Get local news delivered straight to your phone
In a dimly lit corporate war room about a year and a half ago, a clutch of top executives at a company we’ll call “Empire Inc.” huddled around a conference table and contemplated a massive joint venture with a foreign industrial conglomerate. The contract would span construction, manufacturing, and sales projects, one of Empire’s largest undertakings yet. But volatile politics between the locales involved, London and the Middle East, complicated the plan. More than in the U.S., companies in other parts of the world need government approval of their international business deals. Without it, they’re paralyzed. And in this delicate situation, government opposition was a distinct possibility.
Empire executives desperately needed more information to gauge the feasibility of their undertaking. To be specific, they needed asset-tracing intelligence, who owned what and where in the company they were eying. What they needed, really, was a spy. So they called Gene Smith in D.C.
Gene Smith: an eminently forgettable name. A woman of middling age and graying hair wearing a striped bouse and pearl earrings. The straight-on gaze and perfect posture of someone who grew up with nine siblings on a farm in Kentucky. The stuff spies are made of.
Not your tired old-boy-who-came-in-from-the-Cold-War kinda spy, but a postmodern spy. A spy who has willfully surrendered her clearance badge. The kind of spy whom companies pay large sums of money to get the lowdown on their enemies.
Two years ago, Smith and her two partners left the world of old-school government intelligence to open Smith Brandon International, a D.C.-based “competitive-intelligence” firm. Private companies hire Smith to gather all sorts of information: about specific individuals, about the competition, about the political stability of countries where they’d like to open factories, about anything they don’t already know.
D.C. has long been the spy capital of the world, but until recently all spies wore gray. They worked, allegedly, on behalf of the national interest. But with the end of the Cold War and downsizing in their ranks, spooks are working for whoever can afford them, without the messy middleman of the federal bureaucracy. And they’re all around you.
Before they went private, Smith’s partners had spent 23 years apiece with the FBI. Smith herself had worked all over the world gathering information for the State Department. Now she and her colleagues operate out of a nondescript office suite on 15th Street NW, conducting “investigations and risk avoidance” for private companies.
What the hell does that mean? Smith leans into her high-backed swivel chair and nurses a tonic water while she considers the query. Like any intelligence operative, she gets dodgy about specifics. No naming of names, methods, or client companies. But basically it means that when the frantic Empire executives called her for help, she started calling her friends.
Smith called up dozens of “in-country” sources from her government days to learn about the target countries and industries involved before she parachuted in. In the next office, Smith’s partner, Harry “Skip” Brandon, was raiding his Rolodex, built up over years of investigating on behalf of Uncle Sam. “It’s very important that sources are known and trusted,” Brandon says.
Because this was by far the largest project they had ever done for Empire, Smith and Brandon decided it merited their combined attention. “Skip is probably the hands-on investigator par excellence,” Smith brags. “Ranging from negotiating with guerrillas to going undercover, walking into a factory and using whatever pretext is required at the moment.”
Brandon interrupts her with a nervous laugh. “It’s been quite interesting,” he says, ramping down any hint of spookiness. Part of Brandon’s schtick is to play good cop to Smith’s bluster. Even though he was a Navy lieutenant in Vietnam and spent 23 years doing FBI work in Poland, Russia, and the Caribbean, Brandon talks about his career with a gee-whiz, how-did-I-get-here kind of humility. When he left the FBI, he was deputy assistant director of counterintelligence and counterterrorism. His Spanish is excellent. But standing before you, Brandon’s a round man with an easy smile and Midwestern modesty. It’s a disarming cover that serves him well in the field, where he sometimes absorbs priceless information while posing as a clueless gringo.
For two months, Smith and Brandon made calls and dug up stacks of literature on the companies involved. An irony of intelligence work is that most of it is done in plain sight. It’s a boring truth of the spy business that meticulous research invariably outperforms the best pen-camera money can buy.
The prep work included multiple meetings with some European contacts whom Smith believed to be reliable and friendly. She began to ask probing questions about the Empire project. To her surprise, the sources, usually a fountain of information, reacted with shrugs and stares. “It was, ‘Hey, look at that painting over there.’ That level of distractedness,” Smith remembers. She left the meeting with that to-be-continued feeling. Years in the diplomacy and intelligence business had taught her to listen to her queasiness. “Most things have an explanation,” she says. “You may not know what it is. But it’s out there.”
Smith and Brandon left for Europe. Once there (Smith refuses to disclose the country), she couldn’t shrug off the feeling that all her careful homework had missed something. She walked to a bookstore and bought a few more tomes on the industry they were studying. In the middle of the night, she woke up and started reading. As Brandon slept in a nearby room, Smith skimmed through the index. Her eye stuck on a familiar name. It was one of her contacts who had claimed total ignorance. Turns out all the sources’ names were woven into the text of the book. “The people who were playing dumb were obviously right in the middle of it,” Smith says. She called Brandon and woke him up. The sources’ involvement in the industry, and their claims to the contrary, suggested the enterprise was riskier than Empire had hoped.
Shortly afterward, Smith left Europe for American soil with a suitcase full of documents: massive binders filled with court records, research reports, and bundles of notes. While she was flying home, Brandon got a call at the hotel from a man who did not identify himself. As Brandon rapidly translated the man’s words in his mind, he thought he recognized the voice. But the man refused to answer any questions.
“Where is your friend in black?” the caller asked, referring to Smith. (“That’s my signature color,” Smith says.) “It might be a very good idea if you were not here soon,” the man continued, before hanging up dramatically.
Brandon left the next day. The information they’d gathered, coupled with the cryptic threat, suggested the business venture would run up against significant protests from the government. After a thorough debriefing, the client backed away from the deal and sent a handsome check to Smith Brandon.
Spies don’t tend to call themselves spies. That’s blowing your cover. Besides, scouting out the competition’s tricks is intro MBA material these days. It’s dog eat dog, baby. So most private-sector intelligence workers get visibly disgusted if you so much as mention the word “spy.” They much prefer to call it business intelligence, information brokerage, or knowledge management. Choose your euphemism.
But unlike the rest of her colleagues, Smith readily concedes that some of what she does could more accurately and enticingly be called corporate espionage. “Corporate espionage is information acquired through overt and covert means about corporate goals and personnel,” Smith explains diplomatically. “We do it. It’s not necessarily nasty.”
Spying probably ranks second only to speechmaking in terms of D.C.’s important industries. The District and its environs are home to the CIA, the FBI, the National Security Agency, the National Reconnaissance Office, the Defense Intelligence Agency, and the intelligence divisions of the Departments of Energy, Treasury, and State, and of the Army, Navy, Air Force, and Marines. Former CIA counterintelligence chief James Jesus Angleton once called D.C. “a wilderness of mirrors,” as Pamela Kessler notes in her book Undercover Washington.
But government data, trapped behind a veil of government secrecy, are not much good to American companies. U.S. law prevents the government from sharing stolen intelligence with private entities. That’s not to say it never happens, but logistical and legal obstacles prevent U.S. business executives from getting the kind of clandestine dope that other countries routinely share with their plutocrats. Whereas the French government has shared VIP chitchat gleaned from bugging Air France’s first-class cabins, the CIA mostly keeps its secrets out of the market, leaving that much more space for private spooks. “Our government does not offer that service,” says Brandon. “So [businesses] turn to a private company to do that. We hope they turn to a company that’s reputable.”
At the same time, the fall of the Berlin Wall and the downsizing of the federal bureaucracy have led hundreds of government intelligence workers to look elsewhere for work. More and more, spooks and quasi-spooks are leaving their government-issue cubes for downtown office suites. They’re doing the same things they did for the CIA or the FBI. Only this time, they’re doing it in the name of profit, for a cause that never goes out of style, making the globe safe and profitable for American business. And because they no longer work for the government, oversight is, well, a nonissue.
We can't make City Paper without you
The privatization of intelligence is in the midst of an almost geometric progression. There are 6,000 corporate spies registered with the Society of Competitive Intelligence Professionals (SCIP), based in Alexandria. “We’ve been growing at 40 percent a year,” reports SCIP spokesperson Stephen H. Miller. Meanwhile, the average salary for competitive-intelligence professionals has increased 20 percent since 1994. In-depth projects can run companies six figures. And a company that is willing to pay the price can buy almost any service, some not so savory, from the growing network of spies-for-hire.
“There’s a huge underground economy in personal information. It’s become a commodity,” says a resigned David Sobel, general counsel at the Electronic Privacy Information Center in D.C. “Anybody who deals with sensitive or proprietary information ought to be aware that these kinds of practices are becoming increasingly common.”
With a demand driven by unquenchable paranoia, more than 80 percent of companies with revenues over $10 billion now have organized competitive-intelligence systems, according to a survey by the Futures Group consulting firm. Espionage tends to create its own market. As soon as one CEO hears about a rival company mining intelligence, he chastises his own people for not having done it first. “Corporate espionage is everywhere,” says Smith. “Anybody that doesn’t recognize it is likely to be affected by it.”
No company wants to be ambushed, especially not Northern Virginia high-tech startups that make a profit out of knowing more sooner. Of all its chapters around the world, SCIP’s largest and most active chapter is here in D.C., comprising about 450 members.
SCIP started in D.C. in the mid-’80s at about one-eighth its current size. The local chapter has always been different from all the rest, its meetings drawing more former government spooks than any other SCIP chapter worldwide.
After all, who better than ex-feds to do the work the government could do but won’t? “The basic training [at the CIA] is ideal,” says Jan P. Herring, a godfather of the competitive-intelligence industry, who spent 20 years as a CIA agent before defecting to Motorola. Since then, he’s worked for AT&T, Coors, and Kodak. If anything, Herring is surprised it has taken this long for the private sector to start recruiting intelligence agents.
“Our people have cut their teeth negotiating with foreign governments on behalf of American interests,” boasts Charles A. Schmitz, chairman of Global Business Access Ltd., a D.C.-based business-intelligence firm. Of his pool of 140 consultants, about half come from the State Department, 25 percent from the CIA, and 25 percent from other agencies. Schmitz himself spent 26 years at State before he went private.
The mental shift from defending national to corporate security is not a huge stretch. Yes, former feds have to learn how to operate bureaucracy-free and how to sell themselves to clients. But bureaucratic backgrounds help them navigate other countries’ governments. And although risking your life for IBM doesn’t have the same ring as dying for God and country, they aren’t mutually exclusive, either. After all those years warring against the Red peril, government intelligence officers well know that the opposite of communism is capitalism.
“American genius is very useful to the world right now,” Schmitz says, launching into a nonsensical anecdote about how pastoral grazers in Botswana have experienced better quality of life since they got satellite access. According to him, there’s no downside, even if helping a company be more competitive means helping it employ people at minuscule wages in countries far away. “When we lose jobs, we lose jobs in areas where we are not competitive, thereby freeing up people to do things we are more competitive at,” Schmitz says. Ah, yes, just squint your eyes a bit, and business and national interests become one and the same.
Normally a sharp-elbowed realist, Smith gets similarly misty-eyed when she talks about her private-sector mission. “We can support American values and American standards, and everyone wins,” she says. A former prosecutor, Smith considers herself an icon of law-abiding civility. Her father was a Marine, and her brother is a Vietnam vet. She met her husband when he was working as a Marine security guard at the U.S. Embassy in Brazil. Now he’s a D.C. cop.
She manages to coat her profession in gooey rhetoric with a steady gaze and not a trace of irony. “It’s hokey, hokey, hokey, but it’s still truth, justice, and the American way,” she says.
On an average Friday in July, Smith worked on projects located in Chile, the Philippines, China, the Caribbean, Korea, Peru, India, Tanzania, and Brazil. It’s hard to believe that all those companies in all those nations exalt “American values” (although corporations have always found a way to stretch nomenclature to fit objectives). Smith says it’s not as silly or complicated as it sounds. Her guiding principle in all of her endeavors is that she is an American first and a spy second. That means she’ll have nothing to do with projects that blatantly target innocent Americans. For example, a foreign company once asked her to do background research on American journalists who were investigating the corporation’s behavior. The idea was to make the reporters go away. Smith and Brandon say they refused.
Smith’s firm practices a brand of intelligence-gathering that occupies the upper rungs of the competitive-intelligence industry. The kind of international investigations they do, which demand language skills, contacts, and some degree of native knowledge, can usually provide quality information with a minimum of deception.
Smith doesn’t consider her job slimy, even though her less upstanding colleagues have been caught diving into dumpsters, exploiting clueless employees, and tapping phones in the dark of the night. She says she doesn’t get on her hands and knees because she doesn’t think she has to.
“Frankly, you don’t need to steal competitive intelligence,” Smith says. “People are giving it away, they’re giving it away on their Web sites; they’re giving it away in their PR offices; they’re giving it away on their press releases. You can find out a lot of what you need by simply being slow and deliberate and calculating.”
Recently, a South American company noticed a massive disappearance of funds and recruited Smith and Brandon to find out where the money had gone. The client gave them three weeks to figure it out.
They spent the first week and a half researching the situation from D.C., learning about the country’s economy, its banks, its cultural and political sensitivities, and the trustworthiness of its cops. D.C. is a perfect city for tracking global information, Smith says: “This is a collection point, period.”
Armed with statistics and trends, Brandon boarded a plane. “We knew exactly what we were expecting,” he says. And though he had to make at least one quick exit (“We did hit some nerves while we were down there”), they solved the mystery in very short order with information that was in plain view, as long as someone knew where to look. This time they had no cause to venture into the dark side at all. That’s the tidiest way.
It can and does get more hairy. Smith and Brandon do a lot of work in countries where kidnapping and terrorism are constant threats. They recently pulled out of one Latin American country after sources warned them that their target people were considering “taking action” against them. “They were very, very capable of violent action,” Brandon says. He won’t name names. “It’s a country where people disappear,” he says. “Let’s put it that way. I’m not trying to be cute. But…I’m going back to that country shortly.”
Both Brandon and Smith say they go undercover only when absolutely necessary. They insist that they never bribe officials. They may help sources with fund raising for schools or hospitals. But that’s soft money. Cash transactions, they insist, are vulgar and often create more problems than they solve.
U.S. companies lose about $250 billion a year in stolen intellectual property to economic espionage, according to a recent estimate by the American Society for Industrial Security. “It’s enough of a concern that we’ve created a whole new section in the criminal division,” says Justice Department spokesperson John Russell, referring to the computer crime and intellectual property section the agency opened in 1996. “It’s a rapidly growing cottage industry.”
Two years ago, Congress passed the Economic Espionage Act to make it easier for the Justice Department to prosecute foreign computer criminals. The law grew out of a creeping panic that an economy built on computers could also be undone by computers.
The act may be used to prosecute a Reuters subsidiary for allegedly stealing trade secrets from Bloomberg, a rival subscription news firm. Federal investigators are looking into charges that Reuters hired a third party to steal proprietary data from a Bloomberg database. If the allegations are true, the Reuters case represents a classic example of a company using a competitive-intelligence consultant to do its dirty work. By contracting out its “research” requests, a company can essentially get the messiness out of its shop.
Leila Kight founded one of the very first competitive-intelligence firms in the D.C. area, way back in 1974. When Washington Researchers Ltd. started, it did research of all kinds. But it soon became clear that information on competitors was the firm’s most valuable product. “Within three to four years, we understood that our clients were predominately interested in information about other companies,” Kight recalls. “And largely about their competition, because that research was the most difficult for them to do.”
Back then, there was a stigma attached to competitive intelligence. “People felt that it was, well, illegitimate…that it was somehow a less-than-honorable profession,” Kight says. “It seemed unreasonable that you would ask things that your competitors did not want you to know….On some level, you are manipulating them,” she admits.
The field has since become cluttered with firms like Kight’s. And while the stigma has started to lift, the ethical fog around their techniques has only grown more dense. Kight says the quality and ethics of some competitive-intelligence work have slipped as the profession’s popularity has spiked. That’s because it’s so easy to do, she says. “It’s a business that has very low barriers to entry….As government intelligence professionals have retired and as government intelligence agencies have turned their attention toward business interests, it has created a tremendous pool of people for whom this seems a natural field,” she says. “It’s just very easy to hang up a shingle….You need a computer, some business cards, some stationery, and some gumption.”
There’s no one really watching over these firms, either. Sure, there’s the occasional lawsuit, but most times companies don’t know whether any secrets have been stolen. And if they do, they hardly ever know where to find the leak.
Companies seldom intend to sponsor sleazy investigations, Kight says. But the incentives are strong and the oversight is nil. “Once it becomes everyone’s business, you get people who become overly enthusiastic,” Kight says. Her Rockville-based firm trains employees of other companies to conduct competitive intelligence aboveboard. But, she says, “It’s very difficult to train people to do this ethically. And most companies don’t even try.” (That doesn’t mean her life or her business is public record. Kight refuses to release details about her company’s structure and staffing levels. “I maintain a very private profile,” she says. She should know the value of privacy.)
Many times, data are gathered through intelligence “boiler rooms.” Banks of intelligence workers, many of them recent college graduates, call up the client’s competitors and work to manipulate the conversation. Employing basic psychology, they try to get unsuspecting employees to talk about the business’ structure and goals. How many people work there? How big is that new factory going to be? They ask easy questions first, then gradually lead up to the meaty stuff. The technique relies on people’s naive willingness to help and to talk about their work.
The intelligence workers usually say who they are and the name of their firm. But not the name of their client, the one name the employee would recognize and resist. Firms call such selective disclosure “strategic misrepresentation”, a term taken from the CIA. “It’s a great euphemism for lying,” says one man who spent more than five years working for a local competitive-intelligence firm. He remembers spending days going down a company’s directory, calling each employee until he got to one who would talk. He would say he was doing research and needed expert advice. Flattery opens every door. “People like to talk about what they know about,” he says. “These guys have been here for 15 years; their wives don’t want to hear about their jobs anymore.” But he would never reveal that the competitor had sicced him on the employee. “You just say, ‘Well, I’m doing a big study in this area,’” he explains. “They say we don’t lie, but that’s a subjective thing.”
Large companies are starting to catch on to this backdoor snooping. MCI’s local office gets more than 20 intelligence calls a week, says an MCI public relations executive. And those are only the calls that get routed to PR, following company protocol. The number of those calls has increased tenfold in the last few years, the executive says, and it’s impossible to know which callers are doing competitive intelligence. “A lot say they’re students working on a paper. I say, ‘Well, I’ve heard that one before.’… If we haven’t heard of them, we don’t talk to them.” Some days, the MCI employee hears from the same snoop again and again. “There are some consultants that will call 15 people within the same company, and it will keep coming back to me.”
That scenario makes sense to the former snoop, repeated sorties are standard procedure. “You gotta talk to a lot of people.” Whenever he did stumble upon a leak, he says, he worked quickly because he knew the window of opportunity would not stay open for long.
“All of a sudden they’ll get nervous,” he says. His target would typically ask him to put the request in writing or share his report when he was done. He would always agree, even though he never intended to follow through. A couple of times, the people he had tried to interview even stopped by his office unexpectedly, thinking maybe they’d stumbled upon a new customer. “That was scramble city. You would just stroke them, meet them in the lobby. They’d give you a pile of literature, and you’d never call them back.” It can get very uncomfortable, but bullshitting on behalf of your client is part of the job. “‘If you’re not lying, you’re not trying hard enough,’” he remembers his boss telling him.
SCIP’s literature is littered with the words “legal” and “ethical.” Members are frequently reminded of SCIP’s code of ethics, a hazy document offering few practical boundaries. It directs members to “comply with all applicable laws” and avoid “all unethical practices.”
More specifically, SCIP’s ethical code requires that members represent themselves “truthfully.” The organization sternly advises its members to “disclose all relevant information, including one’s identity and organization, prior to all interviews.” Sounds honest enough. But disclosing your organization does not include revealing the client you are working for, the most relevant information of all. It is standard operating procedure for competitive-intelligence firms never, ever to tell a “target” just who is paying their fee.
Nothing about an intelligence firm’s name suggests that a competitor is behind it. And that’s just how firms like it. The former competitive-intelligence employee says his firm was always wary of publicity. “They don’t advertise,” he says. Name recognition could shut them down. In more than five years of calling companies, he says, “I could probably count on my hand the number of guys who knew the firm and knew what we did.”
“This isn’t about me, is it?” Steven McNaughton asks three times in one 10-minute interview. McNaughton is executive vice president of Markowitz & McNaughton Inc., a firm of about 90 people in Reston. His company’s brochure promises to “answer impossible questions” and “help predict the future.”
“You need more than the published research available to every business these days,” the brochure reads. “You need…in-depth knowledge of your competitors and customers…direct access to the minds behind the trends.”
Sounds hauntingly like competitive intelligence. But McNaughton is jumpy.
“We really don’t view ourselves as a competitive-intelligence business as such,” McNaughton says. “We, in effect, write a story about the market,” he says, explaining that his firm offers a wide variety of services. “We’ve found out that by talking to people and putting them on pedestals as experts, they tend to pontificate.” But if you reverse the roles on him, McNaughton is considerably less gregarious than the “experts” his employees search out.
McNaughton doesn’t want to be associated with what he calls “unsavory activities” practiced by other so-called competitive-intelligence types, flying over parking lots of competitors and counting spaces, or chatting up factory workers at the 7-Eleven across from the plant. He does acknowledge, however, that one of his employees is an active member of SCIP.
After much haggling, McNaughton finally agrees to call his company a “decision-support consulting firm.”
SCIP takes credit for legitimizing competitive intelligence by “professionalizing” its methods. “From out of the shadows of corporate ‘spy vs. spy’ stereotypes,” writes SCIP spokesperson Stephen H. Miller, “today’s [competitive-intelligence] professionals are legally and ethically collecting, analyzing, and applying information.” Over time, they’ve managed to buff up their image to the point where even practices that would sound shady to the layman are roundly assumed to be fair play in the competitive-intelligence world. More than ever before, capitalism kneels before a very forgiving god.
Recently, SCIP has seized upon a mantra so benign that it apparently cannot be repeated too often: “Economic espionage represents a failure of competitive intelligence,” SCIP leaders say again and again. It’s a blanket denial that unseemly behavior holds any value at all. “As any [competitive-intelligence] professional knows,” says Guy Kolb, executive director of SCIP, “breaking into hotel rooms, hacking into computer networks, and stealing information are not techniques that work well.” Kolb speaks to his soldiers in the language of self-interest: Avoid seedy activities not because they are wrong or unfair, but because they are simply not effective.
Despite its enlightened rhetoric, don’t count on SCIP to regulate the behavior of its members. There are an ethics committee and an ethics code at SCIP, but no consequences for unethical behavior. “There is no enforcement policy,” admits SCIP president Ava Youngblood. “It’s a voluntary organization. You pay your dues to belong. What we do is we encourage [members] to follow the code of ethics.” So as long as members can manage the $155-per-person annual fee, they can remain in the club.
In a survey taken at the annual SCIP conference last year, 778 participants answered questions about hypothetical scenarios. One question asked what they would do if the guy sitting next to them on a plane left a marketing report for a competitor’s product open on his seat when he went to the bathroom. More than 30 percent said they would take notes on the report’s key elements and then return it before their seatmate came back. In its April issue of Competitive Intelligence magazine, SCIP reported the results and termed the note-taking behavior “inappropriate professional conduct” and potential trespassing. But it added that “it would be difficult to legally prove how the information was obtained.”
The entrance of government intelligence types into the private world does not bode well for competitive-intelligence ethics, says Larry Kahaner, local PI and author of the best-selling book Competitive Intelligence. “They don’t have the same ethical training and understanding of the private sector that people in companies do,” Kahaner says. Last December, he gave a talk on competitive intelligence at the National Military Intelligence Association, explaining the importance of legal and ethical behavior in the private sector. Afterward, Kahaner remembers, many of the military intelligence guys seemed baffled. “They came up to me and said things like, ‘Well, can’t I just wiretap people to get the info? Can’t I just show a badge and intimidate somebody to get information?’” Kahaner was dismayed. “They think that the ethical constraints on all of us in the private sector are sissy, sort of namby-pamby,” he says.
The good news, sort of, is that intelligence workers will resist questionable behavior if it’s just as easy to get the information somewhere else. In today’s orgy of information access, competitive-intelligence workers can search one-stop databases to find out your address; height and weight; phone number; number of gun permits; mortgage info; type and color of car; marriage and divorce records; criminal history; neighbors’ names, numbers, and heights; and citizenship and overseas travel records. It takes 10 minutes. Washington City Paper does it all the time.
Competitive-intelligence workers are quick to liken themselves to investigative journalists. They much prefer that term to the dreaded “spy.” It’s an apt comparison, until you consider the motivations. Journalists are ostensibly working to inform the public. Private intelligence types are working to increase their clients’ profits. Their results and strategies never meet public scrutiny.
The boom in business intelligence has led to an inevitable echo-boom, in the counterintelligence business. Companies hire data cops to protect their secrets from the same kind of snooping they themselves perform. And just like the intelligence business, the counterintelligence business attracts ex-bureaucrats.
Jim Settle, a former FBI employee, now runs a network-security firm in Springfield. The demand for his services has never been greater. “The intelligence side of the world has gotten much more aware of what they can get off the network,” Settle says. “Three years ago, they were not very bright. Today they are getting much more sophisticated.”
In order to shelter their online data from hackers, companies pay Settle upward of $50,000 a year to make their networks secure, or rather, pretty secure. Nothing is 100 percent. Especially when human error can undermine the most stalwart technical defenses.
To test their clients’ vulnerability, some data cops will conduct “penetration exercises”, determining how difficult it is to break into a company and find out everything they want to know. Often, it’s breathtakingly easy. Some guys just walk right by the guards, “Forgot my badge. Sorry”, sit down at a computer, and make themselves comfortable.
But Settle says that if he wanted to hack into your server, he wouldn’t even bother leaving his desk. “Why would we need to go there? We can break in and control most networks in four hours. That’s the average. Others take as little as five minutes.”
Even if companies lock up their computers and go back to typewriters, they’ve still got problems. Jim Ross, president of the Ross Group in Manassas, provides countersurveillance services to companies worldwide. Paranoid execs call him up to come sweep their offices for bugs. You’d think he’d go bankrupt for lack of business, but he says he finds “something that happened that should not have happened” in about 5 percent to 10 percent of his calls. Like the time he found a wiretap on the home phone of a Christian Science Monitor reporter in Bethesda. (The reporter had heard some noise on the line and, sure enough, Ross found puncture marks and tape on the cable going into his house.) Or the time he found out a company had lost about $200 million worth of contracts because its executives’ offices were bugged. Listening to him talk, you start wondering if you could get him to come sweep your house. And your office. And your car.
“Loudspeakers,” he says. Get rid of ’em. “A loudspeaker is a microphone. Somebody can put a pair of wires on that and hear everything you’re saying.”
“Trash.” Very risky. You need a shredder, of course, and not just any shredder will do. “We recommend…cross-cut shredders at each individual desk,” he says. “The one that we use here in our office cuts down to…less than a sixteenth an inch on each side. You can barely see the doggone pieces. Our daughter used to carry the stuff home for her garden.”
Don’t even think about getting one common shredder. That makes Ross laugh. “You’re just putting everything good in one place for the cleaning crew,” he says. Never trust the cleaning crew. And, of course, be very careful what you say when you’re out on the streets.
It follows that a truly conscientious business would not allow its employees to answer the phone, log on to their computers, or talk out loud, in the office or out. In fact, the safest thing would be to shut down altogether.
Says Ross: “A certain level of paranoia is healthy. Real healthy.” CP
Art accompanying story in the printed newspaper is not available in this archive: Darrow Montgomery.