An image showing the various methods of bugging a board room as part of corporate espionage
An image showing the various methods of bugging a board room as part of corporate espionage
Paul Rogers Author & Data Privacy Consultant

Snapshot Trends in Intellectual Property Theft

– Corporate Espionage Statistics –

In this article we take a look at recent trends in intellectual property theft and corporate espionage which is on the rise globally. According to a recent article by CNBC, 20% of US companies say that China has stolen their IP in 2019 while 69% of said companies surveyed were not sure.

The FBI has reported that it is investigating over a 1000 cases related to Chinese corporate espionage alone and that the cost of IP theft to companies is estimated to be in the range of $225 to $600 billion each year.
Many attack methods are being reported but particularly damaging ones include; boardroom spying, [spear]phishing / smishing and insider espionage where sensitive data can by siphoned out and sold to a nation state or on the black market or to a direct competitor.
In many cases, data is exfiltrated over a period of time out of the organisation giving rise to the term “advanced persistent threat” in cyber-security circles. This could include real-time conversations from board-room surveillance.
Enisa the European security agency however reports that 63% of espionage cases involve phishing where boardroom members are often the main target.

Boardroom Spying

An image of an INT-LM001 long range laser listening device mounted in the trunk of a car and pointing toward a building

INT-LM001 Long Range Laser Listening Device

From the early days of the cold-war, covert surveillance has been in existence primarily for state security and military intelligence purposes. Over the last 30 years that’s expanded into corporate espionage where commercial gain is the prime objective and board rooms and members are primary targets. Popular surveillance methods include;

  • Phone Wiretaps
  • Wall Bugs
  • Conference Bridge Snooping
  • Laser Based Listening Systems
  • Hacked Presentation Laptops
  • Wi-Fi Sniffers
  • GSM Bugging
  • Voice Activated Recorder
  • Fiber Optic Camera
  • RF Camera
  • Smartphone Recording S/W
  • Shotgun/Parabolic Mic

A new technique has even been reported in the Israeli media of lightbulb vibration eavesdropping called “lamphone.” This method allows spies with a laptop, telescope and a $400 electro-optical sensor to listen to conversations from hundreds of feet away by observing the minuscule vibrations created on the glass surface of a light bulb inside the room.
Needless to say a booming industry of counter-surveillance firms has mushroomed with anti-bugging techniques such as spectrum analysers [shown below] which detect RF transmissions.

To find out more about TCSM or technical surveillance counter measures head on over to wikipedia by clicking Here.

_____________

Motivation

We’ve discussed methods, now we’ll focus on motivation of which there are a few main categories which include;

Trade Secrets

| Competitors can use information to get their products and services to market quicker and perhaps save millions on R&D costs. Military aircraft and weapons specs and clinical data for new drugs comes to mind when nation states are involved.

Client Information

| Discussions about, and lists of high net worth clients maybe stolen and used for retargeting or poaching by the spying party.

Financials

| Information about business deals, M&A activity, quarterly earnings, remuneration packages etc would be valuable information for competitors

Marketing Information

Information about successful campaigns, target market, budget etc. could be gleaned here.

_____________

_____________

Corporate Espionage & The Law

In the US, the Economic Espionage Act of 1996 has governed corporate crime in this area while in the EU “The EU Trade Secrets Directive (EU 2016/943)” governs the scope of what’s considered a crime for EU states.

With regards to the US law, it has and will continue to be very much focused on punishing foreign sale of information as was seen in the first trial conviction under the law which involved a Boeing engineer who had sold trade secrets to China.

The US determines takes into account the following factors when applying the law and administering penalties which include;

  • The scope of the criminal activity, including evidence of involvement by a foreign government, foreign agent, or foreign instrumentality
  • The degree of economic injury to the trade secret owner
  • The type of trade secret misappropriated
  • The effectiveness of available civil remedies
  • The potential deterrent value of the prosecution

_____________

While the EU laws define the following type data in scope of their regulation which are largely agnostic of whether foreign powers were involved.

  • Business Methods
  • Market Analyses
  • Business Relationships
  • Pricing Information
  • Cost Information
  • Purchasing Information
  • Computer Programs
  • Computer Databases
  • Manufacturing Methods
  • Product Technology
  • Marketing Data and Planning
  • Personnel Information
  • Office Techniques
  • Customer or Supplier Lists
  • Financial info and biz planning
  • R&D Data
  • Process know-how and technology
  • Formulae and recipes
  • Ingredients
  • Manufacturing

_____________

While the existing top end of the scale in fines is 5 million and/or 6 months in prison under the EU law it would pale in comparison to the US where prison sentences for espionage can be closer to life sentences on conviction and no set limits on fines.

In the area of corporate espionage, were likely to see more sophistication of attack methods as nation states and criminal gangs arm themselves with attack tools like those stolen recently from Fireeye and EternalBlue before that. We’re also likely to see greater penalties over time by the EU as the 2016 directive matures and hence greater visibility as an issue at the board level. Vigilance and proactive countermeasures are more important than ever.

(see on “how you are targeted by Data Brokers”



An image showing client companies who Paul Rogers has worked with in the past

Stay Tuned for Future Posts by following Paul Rogers on Linkedin

NEED A PRIVACY EXPERT?

DPO SERVICE | TRAINING | ASSESSMENTS | ADVISORY

Get in touch to arrange a call about your data privacy needs