Economic Espionage and Counterintelligence

Back to Home
Economic espionage is the targeting or acquisition of trade secrets to knowingly benefit any foreign government, competitor, or individual. Economic espionage is an illegal yet efficient mechanism for saving time and money to obtain a strategic advantage over counterparts and competitors alike. Government and business organizations conduct economic espionage by leveraging various collection methods as a means to gain knowledge without investing the resources often dedicated to research and development. Economic espionage techniques match those of traditional espionage, but the focus is more towards financial gain through stolen trade secrets as opposed to intelligence officers primarily targeting state secrets.
Common targets of economic espionage in the United States include academic institutions, telecommunicationsdefenseaerospace, and energy. Economic espionage is often tied to foreign governments, however, there are many incidents of economic espionage between private companies that are left unreported or litigated outside of a courtroom. Having an organizational plan that can be effectively implemented in the event of an incident of economic espionage is vital to the protection of an organization’s intellectual property (IP) and business continuity.
China is the most persistent perpetrator of economic espionage targeting private and public organizations throughout the United States. The Chinese government has recognized and defended its own involvement in economic espionage, citing its global status as a poor and developing country, and one that is owed for years of humiliation at the hands of Western imperialism.

"Be subtle! Be subtle! And use your spies for every kind of business.” –Sun Tzu; The Art of War

Competition breeds innovation and generally results in better products, services, improved efficiency, and optimum performance. A common misnomer is that competition itself leads to improprieties and abuse of international and domestic laws. However, unethical business practices included within elements of economic espionage are a direct result of a deprivation of standards in the community, industry, or lack of organizational control. China has built a business culture that prioritizes the theft of corporate secrets above research and development, which results in an enabled and persistent threat for organizations of all types to contend with. International laws have little to no effect on this persistent threat, which in turn offers little protection for U.S. businesses.
Organizational Culture – It effects your security posture!
Typically, an organization is focused outward on external threats that are attempting to circumvent security controls to obtain IP. Unfortunately, many times this outward focus leads to a lack of internal controls or consistent security awareness training to employees. A properly established set of controls and trained workforce should fall within every organization’s core values. Organizational control, whether real or perceived, is paramount to the success of any organization for it ensures stability and establishes trust between shareholders and organizational leadership. A simple failure by a single individual can instantly destroy an entire organization’s reputation and ultimately, its value. The impacts on morale can also have lasting effects. Understanding and establishing clear limitations will also have positive residual effects on an organization’s morale and overall efficiency. Additionally, displaying accountability is one step in the process of restoring faith, trust and morale in an organization. Employees should understand the risks posed by external threat actors that are looking for vulnerabilities to exploit in order to gain an edge on competition.
Methods of Attack
Spear phishing emails with malicious attachments or believable content enticing responses to solicitations. Malware-laden attachments can lead to the crippling of a system or an organizations’ network, and often results in further network exploitation and obtaining of IP. Convincing solicitations can lead to immediate loss of confidential data, profit loss, or enabling of network access to a malicious actor. An organization can never completely defend against human error, but regular awareness training is highly effective in decreasing spear phishing related issues. Additionally, keeping an updated Sender Policy Framework (SPF) and setting appropriate webmail restrictions can curtail many spear phishing attempts.
Network vulnerability exploitation – Privileged access is the ultimate goal of any attacker, and enables an attacker to access corporate secrets, facilitate persistent remote access to mail servers, domain controllers, and partner applications. Active network defense is key to early recognition of indicators of compromise (IOC), and a layered approach to network defense is optimal when defending from external digital threats.
Mobile device exploitation – A common and relatively simple method of obtaining IP information of an organization is to target employee mobile devices and lap tops. This exploitation vector is especially common in traditionally adversarial countries such as China and Russia, wherein Bluetooth and Wi-Fi enabled mobile devices or computer systems of unsuspecting restaurant or hotel patrons are targeted. Unsecured wireless networks offer an easy platform for malicious users to exploit systems that access the wireless network. Using password protected devices help ward off physical hacks, and turning off Bluetooth and Wi-Fi on devices not in use can protect against drive by hacks. Updated anti-virus software and anti-malware software can collectively be effective to defend against a lot of threats, albeit not all threats.
Mishandling of proprietary and confidential information – The single greatest liability to an organization is an uninformed or malicious employee. Many organizations have outstanding network and physical security, but just one naïve or angry employee can help a criminal or competitor bypass all of that by handing over key proprietary information. Awareness training and appropriate levels of internal monitoring can assist in identifying internal malicious intent, but cannot completely eliminate it. A well-tested business continuity plan is essential to develop to provide contingencies in the event of an insider threat.
Elicitation – Classic espionage techniques remain highly effective and remain in use today. Use of elicitation in professional engagements, honeypot (sexual attraction), and coercion occur in both the physical and digital realms. Elicitation with malicious intent targets vulnerabilities of a person or organization to exploit. Limiting the exposure of inexperienced employees to business travel and trade show environments can provide protection from elicitation. However, it is difficult to limit exposure to elicitation in the digital realm. Employee awareness training will not eliminate the threat, but helps employees recognize elicitation approaches as they occur.
Social networking – Irresponsible and overuse of social networking sites can reveal personal information and habits, and can also be used by malicious actors to elicit corporate secrets. Malicious actors use social engineering techniques on dating websites, employment websites and other social media pages, to collect information on organization structure and gather IP of target organizations. It is difficult for organizations to defend against threats in the social networking "wild,” but as with other attack vectors, persistent and effective awareness training can build a base of knowledge amongst employees.
Cyber Counterintelligence in Combatting Economic Espionage
Most private organizations lack the resources and training to fully combat economic espionage. Defending an organization’s IP from economic espionage requires uniquely experienced individuals trained in cyber counterintelligence and counterespionage techniques. Cyber counterintelligence is not a typical corporate function, and recognizing and countering economic espionage activities proves difficult for even well-trained and well–staffed security professionals experienced in economic espionage countermeasures.
Devoting resources to cyber counterintelligence is challenging to private organizations for a number of reasons. The costs associated in maintaining a full time staff dedicated to counterintelligence and countering economic espionage could substantially cut into profit and growth. Organizations are beholden to shareholder expectations and growth ambitions, and the investment in a full time cyber counterintelligence staff is not fiscally feasible to most. While this thought is completely logical, it is also a belief that organizational adversaries look to exploit. As organizations grow in revenue and size, for many, the natural move is to break outside of the U.S. borders and send business and manufacturing overseas. When this occurs, organizations are not afforded the same protections that are provided within the U.S., and organizations are frequently targeted. By moving portions of manufacturing and operations overseas, many U.S. organizations provide a target rich environment for adversaries like China and Russia, the most aggressive and capable adversaries using economic espionage.
Organizations unable to dedicate sufficient resources to counterintelligence are fighting economic espionage by outsourcing cyber counterintelligence professionals to provide proactive and responsive services. These services vary from establishing persistent proactive defensive measures to detect indicators of economic espionage, to post breach incident response services. The agility and expertise provided via outsourcing of cyber counterintelligence professionals allows an organization to focus on the "business of the business,” and allocate an organization’s most important resource, its employees, to focus on their particular roles.