High-Tech World Has Low-Tech Spying

[William Knowles <wk () C4I ORG>]

http://dailynews.yahoo.com/h/ap/20000630/tc/corporate_spy_vs_spy_1.html

Friday June 30 2:21 PM ET

By CLIFF EDWARDS, AP Technology Writer

SANTA CLARA, Calif. (AP) - Transmeta chief executive David Ditzel
chuckles at the memory of the sudden interest in the company's trash
weeks before taking the wraps off its top-secret new Crusoe computer
chip.

But with hundreds of millions of dollars of research on the line,
keeping the microprocessor's specifications secret was no laughing
matter.

Ditzel and other employees at Transmeta's sprawling low-rise office
complex, located in an area tightly packed with semiconductor
companies, kept a careful watch on the trash bins and chased off
several people, including one whose car bore the bumper sticker of a
well-known rival.

``We made sure all they got were orange rinds,'' said Ditzel, who kept
the company's mission secret for five years until January despite
heavy interest from the media and industry.

Even Oracle Corp.'s hiring of detectives to dig up information on
archrival Microsoft Corp. (NasdaqNM:MSFT - news), didn't shock
executives in Silicon Valley, where ``security'' companies hired by
many of those firms say it is standard procedure to get down in the
dirt to muddy the image of competitors or profit off their work.

``Dumpster diving,'' hacking, bribery, hiring away key employees -
even not-so-casual conversations with unsuspecting relatives of
company executives, have become conventional tools in the
unconventional business of corporate espionage.

Fortune 1,000 companies lost more than $45 billion last year from
trade theft, according to a survey by the American Society for
Industrial Security and PricewaterhouseCoopers. Other estimates put
the figure closer to $100 billion.

But in the game of spy vs. spy, few players are willing to admit
involvement unless caught in the act. In recent years, admissions of
unorthodox tactics have come from companies including Microsoft Corp.,
America Online Inc. (NYSE:AOL - news), and this past week, Oracle.

Larry Ellison, the Oracle chairman, said he authorized payments to a
private detective agency to spy on several trade and policy groups
that publicly supported Microsoft in the federal antitrust case. He
portrayed his efforts as a public service, although Oracle would
benefit directly from a wounded Microsoft.

According to executives at firms who do corporate espionage, what has
been dubbed ``Larrygate'' by some is by no means an isolated incident.

``Corporate wars are just like real wars: They're ugly, and they are
won and lost in the details,'' said Eric Dezenhall, whose Washington
firm Nichols-Dezenhall hires private detectives, former CIA, FBI, Drug
Enforcement and other law enforcement officers for corporate
investigations.

``A company might not want to know how you got the information, but
they still want the information,'' Dezenhall said. ``To survive in a
more competitive climate, corporations need to resort to
unconventional resources, and some of those resources include using
deceit to stop an attacker.

``I tell them if you live by the sword, you may die by the sword. But
if you live by the olive branch, you still may die by the sword,'' he
said.

Experts say high-tech companies are especially vulnerable to
espionage.

They often work to promote a casual atmosphere to their employees and
overlook establishing security procedures in their rush to get out new
products. Security guards are rarely posted in many companies'
lobbies, doors go unlocked, computers lack intrusion safeguards.

``You can expect that your adversary is going to come through the path
of least resistance, the one gateway that you didn't secure, whether
it's your trash or your Internet gateway,'' said Amit Yoran, chief
executive of RIPTech, a security-monitoring company.

``It's not something that's openly talked about, because most people
think it does smell,'' Yoran said. ``But you have to realize this is a
global economy we're now talking about; in the international and
global economies where we are competing, these are commonly accepted
business practices.''

On several occassions at optical data-switching equipment manufacturer
Cyras Systems Inc. of Fremont, Calif., two men in black suits entered
unannounced and made a beeline for the company's engineering
department before being stopped.

Cyras Systems hired plainclothes security guards to patrol the
corridors and ordered new ID cards after one incident in which a man
told an employee he was there ``to browse,'' said company spokesman
Gary Clemenceau.

And earlier this month, the company hired guards at a West Coast trade
show after a crate containing sensitive equipment was broken into.

``The space is increasingly competitive, and if they can't invent it,
they'll try to steal it,'' Clemenceau said. ``Unfortunately, that
means many of us are having to `Big Brother'-up the place.''

Industry analysts say many such companies are doing the same.

They estimate slightly more than 80 percent of the world's companies
with a market capitalization of more than $1 billion have a formal
intelligence program to either gather information on competitors or
protect their own information.

Forrester Research in its ``B2B Information Warfare'' report found
that while corporate spending on security represents just a fraction
of total expenditures, the security spending has risen by a factor of
10 in just two years.

``No one knows the total size of the problem, but even if they don't
talk about it and even if they're not quite sure what they're afraid
of, it's clear they see the risk,'' said senior analyst Frank Prince
at Forrester's e-business infrastructure group.


*-------------------------------------------------*
"Communications without intelligence is noise;
Intelligence without communications is irrelevant."
Gen. Alfred. M. Gray, USMC
---------------------------------------------------
C4I Secure Solutions             http://www.c4i.org
*-------------------------------------------------*

ISN is hosted by SecurityFocus.com
---
To unsubscribe email LISTSERV () SecurityFocus com with a message body of
"SIGNOFF ISN".