Saturday, 29 November 2008

Countering Espionage - A modern threat

Countering Espionage - A modern threat


Corporate Espionage was once thought of as a risk that only affects the richest of companies in high-risk sectors or emerging markets, the latest trends suggest that this is far from the truth.The history of espionage, thought by some as the second oldest profession in the world, can be traced back to biblical times with more than 100 references in the Old Testament. Sun Tzu's book "The Art of War", written around 500BC deals specifically with intelligence networks and intelligence gathering. Unfortunately as is often the case, history has not taught us the most basic of lessons; that intelligence is power, whether in business or war, he who has intelligence has the upper hand.Many are naive enough to think that espionage comes straight out of the pages of Ian Fleming's James Bond, confined to Governments and the largest of corporations. They are very much mistaken. No one wants to be a victim, least of all admit to being a victim, yet the rewards for those carrying out espionage far outweighs the risks or expense involved.

Sad as it may seem, a simple device bought for as little as two hundred pounds can cost a company millions through lost corporate intelligence. At the lower end of the scale there is the office refuse, if this is not disposed of in the correct manner it can be yet another source of leaked information within companies or organisations.Directors, management and IT personnel of many companies fail to understand the fundamental basics of countering espionage and the techniques employed by those carrying out such activities. Millions of pounds are spent each year on eavesdropping transmitters, computer keystroke loggers and telephone recording systems.

Everyone wants to know what everyone else is doing in business, and for some it makes sense to have a budget for "intelligence" prior to entering into litigation suits, hostile takeovers or mergers and acquisitions.Litigation, for example, is an area of complex issues, cross border or otherwise, where technical surveillance has in the past, been used to affect the outcome of a given case.

When a case is worth £500 million, spending £50,000 on winning makes sense to many companies, and far outweighs the risks of becoming the loser.The level of the risks involved in Corporate Espionage is all relative to the financial rewards. The level of the technology employed is relative to the investment.It is more and more evident that few security companies fully understand the technology involved, how communications operate or are intercepted/manipulated, leaking vital corporate intelligence to competitors.

Some Technical Surveillance Counter Measures (TSCM) firms are so far behind that the advice that they pass on to their clients is often futile. With budgets in the tens of thousands of pounds, a telephone can be intercepted miles away from the target location and monitored from the other side of the world, live. Each call is time and date stamped, in turn recorded on a computer for later evaluation. The fact of the matter is, in some cases a TSCM sweep is of no use when technical surveillance can be so remote. Better understanding is needed, both of the modus operandi and of the latest technology.

Few TSCM firms understand just how far an espionage budget of £20k can go. TSCM sweeps as part of a security housekeeping policy do make sense if carried out to include computer systems, rooms and telephone lines to local exchange level. It is true to say that the basic technical principles of espionage technique have not changed too much over the past twenty years since the end of the cold war. However the movement in technology and with the vast use of communications spanning the world has lead the public into a false sense of security and apathy when employing these communication techniques. Any type of electronic communication can be intercepted at one level or another; the role of the TSCM firms should be best utilised identifying the areas of weakness and employing measures to combat these possible areas of weakness.

Office Security
Many large companies fall foul of size and general lack of in-house security policies, making espionage far easier and easier still with inside information. The placement of bugging devices in offices or boardrooms is not always the first option for espionage; often the logistical problems involved in a live covert device far outweigh the benefits. However, should access have been gained via inside information or chance, many of those carrying out espionage prefer to install hardwired GSM based devices, solving power and distance issues.

Cat5 cabling for example is a good carrier for installing covert microphones. A GSM device being located elsewhere in the complex acts as a "voice activated transmitter" and is almost impossible to locate during a TSCM sweep of the given boardrooms or offices. Having a good internal security policy will aid a company and deter potential offenders. Staff should challenge visitors not displaying a visitors badge; visitors should be met at reception and not left unattended. Workmen also should not be left unattended and all companies should employ a clean desk policy where possible.

Landlines
A device placed on the telephone line can be as far as five miles away prior to the line entering the local exchange. A simple device that tests line voltage or impendence will not detect hi-tech devices unavailable to the general public.

These varieties of device are normally of GSM type and utilise the power from other sources within the local exchange/cabinet. They are nigh on impossible to detect without a physical check of the line up to the local cabinet (green roadside cabinet) level. Securing an external landline to the property need not be an expensive encryption system; replacing an analogue system with digital ISDN/ADSL system will ensure that the line is far more secure. Fibre-optic cables cannot be tapped into with ease unlike a twisted copper pair; a "pod-splitter" and true line identification are required.

Cellular telephones
The fact is, that while it costs in excess of £250k for the necessary equipment for intercepting a cell phone, jamming the phone's signal costs less than a tenth of that price and is far easier on an operational basis. A target uses a cellular telephone because she/he thinks that it is the most secure way of communicating. A cellular jammer can be deployed to jam the cellular telephone, forcing the target to use the landline that is intercepted. Keeping it simple counts, low risk and high gains.

Computer Systems/Email
Trojan Viruses sent to targets via email can contain complex keystroke logging programmes or open back doors to computer systems. At the lower end of the scale, there are many of such programmes freely available on the Internet, at a low cost or for no cost at all. At the higher end of the scale there can be hackers targeting a business/director in order to gain given intelligence on sensitive financial matters. The cost of the latter option, whilst in the thousands of pounds mark is, as I have previously covered, worth the risk in the larger cases.

New, off-the-shelf, computers are not as secure as users might think; the default settings are insecure and need to be configured prior to connection to the outside world. The most basic of steps should always be taken, updating anti-virus software on a weekly basis, backing up networks and installing a hardware firewall are just some of the easiest options to employ as a counter measure. The best answer to computer security is file and email encryption, this though, only providing that the computer system is firewall protected.

Bluetooth™ and Wireless connections
Wireless computer connections are high risk and can, if not set up correctly be intercepted at ease by external attack. This risk has been highly reported over the past two years, but many manufacturers have still failed to change the default settings of their devices, thus enabling other "attacking" systems to connect and download vital information such as address books and other files; all without the user's knowledge. Overall what must be taken on board is that no one wants to work in a locked down environment, but in a secure one. All security recommendations need to be both affordable and workable, the simpler the better, realistic and in keeping with the level of possible threat.



Don’t arm terrorist

Alex Bomberg and John Bradridge reveal how UK security manufactures should guard against their equipment falling into the wrong hands.

In the defence industry today more then any other, due diligence must play a vital roll in the war against terror and, as part of any company’s housekeeping policy, it should be employed at the initial stages of any joint venture and agent selection.

While the task of carrying out due diligence can involve complex networks of ownership, directors and links to government officials, in some ways common sense is the first indicator.
It is a fact that people do more to carry out checks on potential partners in relationships than they do when it comes to financial deals and business partnerships, but what could once have been sealed with a handshake now requires a series of checklists, meetings, decisions and the added cost of peace of mind.

So what is due diligence? It is best described as: “The process of systematically evaluating information, to identify risks and issues relating to a proposed transaction, i.e. to verify that information is what it is proposed to be”.

Due diligence must in every case be measured, reasonable investigation into a company, group of companies or individuals to obtain intelligence which allows you to make an informed decision based on what you have discovered, without being totally reliant on it.

The definition of due diligence is simple. What is not simple is how to carry it out, when to carry it out or even how much should be built into the budget to pay for carrying it out.

But what link does this all have with terror, you might ask? The answer is that in 2004/5, there were two cases where separate companies both sold defence products to companies in the Middle East. Items from both companies have since been found on dead Taliban fighters and an investigation is underway by the authorities.

Due diligence can be split down in to sections:
  • Company information - director's names, formation and ownership details
  • Financial information - current turnover and past returns
  • Legal history - judgements past, present or pending
  • Political risk indication - country and region

While the above can be broken down further into complex discussions and argument, it represents the fundamental basics of what needs to be investigated to help with decision-making. Every company can undertake a level of due diligence at no cost whatsoever just by having a set standard in place and a check list for every supplier, agent or end-user. This information must, of course, be verified, but just asking for it will in itself add to a company's security.Prior to any business relationship, basic information should be requested in a formal document drawn up as part of either a non-disclosure agreement (NDA) or as a stand-alone document. Gathering copies of documentation and basic information will act as basis, the start of a lengthy process that will culminate in founded decision.


A formal request should be made for the following:

  • Names, addresses and dates and places of birth of all company directors
  • Past employment of directors
  • Names, addresses and dates and places of birth of all company shareholders (non-listed companies)
  • Company formation documentation
  • Company structure
  • Company insurance documentation
  • Office locations and registered head office

Any company being asked to submit the above information will, if intending to commit any fraud or unlawful act, think twice before proceeding with any transaction.

Available today on the internet is a vast arsenal of information which is easy to use and can save a company thousands of pounds on the cost of due diligence. Understanding how search engines work can be daunting, but the basics for finding out information are quite simple and rudimentary facts can be obtained via this method.

However, investigation or intelligence gathering is only a part of due diligence because financial data needs to be examined just as filly for abnormal, unexplained rises or falls in turnover or profit. Whilst Companies House in the UK can be a great source of information on a UK-registered company, many other countries do not have what can be described as reasonable company registration procedures.

Where a country does not have an easily accessible database of listed companies, and financial or tax returns listings, the process of due diligence becomes more complex and expert help is required.

Many UK companies call on the service of business intelligence providers to carry out due diligence on their behalf and, while a report may be forthcoming, the report in all its glory cannot in itself be relied upon when making a final financial decision; this can only be up to the instructing party.

Uncovering legal history can also be a headache even in most economically developed countries; it’s a case of knowing where to look for the information. Many companies are not going to quickly volunteer any legal complication they may have had in the past, yet this area is key to the success of any possible relationship.

Since the internet has evolved, the task of uncovering legal history has in some cases become easier and misdemeanours, case history and legal judgements are also reported on within the national, local and business press. However, this may not be the case in some jurisdictions and, in the age of jet travel, it is perfectly possible that some individual or groups of individuals may have committed and/or been charged with a crime in another part of the world. The possibility of this happening should not be overlooked or underestimated.

Political risk indicators about whether a particular country or region is stable should also be examined. Always ask yourself whether a sudden change of government, government policy or law in the country concerned would put an end to any deal you may have been planning?
This area is far from uncomplicated. Our own government often fails to read or judge what is happening and little foresight is a poor excuse and is no defence for not trying to address this issue or, at the very least, to consider the implications. History is often not that good an indicator of possible upheaval; so keeping abreast of changes in the laws of a country is more a matter of having your finger on the pulse, investigation and monitoring situations as they develop.
But remember – any due diligence report is only a snapshot in time, so fresh investigations should be carried out at regular intervals to identify changes in company directors, ownership and company direction.

Alex Bomberg
is a member of the Royal United Services Institute and an expert in intelligence gathering and counter espionage.

John Bradridge
is a former senior Police Officer. They both work for Cotswold-based International Intelligence Limited which acts for corporate and govenment clients.

Wednesday, 26 November 2008

COUNTER ESPIONAGE TRAINING

The number of high profile espionage cases reported in the world press cover all business sectors; from Sport and Retail through to IT and International Aviation; this shows that in business today espionage is on the rise due to the narrowing of profit margins and the emergence of new markets.The counter espionage training course encompasses basic through to intermediate understanding of espionage technique with an emphasis on countering such a threat. This course also serves to give an understanding of Technical Surveillance Counter-Measures sweeps (TSCM) and the deployment of technical counter-measures equipment.

Who would benefit from this course?
This course is designed for Company Managers and Directors who the have a responsibility for company and personnel security and for other professionals working in sensitive project areas or in litigation.

What skills will you gain?

The ability to:
  • Understand the fundamental basics of espionage technique
  • Understand financial and economic implications
  • Carry out a basic espionage risk assessment
  • Identifying risk & implement sensitive project security procedures

ADVANCED SURVEILLANCE COURSE

This course is based on Special Forces doctrine and high risk surveillance operations, and covers technical and physical surveillance to advanced level. This course is designed for those who have either completed our Surveillance course or who have past experience of basic surveillance technique.

Who would benefit from this course?
Anyone who wishes to work in the field of surveillance and investigations or members of Close Protection teams who wish to raise there individual level of awareness and training.

What skills will you gain?

The ability to:
  • Plan and execute a surveillance high risk operation
  • Undertake intelligence gathering and research
  • Close target surveillance
  • Carry out covert eavesdropping
  • Undertake covert filming tasks
  • Understand team management & roles

SURVEILLANCE COURSE

This surveillance course covers basic through to intermediate skills that are required to carry out surveillance. Surveillance is a complex subject and covers a number of skill sets; the aim of this course is to enable a surveillance operative to plan and carry out a surveillance operation that is within the law, gather evidence and progress through to writing a report that is admissible within a UK court.

Who would benefit from this course?
Anyone who wishes to work in the field of surveillance and investigations or members of Close Protection teams who wish to raise there individual level of awareness and training.

What skills will you gain?

The ability to:
  • Plan and execute a surveillance operation in a rural or urban environment
  • Take covert video or photography and understand techniques employed
  • Carry out counter-surveillance drills
  • Understand the basics of surveillance and the UK law
  • Report writing and an understanding of the evidence UK courts require

DEFENSIVE DRIVING

The Defensive Driving Course will benefit the overall service that you are able to give your Client. Our course is aimed at reducing not only the loss of personnel and vehicle by Road traffic incidents, hi-jack or ambush, but also will go a long way to educate the workforce as to the real dangers of terrorist and criminal activities and help them to recognise a potential situation before it develops.The course content will be delivered by former members of The British Army and Police Officers using tried and tested Police Advanced Driving and Special Forces techniques.

The course is aimed at professional drivers and individuals who face a certain level of threat. Whilst defensive driving takes time to master, the course will teach safe and progressive driving skills with further education into areas of risk and threat assessment.As drivers you are responsible for your vehicle and those travelling within. The threat of hijack or kidnap is real. The tried and tested techniques learnt will give you the confidence and awareness to make quick and effective decisions in crisis situations.

The ability to execute:

  • Safe driving standards to RoSPA Level
  • System of car control
  • Anti ambush/hi jack drills
  • Counter surveillance
  • Personal security awareness
  • Hazards and observations
  • Route planning

Certification:

  • RoSPA Advanced Drivers Test Certificate
  • BTEC Level 2 in Driver Development
  • Intelligent Training International Limited Certificate in Security driving competence

Intelligent Training International Limited

Intelligent Training International Limited aim to provide our students and delegates with the best possible professional courses and lectures based on the operational experience of the British Military, Special Forces and Police Service.Our training has been designed for individuals working within the public or private sectors or for those who wish to improve there skill set and fundamental understanding within the specialist security and intelligence fields.

We are a Limited company based in the Cotswold’s; and pride ourselves in providing not only set courses but also bespoke training for Governments and private organizations, including NGO’s.Intelligent Training International Limited was developed from its sister company International Intelligence Limited in 2008 and is part of the “Intelligent (UK Holdings) Limited” group of companies.

Intelligent (UK Holdings) Limited, the group consists of:

Intelligent (UK Holdings) Limited
International Intelligence Limited
Intelligent Armour Limited
Intelligent Training International Limited