privacy and secure features offered on cellular and cordless
- telephones only provide privacy protection from about 70% of those
- do so prior to the introduction of these new features. As for the other
- they possess the necessary technical skills to adapt their equipment
- monitor most of the telephones with the newer features. This is the
- reason why you should never discuss private or sensitive business on
- telephones. Likewise, avoid giving telephone numbers, addresses, account
- numbers, client names, or using a person's full name on these telephones.
- The golden rule of privacy when using a telephone is, if it doesn't
- cord connected between the handset and its base . . . it can be monitored
- by anyone with a radio receiver within a one mile radius.
- Q: Are two-way radios and pagers more secure than using cellular or
- A: Absolutely not! Using a computer, special software, and a radio
- all messages sent to a numeric or alphanumeric pager can be received,
- and read. Two-way radios are easily monitored by anyone who has a scanner
- radio receiver. Many businesses who dispatch vehicles to regular clients
- use code numbers or names to identify client names and locations to
- the risk of having their competitors compile a new customer list at
- expense. Regardless of how secure you are told it is, never discuss
- or sensitive business matters when using a two-way radio.
- Free use of all or part of the preceding is authorized provided the
- credit is given: Dr. Robert Ing, D.Sc., F.A.P.Sc., is the author of
- "Improvised Technology in Counter-Intelligence Applications,"
- Tiare Publications/Limelight Books, which details inexpensive methods
- determining whether one is under electronic surveillance. The manual
- available from the publisher for US$29.95 plus US$3.00 shipping &
- To order, or to arrange a more detailed personal interview, please
- the publisher at 1-800-420-0579 or (414) 248-4845.
- INDUSTRIAL ESPIONAGE CAN KILL YOUR BUSINESS
- 72% of businesses which have not taken measures to reduce their vulnerability
- to industrial espionage, and suffer a resulting loss, will go out of
- within two years, according to a survey conducted by the Canadian Security
- Intelligence Service. The same survey indicates that 43% of American
- corporations have had an average of six incidents involving corporate
- An increase in unemployed intelligence officers since the Cold War
- the proliferation of advanced technology has made corporate spying
- easier. Dr. Robert Ing, author of the recently published, "Improvised
- Technology in Counter-Intelligence Applications," says that "instead
- missile launch codes, the new targets of choice are technological and
- scientific data concerning flat-panel TV, electric cars, new computers,
- competitive strategies, and innovative manufacturing/distribution processes."
- "Even a whiff of such a security breach can cause a company's
stock prices to
- tumble, or a deal to fall through," says Dr. Ing. That may be
the reason why
- 42% of the companies which replied to a 1995 survey by the National
- Intelligence Center said they had not reported suspected incidents
- corporate espionage to authorities.
- "The ability of field investigative and corporate security personnel
- detect and neutralize electronic surveillance devices is of paramount
- importance in the reduction of losses due to corporate espionage,"
- "However, equipment used to detect these devices is only available
- limited sources, and the very presence of such equipment may draw unwanted
- attention. Furthermore, with cost cutting measures being applied in
- public and private sectors, the premium prices of such equipment and
- cost of training non-technically inclined field staff to use it is
- difficult to justify."
- Improvised Technology in Counter-Intelligence Applications gets around
- obstacles. Based on material Dr. Ing developed for the workshops he
- for field personnel of U.S. and Canadian government agencies, this
- the only up-to-date reference which provides practical methods for
- "bug" detection without the need for expensive equipment
- technical knowledge. The manual was written specifically for non-technical
- field staff and intelligence officers. It presents improvised methods
- the effective detection of telephone taps, hidden radio and infrared
- transmitters, as well as video cameras and vehicle tracking devices.
- Originally restricted to federal intelligence officers, the information
- given in Dr. Ing's workshops is now available to the public and to
- private law enforcement, security and investigative communities.
- If you need to know if your privacy is being compromised electronically,
- don't have the budget to buy highly specialized equipment - or the
- background to operate it - this manual is your answer.
- Improvised Technology in Counter Intelligence Applications is available
- US$29.95 plus US$3.00 shipping/handling from Tiare Publications/Limelight
- Books, P.O. Box 493, Lake Geneva, Wisconsin 53147, U.S.A. Visa/Mastercard
- orders: 1-800-420-0579 (M-F, 0900-1700 CST).
- BIOGRAPHY: DR. ROBERT ING, D.Sc., F.A.P.Sc.
- Dr. Robert Ing has been involved in radio and telecommunications since
- early 1970's. He has degrees in Forensic Science, Electrical Engineering
- Technology, and holds a Doctor of Science degree in Radio Communications
- Engineering. He holds appointments as Adjunct Professor in Electrical
- Engineering at LaSalle University (U.S.), Senior Board Member of the
- Electronics Technicians Association International, a former Director
- of the International Society of Certified Electronics Technicians,
- is a professional member of the Armed Forces Communications & Electronics
- Association. Dr. Ing is also listed in Canadian Who's Who, Ontario
- Who, and International Engineering & Technology Who's Who.
- Dr. Ing has given workshops and lectured extensively on electronic
- intelligence (C4CM) and improvised technology issues under the auspices
- the federal governments of the United States and Canada. Other areas
- activity include workshops, training, and consulting for corporations
- the private security industry on executive protection, privacy and
- of interest. Based in Toronto, Canada, he enjoys amateur radio and
- automobiles when he can take time from his busy schedule.
- For further information on workshops/training, or to arrange an interview
- with Dr. Ing you may contact him via the Internet:
- email@example.com OR firstname.lastname@example.org