- A QUESTION & ANSWER SESSION WITH DR. ROBERT ING, D.Sc., F.A.P.Sc.
- AUTHOR OF "IMPROVISED TECHNOLOGY IN COUNTER-INTELLIGENCE APPLICATIONS."
-
- (Copyright 1997 by Limelight Books, a div. of Tiare Publications)
-
- Q: How much of a threat is corporate espionage to a medium sized company
- compared to a large corporation?
-
- A: Corporate espionage is a threat to any business whose livelihood
depends
- on information. To a medium sized company in the service sector, the
- information could take the form of detailed client lists or supplier
- agreements. To a large corporation, the target information could be
research
- materials on/or plans for a new product or service; or the company
marketing
- strategy. Regardless, should any of this information find its way to
a
- competitor, this would surely have a devastating effect on business.
-
- Q: What are the basic security measures you would recommend for any
- business?
-
- A: The basic first line of defense against any form of corporate espionage
- is a two-pronged approach. Controlled access and knowing your employees
- and customers. Controlled access means using good quality deadbolt
locks
- and steel clad doors at your place of business, adequate security lighting
- at night, and installing a monitored alarm system on the premises.
Important
- information concerning your business should be kept under lock and
key, and
- only those who need to know or use this information should have access
to it.
-
- Knowing your employees means verifying the backgrounds of new employee
- applicants or employees assigned to work on sensitive projects. Confirm
that
- they are who they say they are and not an undercover operative looking
to
- photocopy company secrets for profitable sale to your competitor.
-
- Knowing your customers means not freely providing detailed pricing,
- "satisfied customer lists," or other information without
first verifying the
- legitimacy of the request. This can easily be done by asking the person
who
- telephones, specific information such as their name, company name,
address,
- and telephone number, and then offering to call them back with, or
mail the
- information to them. For information requests by mail, return address
and
- other information provided with the request should be noted. Regardless
of
- the method of the request for company information, the information
provided
- by the person making the request should be confirmed through the telephone,
- city, or industrial directory. Many companies have generic overview
- brochures that are used for such "cold" requests. These brochures
give
- general details on the company without divulging the names of customers,
- suppliers, and pricing data. It may sound incredible but a national
business
- survey found that 4 out of 10 businesses actually give out information
on the
- telephone and in their marketing literature that could be used to increase
- the business of their competitors!
-
- Q: There is so much business information stored on computers, is there
- any way of protecting it from prying eyes?
-
- A: Sensitive information about your business should never be stored
on a
- computer network, but kept on a stand-alone computer which has no connection
- to any other computer or telephone line. This computer must be kept
in a
- separate locked office or room at all times, and must also have anti-virus
- and password security software. This computer must be checked for viruses
- on a weekly basis and the password used to access files must be changed
just
- as often. The computer hardware must be locked or bolted down to a
very
- large piece of furniture or to the floor or wall. It is also in your
best
- interest to place a security device known as a disk drive lock over
the
- disk drive bays of your computer to stop anyone from making a copy
of your
- files on a floppy disk, or worse, inserting a disk and placing a virus
in
- the computer. The disk drive lock can only be easily removed with a
special
- key.
-
- Q: We often hear of hackers breaking into e-mail and voice mail systems.
- Can anything be done to reduce this risk?
-
- A: Change your password often and if your system permits, make your
password
- a combination of numbers, letters and punctuation marks for e-mail,
numbers
- and the "#" and "*" keys for telephone voice mail
systems. Another point
- worth mentioning is, never leave a voice mail message or e-mail broadcast
- message that gives your exact business itinerary or names and telephone
- numbers of clients or key people in your organization where you can
be
- reached. This information could be useful to both a hacker and competitor.
- If you're not in the office or are out of the city, just say so and
state
- when you'll return, or the e-mail or telephone extension of who's filling
- in for you - nothing more.
-
- Q: The Internet is rapidly becoming a business tool. How secure is
it?
-
- A: While many companies currently doing business on the Internet have
taken
- every security measure that is technically possible, I would still
advise
- caution and would not use the Internet to transfer sensitive information.
- If pressed and I had no choice but to send a file or document across
the
- Internet, I would convert the text to a code or cipher and then break
the
- document into at least two or more sections depending on its size.
If I
- broke the document into only two parts, part one would contain even
numbered
- pages, part two odd. I would then send either part one or part two
from one
- Internet provider/account and then send the remaining part some hours
later
- from another Internet provider/account. Of course the recipient would
have
- to know how to decode the document and the number of parts making up
the
- document. The most important advice here is if there are other, more
secure
- methods of transferring sensitive information, use them. The Internet
is an
- excellent public system, but it is very public-accessible.
-
- Q: It has been said that sending information by FAX is much more secure
- than discussing it over the telephone. Is this true?
-
- A: While this could have been said twenty-five years ago when telephone
- facsimile technology was only available to those with deep enough pockets,
- it is not true today. A person with a digital recording device, monitoring
- your FAX line can record your FAX transmissions and receptions, play
the
- recording back into a modified Group III or Group IV FAX machine and
have
- an exact copy of your message without your knowledge. Even without
having
- your FAX line monitored, a FAX sent to a "communal" FAX machine
usually
- ends up getting read by several office staffers before it gets retrieved
- from the incoming FAX basket for delivery to you. The answer to this
is to
- always convert the document into a code or cipher and have a FAX machine
that
- only you have access to. Better yet, don't use a FAX machine to send
- sensitive information.
-
- Q: There are several telephone services such as banking by phone, telephone
- ordering services, and credit card account information by telephone
to name
- a few, that rely on the user entering account numbers and passwords
from a
- telephone keypad. How secure is this?
-
- A: For most ordinary citizens it is fairly secure but it is not completely
- without risk. Should someone happen to monitor your telephone call,
either
- by picking up an extension or by tapping your telephone, they can either
- record the tones that represent your account number and password using
a
- tape recorder, or attach a special device to the line that will provide
- a decoded print out of each key that you pressed when you entered this
- information. The tape recording may be played through a decoding device
- at a later time or the recording itself may be replayed through the
telephone
- by an unauthorized person to gain access to your account. Never use
these
- services from a cordless or cellular telephone. Use these services
with
- caution and discretion.
-
- Q: In the past we have seen in the news several examples of how cellular
and
- cordless telephones can be monitored by anyone with a scanner radio
receiver.
- With new privacy legislation and new and improved telephones boasting
privacy
- and secure features, has the ability to listen in on cellular and cordless
- telephone conversations become a thing of the past?
-
- A: The potential of someone being able to listen in to your cellular
and
- cordless telephone conversations will always exist. Passing laws to
make
- this activity illegal only placates special interest groups in the
cellular
- industry and gives consumers a false sense of security. Likewise, many
of
- the new privacy and secure features offered on cellular and cordless
- telephones only provide privacy protection from about 70% of those
who could
- do so prior to the introduction of these new features. As for the other
30%,
- they possess the necessary technical skills to adapt their equipment
to
- monitor most of the telephones with the newer features. This is the
main
- reason why you should never discuss private or sensitive business on
these
- telephones. Likewise, avoid giving telephone numbers, addresses, account
- numbers, client names, or using a person's full name on these telephones.
- The golden rule of privacy when using a telephone is, if it doesn't
have a
- cord connected between the handset and its base . . . it can be monitored
- by anyone with a radio receiver within a one mile radius.
-
- Q: Are two-way radios and pagers more secure than using cellular or
cordless
- telephones?
-
- A: Absolutely not! Using a computer, special software, and a radio
receiver
- all messages sent to a numeric or alphanumeric pager can be received,
stored,
- and read. Two-way radios are easily monitored by anyone who has a scanner
- radio receiver. Many businesses who dispatch vehicles to regular clients
- use code numbers or names to identify client names and locations to
reduce
- the risk of having their competitors compile a new customer list at
their
- expense. Regardless of how secure you are told it is, never discuss
private
- or sensitive business matters when using a two-way radio.
-
- ****************************************************************************
- Free use of all or part of the preceding is authorized provided the
following
- credit is given: Dr. Robert Ing, D.Sc., F.A.P.Sc., is the author of
- "Improvised Technology in Counter-Intelligence Applications,"
published by
- Tiare Publications/Limelight Books, which details inexpensive methods
of
- determining whether one is under electronic surveillance. The manual
is
- available from the publisher for US$29.95 plus US$3.00 shipping &
handling.
- To order, or to arrange a more detailed personal interview, please
contact
- the publisher at 1-800-420-0579 or (414) 248-4845.
- *****************************************************************************
-
- INDUSTRIAL ESPIONAGE CAN KILL YOUR BUSINESS
-
- 72% of businesses which have not taken measures to reduce their vulnerability
- to industrial espionage, and suffer a resulting loss, will go out of
business
- within two years, according to a survey conducted by the Canadian Security
&
- Intelligence Service. The same survey indicates that 43% of American
- corporations have had an average of six incidents involving corporate
- espionage.
-
- An increase in unemployed intelligence officers since the Cold War
ended and
- the proliferation of advanced technology has made corporate spying
much
- easier. Dr. Robert Ing, author of the recently published, "Improvised
- Technology in Counter-Intelligence Applications," says that "instead
of
- missile launch codes, the new targets of choice are technological and
- scientific data concerning flat-panel TV, electric cars, new computers,
- competitive strategies, and innovative manufacturing/distribution processes."
-
- "Even a whiff of such a security breach can cause a company's
stock prices to
- tumble, or a deal to fall through," says Dr. Ing. That may be
the reason why
- 42% of the companies which replied to a 1995 survey by the National
Counter
- Intelligence Center said they had not reported suspected incidents
of
- corporate espionage to authorities.
-
- "The ability of field investigative and corporate security personnel
to
- detect and neutralize electronic surveillance devices is of paramount
- importance in the reduction of losses due to corporate espionage,"
says Ing.
- "However, equipment used to detect these devices is only available
through
- limited sources, and the very presence of such equipment may draw unwanted
- attention. Furthermore, with cost cutting measures being applied in
both the
- public and private sectors, the premium prices of such equipment and
the
- cost of training non-technically inclined field staff to use it is
often
- difficult to justify."
-
- Improvised Technology in Counter-Intelligence Applications gets around
those
- obstacles. Based on material Dr. Ing developed for the workshops he
conducts
- for field personnel of U.S. and Canadian government agencies, this
manual is
- the only up-to-date reference which provides practical methods for
electronic
- "bug" detection without the need for expensive equipment
and previous
- technical knowledge. The manual was written specifically for non-technical
- field staff and intelligence officers. It presents improvised methods
for
- the effective detection of telephone taps, hidden radio and infrared
- transmitters, as well as video cameras and vehicle tracking devices.
- Originally restricted to federal intelligence officers, the information
- given in Dr. Ing's workshops is now available to the public and to
the
- private law enforcement, security and investigative communities.
-
- If you need to know if your privacy is being compromised electronically,
or
- don't have the budget to buy highly specialized equipment - or the
technical
- background to operate it - this manual is your answer.
-
- Improvised Technology in Counter Intelligence Applications is available
for
- US$29.95 plus US$3.00 shipping/handling from Tiare Publications/Limelight
- Books, P.O. Box 493, Lake Geneva, Wisconsin 53147, U.S.A. Visa/Mastercard
- orders: 1-800-420-0579 (M-F, 0900-1700 CST).
- *****************************************************************************
-
- BIOGRAPHY: DR. ROBERT ING, D.Sc., F.A.P.Sc.
-
- Dr. Robert Ing has been involved in radio and telecommunications since
the
- early 1970's. He has degrees in Forensic Science, Electrical Engineering
- Technology, and holds a Doctor of Science degree in Radio Communications
- Engineering. He holds appointments as Adjunct Professor in Electrical
- Engineering at LaSalle University (U.S.), Senior Board Member of the
- Electronics Technicians Association International, a former Director
- of the International Society of Certified Electronics Technicians,
and
- is a professional member of the Armed Forces Communications & Electronics
- Association. Dr. Ing is also listed in Canadian Who's Who, Ontario
Who's
- Who, and International Engineering & Technology Who's Who.
-
- Dr. Ing has given workshops and lectured extensively on electronic
counter-
- intelligence (C4CM) and improvised technology issues under the auspices
of
- the federal governments of the United States and Canada. Other areas
of
- activity include workshops, training, and consulting for corporations
and
- the private security industry on executive protection, privacy and
topics
- of interest. Based in Toronto, Canada, he enjoys amateur radio and
- automobiles when he can take time from his busy schedule.
-
- For further information on workshops/training, or to arrange an interview
- with Dr. Ing you may contact him via the Internet: