When it comes to industrial espionage, “one-hit wonders” — employees, such as Chelsea Manning or Reality Winner, who take valuable proprietary information to a competitor, the media or a foreign government — are just half of the equation. Companies also need to remember the threat of low-key spies on staff who may quietly provide their handlers with sensitive facts and figures over months, years and even decades. The damage these employees can inflict may rival or exceed the harm caused by a one-time loss.
In April, Stratfor hosted a lunch meeting on insider threats for chief security officers attending the European conference of ASIS International in Rotterdam, Netherlands. I also spoke on the tradecraft used by those trying to recruit insiders to commit industrial espionage. The conference demonstrated the enduring interest in the topic, and for those who couldn’t make it to Rotterdam, I offer this discussion.
Making a Splash
Threats from insiders come in many forms — including workplace violence, theft and sexual harassment — but let’s focus on industrial espionage and intellectual property. Discussions of the topic tend to focus on one-hit wonders, those who steal proprietary information and release it to competitors or to the media. One-time losses like these pose a significant threat. Some studies suggest that up to 59 percent of employees take sensitive information with them when they leave their jobs, in some cases costing corporations hundreds of millions of dollars.
In a case currently in federal court in Wisconsin, for example, energy technology company American Superconductor Corp. (AMSC) lost about $800 million in contracts when a former engineer from one of its subsidiaries sold the source code for wind turbines to its largest customer. The buyer, China’s Sinovel Wind Group Co., promptly canceled its pending business with AMSC. Despite the huge financial loss AMSC sustained because of this incident, the threat from insiders still employed at their companies may be just as damaging, if not more so.
The Gift That Keeps on Giving
For many years, Stratfor has warned about the threat of foreign espionage to Western trade secrets. China has developed government programs aimed at achieving technical parity with the West, and its state-owned enterprises have close ties to its intelligence community. The same goes for Russia, which has dramatically expanded its industrial espionage efforts under President Vladimir Putin. Today, the line separating Russian corporations from Russian intelligence agencies is often murky because numerous former intelligence officers have assumed senior positions in business.
Beyond Russia and China, former intelligence officers also commonly move into senior positions in private corporations or found firms specializing in business intelligence, which major companies then engage to steal trade secrets from their competitors. As a result, traditional espionage tradecraft has become an important factor in the field of industrial espionage. Cyber intrusion is a frequently used tactic for industrial espionage, but it is not the only one; the threat from other espionage techniques, including human intelligence techniques, cannot be ignored.
Any intelligence service would welcome a foreign national who walks in carrying a briefcase full of highly classified documents. The first thing every intelligence officer learns, though, is that while walk-ins are good, agents in place are even better, because they can provide a persistent stream of intelligence. An intelligence officer will always attempt to protect the identity of walk-ins and persuade them to remain in their jobs as agents in place. Soviet intelligence did this with CIA officer Aldrich Ames, FBI Special Agent Robert Hanssen and the John Walker spy ring, which penetrated the U.S. Navy. The CIA did the same with engineer Adolf Tolkachev, military intelligence Maj. Gen. Dmitri Polyakov and KGB officer Aleksei Kulak.
Agents like these can remain in place for decades and cause incredible damage. Ames and Hanssen revealed the names of numerous Soviet agents whom authorities back in the Soviet Union then arrested and executed. And this kind of penetration isn’t confined to opposing intelligence services, foreign ministries or the military. Perhaps the Soviet Union’s greatest intelligence coup was the theft of information that enabled it to create its own nuclear weapons program by targeting American scientists such as Theodore Hall, David Greenglass and Morton Sobell. The KGB files that a senior archivist for the intelligence agency smuggled out of Russia in 1992 shed light on the Russians’ time-tested skill in obtaining science and technology intelligence — in other words, intellectual property and trade secrets.
In the realm of academia, for instance, intelligence agencies have a long history of recruiting students still in school and directing them to apply for jobs in ministries or companies where they would like to have agents. The Soviets achieved great success with this type of operation, perhaps most famously with the spy ring known as the “Cambridge five,” which penetrated the British intelligence establishment and foreign ministry during and after World War II.
The methodology didn’t go out of vogue with the end of the Cold War, either. In 2010, an American student, Glenn Shriver, was arrested for attempting to penetrate the CIA and the U.S. State Department for his Chinese intelligence handlers. Chinese students and researchers also have been involved in numerous industrial espionage cases at Western companies. And several of the 10 Russian illegal intelligence officers arrested in 2010 had enrolled in U.S. universities, including Harvard, Columbia, New York University, Seton Hall and the University of Washington, presumably to spot and recruit agents.
On the Lookout
The advanced intelligence tradecraft that agents in place represent changes the spies’ profile and behavior relative to other corporate insiders. Compared with one-hit wonders, these employees are less likely to download a massive amount of information. Their handlers will encourage them to gradually gather the information in a low-key way. Similarly, an organization that has placed a persistent insider in a company will be less likely to make an abrupt move as Sinovel did, working instead to make more subtle use of the stolen information. That kind of careful control, too, would clearly indicate advanced intelligence tradecraft in action.
To help protect their intellectual property, many companies have implemented security programs to help identify insider threats and mitigate their effects. Many are using cyber tools as well. But unless companies have designed the tools to help them spot the more surreptitious behavior of advanced persistent insiders, in addition to one-hit wonders, the cyber programs could leave them vulnerable.