1 Executive Summary
Industrial espionage is the practice of spying or using covert operations to obtain information on competitors. Industrial espionage is perpetrated either by competitor companies in the marketplace or in some cases, state intelligence agencies. Disgruntled employees, contractors, partners (“insiders”) may also be involved or may initiate information theft themselves and then look for potential buyers. Theft of information may also be accompanied by intentional or unintentional acts of sabotage. Hacktivists and terror organizations are also possible threat actors.
The motivation behind industrial espionage is straightforward. Research and developments costs can be quite high. Those who steal information from competitors can more cost effectively catch up to leaders in the market and short cut development time considerably. Cybercriminals target financial institutions, retailers, insurance, and other industries for the purpose of stealing money. Hacktivists aim at disrupting business and causing brand damage to their victims.
The main targets of espionage are intellectual property; financial information; and sales/marketing plans and strategies. Intellectual property is described below. Getting non-public financial information or sensitive sales and marketing strategies allows a malicious competitor to adjust their own plans accordingly.
Intellectual property consists of copyrights, trademarks, patents, and trade secrets. Copyrights can include works of art, documentation, and software source code. Trademarks are generally logos and may be captured by malicious actors to pose as representatives of other organizations. Patents are limited term monopoly rights assigned by governments which require the disclosure of designs and process details; thus, much information about patents is available online without having to resort to espionage. Trade secrets are the primary form of intellectual property that corporate spies attempt to acquire, as they are often the most valuable, the theft of which can save competitors potentially large amounts of time and money. However, the loss of trade secrets can be extremely costly for the victims, sometimes posing an existential threat to individual businesses.
Industrial spies use a variety of different methods to illegally acquire information. Broadly speaking, there are two major avenues for accomplishing industrial espionage: physical and cyber intrusions. Physical intrusions can rely on stealth, brute force, and/or social engineering to gain entry. Both real spies and red team agents can then use a mix of ordinary technical tools like malware-infected USB drives and specialized gear such as high-gain RF antennas to gain access information. Industrial espionage perpetrated by physical intrusion can only be countered by extensive physical security and security awareness training for all staff. Additional discussion of these types of attacks and countermeasures is beyond the scope of this paper.
Cyber-attacks in service of industrial espionage have similar methods but virtual entry points. Cyber industrial spies often use social engineering, especially spearphishing, to gain initial access to target workstations. They use stealthy malware to take over workstations, servers, and even cloud-hosted resources. Many times, bad actors attempt to distract IT security personnel with “physical” Distributed Denial of Service (DDoS) attacks while stealth-mode Advanced Persistent Threat (APT) operations are occurring, such as malware implantation, compromise, and data exfiltration.
In this paper, we will look at the architectural components that can help decrease (but not eliminate entirely) the risk of being a victim of industrial espionage.