Spy History: 1902 Corporate Espionage on the High Seas

Your Editor (not me) chanced upon the following in the library of the National Maritime Museum at Greenwich last winter and it is reprinted here by kind permission of Stephen Rabson, Group Information Manager of P&O.

The document is in the form of a quasi-official report, written by one of P&O's traveling inspectors on two voyages in 1902, one from Southampton to New York, the other from Vancouver to Yokohama.

The writer (whose signature is, alas, indecipherable) was clearly more than a passenger, he was a benevolent spy, assessing conditions aboard the competition...

"I have the honor to report my arrival here yesterday. The following details of the steamers in which I have traveled may interest you..." more

This business spy tactic has been around forever. These days corporate espionage is enhanced with electronics (audio, video, and data). This is why businesses have added Technical Surveillance Countermeasures to their security precautions. If you have not, it is highly recommended you do so. Contact a professional TSCM information security consultant to begin protecting your company.

Better Idea: Prevent the Boardroom Leaks - Conduct TSCM Inspections

HP Studied Spying on Newsrooms: NY Times
Hewlett-Packard conducted feasibility studies on placing spies in news bureaus of two publications as part of an investigation into leaks from its board, The New York Times reported on Wednesday. Hewlett-Packard could not immediately be reached for comment.

The Times cited an individual briefed on the company's review of the operation in its report. It is not clear whether the plan described in the documents, which were read to a reporter, was ever acted upon, The Times said.

The newspaper said the feasibility studies, referred to in a February 2 draft report for a briefing of senior management, were said to have included the possibility of placing investigators acting as clerical employees or cleaning crews in the San Francisco offices of technology news Web site CNET and The Wall Street Journal.

HP is under investigation by U.S. federal prosecutors and the California attorney general over the company's potentially illegal tactics in obtaining phone records in a bid to end boardroom leaks to the media. more 

The much better idea.

Check Before Opening Encrypted Microsoft Word Documents Emailed to You

Threat intelligence analysts have now reported a surge in the activity of the Paper Werewolf cluster, also known as GOFFEE, which uses infected Microsoft Windows Word documents to launch mostly espionage-driven, credential-compromising attacks.

Like so many other attack campaigns, Paper Werewolf uses phishing emails and brand impersonation to distribute its malicious payload. These messages contain an encrypted Microsoft Word document that prompts the recipient to enable macros in order to read it. If they do this, then the content of the document is decrypted, and the malicious program is installed on their device. The threat intelligence analysts said that, in some instances, they observed the use of PowerRAT, a remote access trojan, enabling the attackers to execute commands and carry out reconnaissance. more

Security Director Alert: Latest Electronic Surveillance of Corporate Executives

What is going on at Boohoo?
• Espionage claims arise as boardroom battle continues.

• Cautionary tale.

The past few months have been turbulent for Boohoo, to say the least. Yet, last week, things seemed to come to a head when claims of espionage arose at the fast fashion giant.

According to a report by The Times, three current and former executives of Boohoo are believed to be the victims of stalking and surveillance. The alleged espionage is said to have been committed against Boohoo’s co-founder and executive chair Mahmud Kamani, chief executive Dan Finley and former CEO, John Lyttle.

The allegations were brought to light after the company informed the Information Commissioner’s Office (IOC) of a related incident taking place outside of its Manchester headquarters. The report was confirmed by the IOC in a statement to the press, which read: “We can confirm that Boohoo Group has made us aware of concerns regarding the discovery of surveillance equipment outside its head office.”

In a more recent update, the Times has now reported that police in Manchester and Kent are investigating the claims, with Greater Manchester Police stating to the media outlet that it was looking into allegations “involving serious distress”. No arrests have been made, so far. more

Spybuster Tip # 675

Prior to any attack (physical, information theft) some form of surveillance tradecraft (audio, video, data or visual surveillance) will be used. 

If you are a business executive don't ignore this. 

More tips here.

Matt Damon’s Funniest Comedy Flips the Spy Genre on Its Head

By Liam Gaughan

Published 2 days ago

Damon gave the single greatest comedic performance of his career in Steven Soderbergh’s dark comedy The Informant!

The Informant! was released during a time in Damon’s career in which he could certainly afford to be a little bit more experimental...

While it’s understandable why he may have wanted to step outside his comfort zone and try something new, The Informant! is a brilliant deconstruction of espionage thrillers that examines the complexity of American masculinity. more trailer

...and it is a true story!

Corporate Espionage: Executives Exploiting Their Roles

In a concerning trend across the corporate world, cases of internal misconduct and corporate espionage are becoming increasingly prevalent, posing significant threats to businesses. 

Internal disputes and personal agendas can undermine corporate governance and harm a company’s competitive edge...

Recent events involving senior executives at a Pune-based company, Artur Schade Steel Products India Pvt. Ltd., highlight how internal betrayal and data theft can cause substantial financial damage and disrupt operations. more

Trade Secrets Audits: Strengthening Your Company’s IP Protection

via Sefarth Shaw, LLP...

In a world where corporate espionage and data breaches are increasingly common, protecting your company’s intellectual property is more vital than ever. 

Recent developments surrounding the FTC’s Non-Compete Ban, currently stalled in litigation, highlight the need for proactive measures. This webinar will help you navigate these regulatory shifts and strengthen your IP protection strategies.

Join Lauren Leipold, Eddy Salcedo, and James Yu for the next installments of Seyfarth Shaw’s 2024 Trade Secrets Webinar Series. This webinar offers crucial insights into enhancing your IP defenses and preparing for future regulatory changes.

Webinar Recap! Trade Secrets Audits: Strengthening Your Company’s IP Protection

In our recent webinar, “Trade Secrets Audits: Strengthening Your Company’s IP Protection,” Seyfarth’s Intellectual Property Partner, Lauren Leipold, along with Trade Secret Attorneys Eddy Salcedo and James Yu, shared essential strategies for enhancing IP protection in today’s complex landscape. 

As corporate espionage and data breaches become increasingly prevalent, the session provided valuable insights on effective methods for safeguarding your company’s intellectual assets. Notably, recent developments surrounding the FTC’s Non-Compete Ban—currently stalled in litigation—highlight the pressing need for proactive measures to secure your business against emerging threats.

Key Insights from the Webinar... more

Thousands of Corporate Secrets Were Left Exposed

This Guy Found Them All...

If you know where to look, plenty of secrets can be found online. Since the fall of 2021, independent security researcher Bill Demirkapi has been building ways to tap into huge data sources, which are often overlooked by researchers, to find masses of security problems. This includes automatically finding developer secrets—such as passwords, API keys, and authentication tokens—that could give cybercriminals access to company systems and the ability to steal data.

In total, Demirkapi has found more than 15,000 active secrets of all kinds.

Within the vast number of exposed keys were those that could give an attacker access to the digital assets of companies and organizations, including the potential to obtain sensitive data. For instance, a member of Nebraska’s Supreme Court had uploaded details of usernames and passwords linked to its IT systems, and Stanford University Slack channels could be accessed using API keys. more

How to Fight a Corporate Espionage Accusation

via SPODEK LAW
What Constitutes Corporate Espionage Fraud?
Corporate espionage fraud involves illegally obtaining confidential business information from a competitor to gain an unfair advantage. This can include:

• Stealing trade secrets or proprietary technology
• Hacking into computer systems to access sensitive data
• Using deception to obtain confidential documents
• Bribing or blackmailing employees to reveal inside information
• Industrial sabotage to damage a competitor’s operations

Common Defenses Against Corporate Espionage Charges
1. Lack of Intent
2. Information Was Not Actually a Trade Secret
4. Public Availability
5. Whistleblower Protections
6. Statute of Limitations

Key Legal Precedents in Corporate Espionage Cases

• United States v. Hsu (1999): Established that attempted corporate espionage is prosecutable, even if no actual trade secrets were obtained.
• United States v. Chung (2011): Clarified that the government must prove the defendant knew the information was a trade secret, not just confidential.
• United States v. Aleynikov (2012): Found that software source code did not qualify as a trade secret under the Economic Espionage Act (later overturned).
• United States v. Nosal (2016): Ruled that the Computer Fraud and Abuse Act applies to theft of trade secrets by former employees.

Strategies for Defending Against Corporate Espionage Charges

• 
  Challenging the evidence: 
• Scrutinize how the evidence against you was obtained and push to suppress any improperly gathered information.
• Negotiating with prosecutors
• Presenting alternative explanations:
• Demonstrating lack of economic benefit
• Highlighting inadequate security measures
• Leveraging expert witnesses
• Pursuing civil resolutions

Greater detail appears in the original article, here.

$2 billion Corporate Espionage Verdict Overturned by Appeals Court

Software company Pegasystems convinced a Virginia appeals court on Tuesday to throw out a $2 billion jury verdict for rival Appian in a court battle over Pegasystems’ alleged theft of Appian’s trade secrets.

The award from 2022 had been the largest damages verdict in Virginia court history, the Court of Appeals of Virginia said in the decision...

McLean, Virginia-based Appian had said in a 2020 lawsuit that Pegasystems hired a contractor to steal confidential information from Appian’s software platform in order to improve its own products and better train its sales force...

Appian said that Cambridge, Massachusetts-based Pegasystems referred internally to the contractor as a spy and to its scheme as “Project Crush,” with Pegasystems employees using fake credentials to access Appian’s software. Pegasystems characterized “Project Crush” as competitive research in a 2022 statement...

Pegasystems’ CEO said in a statement following the verdict that Appian’s CEO “could not identify one trade secret that Pega had allegedly misappropriated” during the trial. more

Moral: Make sure your "trade secrets" meet the requirements of, and can be clearly identified as, Trade Secrets. more

One Way Corporate Espionage Spies Cover Their Tracks

Residential proxy IP: The invisible cloak in corporate espionage.
From the IP vendor's ad...

"In the fiercely competitive business battlefield, information is power, and how to obtain and use this information has become a problem that every company needs to face. In this spy war without gunpowder, residential proxy IP is like an invisible cloak, providing strong protection and support for enterprises.

Imagine that you are an intelligence analyst at an emerging technology company, and your task is to collect and analyze the latest developments of competitors so that the company can make more informed decisions. However, the online world is not a smooth road, and your IP address can easily expose your true identity and intentions, making your actions subject to various restrictions. At this time, residential proxy IP is like a capable assistant, helping you to move forward invisibly in this spy war.

Residential proxy IP, as the name suggests, is to use the IP address of an ordinary home network environment for network access. Because these IP addresses come from real home users, they are difficult to identify and track. By using residential proxy IP, enterprises can hide their real IP address and avoid being discovered by competitors or network monitoring agencies. In this way, enterprises can access target websites, crawl data, analyze competitors' strategies, etc. more freely without worrying about being blocked by anti-crawler mechanisms or IP being blocked." more

Corporate Espionage: Steward Health Care Deployed Spy Outfits to Thwart Critics

Despite its financial turmoil and eventual bankruptcy, Steward Health Care allegedly spent millions spying on its adversaries, hiring intelligence companies to track and intimidate critics worldwide.

In what resembles a poorly written spy novel, Steward's leadership hired agents who placed tracking devices on the car of a financial analyst, accessed a healthcare executive’s phone to potentially blackmail him and circulated an allegedly false wire transfer to frame a politician, a report said.

The videos and documents with the incriminating details were obtained by journalism outfit the Organized Crime and Corruption Reporting Project and shared with the Boston Globe, who investigated the case further.

According to reporters, Steward executives who deployed these intelligence firms prioritized paying their bills over all others, including invoices from vendors and suppliers. Monthly expenses for intelligence services reached as high as $440,000, and from 2019 to 2023, Steward allocated over $7 million to these operations.

As to the legality of all of this, because the spying and fraud took place in various jurisdictions globally, it may not be possible to prosecute anyone responsible. more

Policing Minister's Wife in legal row over Claims of Corporate Espionage

A leading businesswoman who is married to the policing minister, Chris Philp, has been reported to the Crown Prosecution Service (CPS) by a former employer and is being sued in the high court over allegations of corporate espionage.

Elizabeth Philp, 40, whose husband has called for "zero tolerance" to all crime, is accused of data handling offences and unlawfully using "confidential information" from her former employer to set up a rival business.

She denies the allegations and is countersuing her former employer, which she accuses of cyber-attacking the website of the company she subsequently founded. more

Beware the Spies in Disguise

Unethical hackers are often hired by companies for corporate espionage: to infiltrate the IT systems of rival organizations to steal sensitive information, trade secrets, and strategic plans. The information can provide a competitive advantage or be sold for financial gain.

Although getting in touch with these hackers is comparatively easier, they have now resorted to anonymous modes of messaging through discreet texting applications that do not store metadata. Such apps use encrypted chat rooms, which makes it difficult for authorities to trace communications.

The internet is also filled with tutorials providing step-by-step guides for many kinds of unethical hacking tasks, which are often used by tech-savvy anti-social elements.

On the other hand, hacking into social media accounts threatens the individual privacy of creators and is often used for blackmail and extortion. more

This is a major problem on LinkedIn. 

Here are some of the come-ons I receive...

• It's nice to meet new people. Can we talk?
• Hello, it's a pleasure to contact you. Your resume and skills are excellent. I hope to make friends with you.
• I am Sophia, I checked your profile. I saw that your professional field is the talent we are looking for, which will be of great help to the new project I am about to start. If you are interested. You can leave your phone number and contact information, and I will arrange a time with you for a detailed conversation and make an appointment for a telephone conference. When is it convenient for you?
• After reading your resume and work experience, I found that you are a very talented person! can we talk?
• I think your field of work is great. Can we exchange ideas and learn from each other?

Spy Tip: Remember your Stranger Danger training.

Corporate Espionage as AI Sees It

A totally AI-created short video explaining corporate espionage.

Interesting, but also consider how AI will become a force-multiplier tool in the hands of people engaged in corporate espionage. Each tidbit of information about a business is just a puzzle piece. Dump them all in to your AI spymaster, et voilà!... instant full picture, with guidance on how best to take advantage.

Man Charged for Putting 'SPY' Cameras in Seattle Expedia HQ Bathrooms

A 42-year-old Lynnwood man is facing multiple felony charges for allegedly putting hidden “spy” cameras in two bathrooms at the Expedia Group headquarters in Seattle...

According to charging documents, Vargas-Fernandez placed cameras under the sink aimed at the toilet in two all-gender bathrooms at the Expedia office building between Dec. 4, 2023, and Jan. 11, 2024. Investigators said at least 10 victims were seen in the illegal footage and believe “several more victims have yet to be discovered.”

When officers searched Vargas-Fernandez’s apartment after his arrest, they found at least “33 various spy cameras carrying from full, partial, no concealment,” according to court documents. Investigators also found at least 22 SD cards and six hard drives with “at least 20 terabytes of storage.” more  video

Corporate security directors, there is an innovative, preemptive, low-cost solution...
Spy Camera Detection Training for your security and facilities personnel. It includes a Recording in the Workplace Policy and Inspection Log. Training, a Policy and Inspection Log with show your due diligence in court should an incident arise.

Apple Self-Driving Industrial Espionage Case Ends in Sentencing

A former Apple engineer will spend four months in prison, bringing a lengthy and contentious case to a close six years after the U.S. government first charged the engineer, Xiaolang Zhang. 

9 to 5 Mac has been covering the case since shortly after it began, and their report on Zhang’s sentencing has a good overview of the issues to date.

The basics? Zhang worked for Apple in the U.S., where he worked on the company’s self-driving car project, Project Titan. He then left abruptly to work for another company, this one based in China, XMotors. When he did so, he brought several proprietary documents with him. Hence the charges against him, to which he eventually pleaded guilty. The Department of Justice also announced several charges in the case last year. more

Corporate Security Alert: Google's Spyware Report

Spyware risks are rising fast, and you should definitely be worried — even Google says so...

Companies developing spyware and offering spying services to government agencies and threat actors around the world are growing in number, and to make matters worse, for all of them - business is good.

This is according to a new report from Google, which highlights the growing concern of commercially developed spyware.

Now, according to Google’s latest Buying Spying report, it tracks around 40 Commercial Surveillance Vendors (CSV). Some are more popular than others, but all play an important role in developing spyware, it said. more

Google: "If governments ever claimed to have a monopoly on the most advanced cyber capabilities, that era is over. The private sector is now responsible for a significant portion of the most sophisticated tools we detect."

A Corporate Espionage Gamble

Ivans Ivanovs, a former employee at OnAir Entertainment, has claimed that the company illegally accessed Playtech’s internal systems for two years. The illegal access is said to have continued even after Igor Veliks, who was instrumental in the scandal, left his job with Playtech Live Latvia. Ivanovs asserts that Veliks, together with accomplices, made use of unauthorized access to clandestine monitor Playtech’s future games and features...

The impending release of OnAir Entertainment’s ‘Diamond Rush Roulette’, overseen by Veliks, is now under scrutiny amidst these industrial espionage claims. As the legal proceedings progress, Ivanovs pledges to divulge more details concerning the purportedly unethical operations at OnAir Entertainment. more