This story is over 5 years old
Tech by VICE

Inside the Secret World of Corporate Espionage

The modern world has allowed us to become constantly transmitting information beacons. But not all of us use that power for good.

by Gavin Haynes
Oct 10 2014, 3:00pm

Collages by Marta Parszeniew

Numbers on corporate espionage are hard to come by. The Germans recently estimated that they lose around $69 billion to foreign business spies every year, but—at best—that’s basically just a piece of well-informed speculation.

The main problem with getting an exact fix on these figures is that they’re impossible to prove, because the nature of espionage generally relies on keeping stuff secret. It’s difficult to track the exchange of information, for instance, when it involves murmuring something at the sauna, or handing over a USB stick in a multi-level parking garage. And like a rigged sports game or steroid usage, it’s not something we’re in the mood to wake up to until it’s 100 percent, incontrovertibly there—an arsenal of smoking guns right under our noses.

“[Worrying about corporate espionage] very quickly becomes a matter of paranoia,” says Crispin Sturrock, who’s been running White Rock—a firm of anti-espionage specialists—for more than 20 years. “There’s a very British tendency to want to shake it off. To say, ‘Oh, I must be being paranoid.’ And, of course, just to be paranoid doesn’t necessarily make you wrong.”

Sturrock has seen plenty of apparent paranoia turn out to be simple fact. The cloaks might be pinstripe suits and the daggers letter openers, but the principle remains the same. “If I walk into your meeting room in dark glasses with a big long-lens camera, in a mac, and sit down… well, you’re going to want to investigate that, aren’t you? But if I sit down in your meeting room and put my iPhone on the table?”

The modern world has allowed us all to become constantly transmitting information beacons. However, not all of us use that power for good—for live-blogging activism demonstrations, say, or offering our 57 Instagram followers the lowdown on what small animal we're now keeping in a cage in the garden. Instead, some people decide to be legit, shady assholes. 

“The problem is that most companies have some kind of a ‘bring your own device’ policy nowadays,” Sturrock explains. “With a standard phone, you can transmit anything to anyone in an instant. If I get a cleaning job, keep my head down, work hard… well then, at night, I’m king of the castle, aren’t I?”

The same kind of revolution that’s taken place in consumer electronics—WiFi, the Nokia 3210, and cathode ray tube monitors morphing from some distant black magic into tangible reality—has also taken place in spy tech. Only, most of this stuff isn’t on display at your local RadioShack, so you probably haven’t noticed.

Jeremy Marks runs Spymaster, a shop that mostly caters to wealthy gadget heads who want to play 007 in their downtime. But outside of the hobbyist realm, most of his products also have real practical value to genuine bad guys, the website offering everything from bugging devices and high-definition recording glasses to a ruler-width portable document scanner and a mini-submarine.

However, considering the progress of all those off-the-shelf electronics, I ask Jeremy whether the bad guys even need all his pricey bugs and spy-cams any more—whether they could just download some basic software that allows them to record everything on their iPhone. “There is software out there to do that," he says. "But it’s not very good. Well, it is very good, but the problem is that Apple keeps updating their OS, so there’s a constantly evolving arms race.”

David Rubens runs global risk consultancy David Rubens Associates. “The game has moved on," he says. "If you look at something like Google Earth, they’re giving that away for free. So what you’ve got to ask yourself is, what’s the stuff they’re not giving away for free? I’m a great believer that you can just presume you’re being observed. That anything that transmits or connects to something else can be hacked and is not secure.”

Last year, the Mail on Sunday ran a series of investigations into spying at 102 major companies, including accounting firm Deloitte, insurance giant AON, and banks Credit Suisse and Chase Manhattan. One of the convicted culprits they named was "infamous blagger" Daniel Summers, who managed to obtain information about his targets—including their phone bills and bank statements—by simply sweet-talking employees over the phone. 

That investigation broke the seal on a world of small British “security” and “risk” firms operating covert businesses out of their garages. In a wide-ranging probe, the Mail uncovered a security company run by a former army airborne officer who’d commissioned corrupt detectives to do one-off “hush-hush” jobs for celebrities and wealthy clients; a big rail contractor who had gotten someone to go out and extract bank statements from a corporate rival; and a construction company that had professionals spy on three employees at the center of a kickbacks probe.

“If Corporation A wants to know something about Corporation B, it’s pretty simple,” Rubens says. “You’d ask for ‘market intelligence that may be of interest to me,' the implication being that there would be both legitimate, above-the-line capabilities—surveys, analysis—and the below-the-line stuff: the dirtier stuff. That would again be outsourced, of course; there would always have to be layers of plausible deniability.”

Some victims will go public if they feel they’ve been compromised. But according to Sturrock, for most corporate brass there’s little incentive to kick up a fuss. “The companies don’t like it, because, first, it reflects badly on management, and second, talking about it could cause shareholders to get nervous, triggering a sell-off and a slide.”

Staying on top of who’s up to what is a challenge for anti-espionage specialists like Sturrock, as those on the other side of the game can command—and work with—a much higher budget.

“Two million’s not a bad sum,” he says, talking me through the kind of fees corporate spies can receive. “Two million buys a lot of capacity. You could keep people under surveillance. You could buy a lot of computer software. Often it’s still the more old-fashioned ways. Ultimately, you’re back to the question 'Who is a spy?' Well, there are many reasons anyone might start informing. Often it’s pure ego, but equally, if you start giving someone manila envelopes of cash, you can change a lot of behavior. Or, on the flip-side, blackmail…"

“Back in the day, we used to having a saying: ‘Everyone has something they wouldn’t want to see published in the News of the World,’” agrees Rubens. “And eight out of ten of those people would pay you for it. The honey trap is as old as Samson and Delilah, and the online world makes that ever more plausible. There have been some terrible cases lately of kids being lured into sex acts online, then blackmailed with that.” 

When it comes to governments, industrial spying is an accepted norm. Every country, says Rubens, has a defined policy to gather the business secrets of the others. “How does China go from a Third World nation to an engineering leader within a generation? Not without a lot of inside help. In fact, they have an explicit, defined policy to steal Western business secrets.”

In 2011, a couple of engineers for the US wind farm company AMSC were out in China’s Gobi desert, repairing a controller for the Chinese turbine manufacturer Sinovel, when they realized it was running its own version of AMSC's software. Further tests showed they’d somehow ripped off all the source code. Bad news, as two thirds of AMSC’s entire business was dependent on fresh orders from Sinovel. Within weeks, the orders mysteriously dried up, Sinovel began making its own turbine controllers, and AMSC went to shit.

“The key, often, is not to know what’s happening now,” says Sturrock. “That’s just backwards engineering. People have been doing that forever. The key is to know what’s coming down the line. What the next thing is. There are many weak links in that chain."

Your paranoia is justified. That’s the sticky, awkward message these guys have for us. “If you look at it from a meta level, there’s no change in human behavior affecting these leaks,” Rubens suggests. “It’s purely that the methodologies are different; it’s just that stealing this stuff and distributing it has become that much easier.”

That noise in the distance? It's an unseen eye swiveling to look at you, to take what it wants, then move on. And why? Because not everyone is as nice as you, pal. Because a technological asymmetry has suddenly opened up between seeing and being seen. Because our obsession with making our world more omniscient has allowed the creeps and spies to take us back to some Hobbesian state of nature, where the strong and cruel can easily have their way with the weak and nice. And it’s going to take a while before we can close that gap again.

But for now, the key challenge isn’t even closing that gap. It’s simply acknowledging that it’s there.

Follow Gavin Haynes and Marta Parszeniew on Twitter.

gavin haynes
james bond
Vice Blog
creepy shit
black hat
corporate espionage
Crispin Sturrock
white hat
David Rubens
Global risk consulting
The Mail on Sunday
White Rock