Issue 20, 16 December 2014 WhiteNews Global corporate espionage news
Editorial: WhiteRock Updates: All About Privacy 2 Threat: Are LinkedIn Contacts Trade Secrets? 3 News: $400 Bn Military Espionage; Code Fishing 4 News: Falcani Black List; Football Whistleblower 5 Feature: Willy Wonka’s Lessons in Espionage 6-7 Technology: Hearing Aid for Corporate Spies 8-9 Extra: FBI’s Untold Story; Spy on Your Rival 10-11 Letter From America: Spying Breakfast Club 12 Exclusive Reporting for WhiteRock’s Clients Risk of Public Disclosure: Learning from Willy Wonka
Our feature story is seemingly seasonal and light-hearted, but the film ‘Charlie and the Chocolate Factory’ carries a very strong espionage message that is relevant even 50 years later. Willy Wonka was a brilliant CEO who knew that the only person who could protect his trade was himself. Wonka’s story translates superbly into today’s corporate world, and in this issue we are discussing how the contemporary big players are maintaining their edge and success over their competitors. This is equally relevant for small and medium-sized businesses, who really don’t prioritise their trade secrets, making their advantage extremely vulnerable. In the technology section we analyse the delicate matter of hearing aid systems. They’re everywhere, including in corporate meeting rooms, and nobody really considers these as a threat. We’re examining how to achieve a balance between protecting valuable corporate information without creating an embarrassing situation that in turn could lead to reputational damage! Our extra section may give you a wrong impression this time. No, we’re not teaching you how to spy, this is not our bag. The article is about knowing your competitors and getting as much authorised information about them as possible. In the eve of WhiteRock celebrating 20 years in the information security business, our focus is all about PRIVACY. This cements everything we do, ranging from consultancy and technical services to technology installations. Without revealing too much yet, we can already say that along with the awareness and policy work, mobile device security is going to be a big focus – so look out for WhiteRock’s brand new MobileWatch™! Finally, to thank you for believing in WhiteRock in 2014, we’re sending you our 20th cocktail, a sensational Christmas pudding vodka. PUDKA is complex and warming with notes of Rudolf on the nose and a long lingering glow of spiced tangerines and cinnamon humbugs!
Enjoy the season and see you in 2015!
Raili Maripuu, WhiteRock MD
“The Wonka Way is All About Privacy,” Crispin Sturrock, WhiteRock CEO
WhiteRock - A Bond of Trust
WhiteNews20-Final-Print.indd 1 12/11/14 8:33 AM Editorial Page 2 11 Manor Courtyard, Hughenden Avenue, High Wycombe, Buckinghamshire, HP13 5RE, UK +44 (0) 844 247 4538 [email protected] www.whiterockglobal.com
WhiteRock Updates: Contents:
All About Privacy Threat �� �������������������������������������������������� 3 Wow, what a year this Year of the Horse has been – literally crazy galloping all the way! As we are approaching the News end of the year, WhiteRock is reflecting the changes and �� ������������������������������������������������ achievements that 2014 brought to our business. �� ���������������������������������������������� �� ����������������������������������������� 4-5 We have now completed our major restructuring that we �� ���������������������������������������������� started earlier this year. I’m really proud to say that we have a fantastic and a strong team of people bringing you a better Feature and even more professional WhiteRock. �� �������������������������������������������������� 6-7
With the new team, WhiteRock has redefined our services Technology with the aim to bring more clarity to what we do. We outgrew the TSCM market long ago, as we strongly believe that ‘bug �� ����������������������������������������������� sweeps’ are not the sole answer to organisations’ information �� ������������������������������������������������ 8-9 security challenges. Extra We have played around with the ‘corporate information �� ��������������������������������������������������� protection’ and ‘audio-visual privacy’ terminology, and Spy on Your Rival: 10 Authorised Ways 10 along with our clients’ feedback concluded that both are too ambiguous and wide to define our role in the corporate Letter From America information security function. �� Kevin Murray: No Winners in Spying Breakfast Club 12 The above very naturally evolved into a ‘Privacy Cover’, which embodies everything that WhiteRock does and is a solid foundation for all our products. In a broad sense, ‘privacy’ Cartoon of the Month: is part of the overall ‘information security’, closing the gap between the IT and physical security, whilst working very Beware of These Jingle Bells! closely with these functions within organisations.
The gap we are talking about involves mostly human and vulnerable technology, the two biggest threats to high-value information! With nearly 20 years experience in protecting confidential corporate information, WhiteRock has developed nine different products that are designed to achieve the desired Privacy Cover for organisations. These can be grouped into three and range from the consultancy and technical services to technology installations.
In recognition of the fact that human behaviour creates 80% of information leaks, 2014 saw a surge of WhiteRock’s legal and consultancy services. We delivered corporate mobile device security policies and the same for managing the security at high-value corporate meetings. We also delivered around 20 awareness sessions, which is up nearly 10-fold in comparison to the previous year.
In the eve of WhiteRock celebrating 20 years in the information security business, we are very excited to Did You Know? welcome the new 2015. Without revealing too much yet, we can already say that along with the awareness and policy It’s not quite telepathy, but a group of scientists work, mobile device security is going to be a big focus – so have successfully eavesdropped on our inner thoughts ������������������ look out for WhiteRock’s brand new MobileWatch™! Using a newly designed algorithm, researchers at University of California in the US were able to work out ��������������������������������������������������������������� Raili Maripuu Managing Director Using a technique called electrocorticography, which measures neuronal activity via electrodes placed on the surface of the brain, the team took recordings while the patients read out ���������������������������������������� �������
WhiteRock - Editorial Page
WhiteNews20-Final-Print.indd 2 12/11/14 8:33 AM Threat 3 11 Manor Courtyard, Hughenden Avenue, High Wycombe, Buckinghamshire, HP13 5RE, UK +44 (0) 844 247 4538 [email protected] www.whiterockglobal.com
Spy Networking: Do LinkedIn Contacts Qualify as Trade Secrets?
At first glance, this seems like any other trade secret theft dispute between an employer and a former employee. However, when Cellular Accessories For Less Inc. that supplies large organisations with wireless phones and accessories in the US, sued its ex-manager David Oakes and a rival, Trinitas The defendant argued further that Oakes’ LLC, the case created a new legal puzzle in LinkedIn contacts could not possibly be corporate espionage legislation: do LinkedIn considered trade secrets as these would have 8 Point Action Plan: contacts qualify as trade secrets? In fact, been viewable to any of his other LinkedIn they may do. connections, which the plaintiff says is How to Guard Your not correct. Oakes also claims that Cellular Oakes, a sales account manager for Cellular, authorised salespeople to disclose the Contacts decided to strike out on his own after six identities of clients to potential customers as Regardless of the possible changes years with his employer. He had signed a way of attracting new business, and failed in legislation, businesses should an employment agreement requiring that to inform employees that LinkedIn contacts proprietary information did not leave the were proprietary or confidential. monitor their company’s and premises, and a statement of confidentiality employees’ presence in professional forbidding the knowing disclosure or use of networking sites, such as LinkedIn, this information. ���� ����� ����������� ������ ��� ������ their client lists, customer base, However, in 2010, when Cellular terminated and other information they want Oakes, he started his competing business, ��� ����� ������������� ����� ���� ���� Trinitas, and allegedly violated the previously mentioned terms of confidentiality, plus suggestions for how to guard your some more. According to the lawsuit filed in secrets better: the Central District Court of California, Oakes ����������������������������������� emailed himself a customer information file with 900+ personal and business contacts, ���� ������������ ���� ������������ detailed billing preferences, pricing and nature of customer information client strategy documents. Also, what looks The court declined to take judicial notice of ����������������������������������� like a violation of the same seriousness – the functions of LinkedIn and stated that he maintained his LinkedIn contacts after ���������������������������������������� the parties did not make sufficiently clear privacy settings and train employees termination. whether and to what degree Oakes’ contacts how to maintain barriers against were indeed made public. ����������� The judge found genuine issues of material �� �������� ����� ����������� ��������� fact as to trade secret misappropriation, but social media accounts remain he did not state that LinkedIn contacts are not trade secrets. completely separate from their business accounts, which should Although perhaps not such a good decision be linked only to a company email for Cellular in this case, this ruling has a �������� remarkable importance and may serve as a precedent or open the door for similar ��������������������������������������� lawsuits in the future. Even though millions to employees upon termination of of companies use social media to build their ����������������� businesses, professional networking sites �� ����������� ������� ����������� ����������������������������������� such as LinkedIn are still perceived more as to inform employees that LinkedIn professional environments than Facebook contracts, non-competition and contacts were proprietary or or Twitter. Therefore, it is widely assumed non-disclosure agreements, as well ������������ that the company has some control over its ��� ������� ������ ��������� ��� �������� employees’ contact base especially if the trade secrets in the context of online firm has encouraged such networking as part ������������ A federal judge denied the defendant’s of their work. motion for a summary judgement in October, �� ������ ���� ������������ ������ ���� finding there were issues of material fact Although the intricacies of social networking conditions regarding the use of surrounding the question whether LinkedIn and the availability of privacy settings seem ������������������������������� contacts were protectable trade secrets. The still to be new for judges, these kinds of defendants claimed that all information was disputes are likely to end up in court more �� ����� ������ ��� ���� ����� ���� ������ easily obtainable though public sources and often from now on. The mentioned lawsuit spent to compile customer contact Internet searches of Fortune 1000 companies. is still in court and we must wait and see ������ Cellular, on the other hand, said that building how the parties network their way through. its customer list had necessitated a significant Whatever the result is, it will probably �� ��������� ��������� ������������ expenditure of time and money because it inspire some required changes to US trade in a password-protected internal “hired and paid employees who were tasked secret protection and violation legislation. database, rather than rely on social with cold-calling companies and working ��������������� their way past the ‘gatekeepers’.” ������������������
WhiteWhiteRockRock -- ThreatNews
WhiteNews20-Final-Print.indd 3 12/11/14 8:33 AM News 4 11 Manor Courtyard, Hughenden Avenue, High Wycombe, Buckinghamshire, HP13 5RE, UK +44 (0) 844 247 4538 [email protected] www.whiterockglobal.com
News Bites: Combating Interception: Germany Seeks Foreign Foxconn Sued Ex-Employee for Trade Secret Theft Tech Firms’ Source Code
Taiwanese electronics manufacturer Technology firms that sell software to the Foxconn sued its former manager German government or companies critical Bao Qiao-Hong for disclosing to its security are likely to be forced to company trade secrets and violating reveal their top-secret source codes to the ���� ���������������� �������� ���� authorities. At least, that is the aim of the used the company email account country’s authorities seeking to guard it after quitting to send product margin China’s New Fighter Jet: against snooping after the NSA revelations. and cost information to his personal Result of US$400 Billion The German government has proposed a new email, before he started to work as bill, expected to become law, that excludes a general manager for a rival, also Industrial Espionage US technology companies from its digital �������������������������������� China launched its new Shenyang J-31 economy. stealth fighter at the Zhuhai international air ������� show last month. This provoked press reports Foreign firms would have to be forced out about cross-border industrial espionage. from bidding for contracts in Germany, as Reverse Engineering: New Industrial According to US military officials and pilots, they are unlikely to reveal the source code, Espionage Threat the capabilities of the Chinese aircraft are a which is the backbone of software. As a result, the companies could miss contracts The EU Trade Secrets Directive should match for Lockheed Martin’s F-22 Raptor or worth billions of euros from Germany, be amended to better protect product F-35 Lightning II Joint Strike Fighter. which is the largest market for information developers, said the prestigious Max In July, a Chinese entrepreneur was arrested technology in Europe. Planck Institute for Innovation and in Canada at the request of the FBI after he ������������������������������������� stole information for 32 military projects, to change a current situation where including the F-35. Allegedly, the J-31 is reverse engineering techniques designed using technology stolen from the ���� ��� ����� ��� ���� ���� ���� �������� Pentagon’s above-mentioned US$400 billion products are made in order to make Lockheed Martin F-35 Joint Strike Fighter ������������������� program. We reporter on the theft briefly in ������� WhiteNews, Issue 132. Also, Chinese hackers have been noted for their frequent success Japan Sets Tougher Penalties for at obtaining sensitive information relating to Trade Secret Theft US defence projects. New guidelines about how the The aim of China’s military establishment companies can protect themselves was to make the J-31 capable of landing against trade-secret theft will on aircraft carriers, giving them a role Meanwhile, technology giants such as Google ��� ��������� ��� ������� ������ ���� similar to the F-35C’s. The J-31 is about and Yahoo have taken significant steps to tougher penalties against corporate the same size as the F-35. But the Chinese encrypt their data, both when it is stored and espionage, and makes it easier to airframe has smaller engines and a flatter as it flows through their own data centres, classify documents, client lists and fuselage, implying a focus on air-to-air just to protect against governments’ spying. ��������������������������������� combat. The J-31’s design would increase the plane’s overall fuel efficiency and Also, Apple and Google have most recently ������� speed, as it would suffer from less drag. increased the encryption of mobile data, However, one former US military pilot said which means the codes Germans seek are Luxury Car Firm Accuses Former that the J-31 would likely out-perform a even less likely to be shared. Employee in Espionage handful of US fourth-generation fighters, After the leaked NSA documents revealed such as the F-15 and the F/A-18E/F Super ��� ����� ����� �������� ��� ���� ����� that the NSA had spied on the phone Hornet. end luxury vehicle industry are in conversations of Merkel, the country ended �� ������ ������� ������ �������� ������� Although jet engines remain a weak spot for a contract with US telecoms firm Verizon ��������������������������������������� China, the country has made much progress in because of the security concerns, and ������ ����� �������� ����� ���� ������� developing their aerospace industry, say the warned that search provider Google could be employee Jason Catlin downloaded US officials, as it has yet more stolen military broken up and regulated like a utility due to ������������ ��������� ������������ information acquired through espionage. its dominance. and lists before taking up a general manager position at rival, Travers ������������������ ����������������� ����������� ������� ����������� ������� also solicited other employees to ������ ������ �������� ����������� ���� �������� ���� ��������� ����� ��� ���� ��� Did You Know? ���������������������������� 17 US spy agencies spent nearly $68 billion in 2014, according to the director of ������� �������������������������������������������������������� �������
WhiteRock - News WhiteRock - News
WhiteNews20-Final-Print.indd 4 12/11/14 8:33 AM News
5 11 Manor Courtyard, Hughenden Avenue, High Wycombe, Buckinghamshire, HP13 5RE, UK +44 (0) 844 247 4538 [email protected] www.whiterockglobal.com
Soccer Whistleblower: News Bites: FBI Spied on FIFA ����������������������� $100 Million Worth of Gaming and US Military Secrets Stolen An American football official, Chuck Blazer, US authorities charged four men was revealed as the main informant in an with hacking and stealing secrets FBI investigation into money laundering and ������ ����� ����� ������� ��������� fraud in football. Blazer co-operated with the Microsoft, the US Army, and leading FBI to the degree that he secretly recorded game manufacturers had their meetings with football executives, including systems hacked by an international anyone who was a member of the FIFA Executive Committee that voted for Russia group of hackers who vacuumed 2018 and Qatar 2022, as well as individuals intellectual property from their close to the President of FIFA, Sepp Blatter. White-Collar Crime : ������������������������������ ������� Blazer (photo below), a former general Falciani Black Money List secretary of CONCACAF as well as a FIFA Emerges A Former Employee Fined US$1 Executive Committee member, had not been Million for Trade Secret Theft involved in football since May 2013 as it was The black money storm raging for over six known that the Blazer was corrupt and FIFA’s years, centred around a whistle-blower now A Kentucky-based manufacturing Ethics Committee had opened investigation known as the ‘Edward Snowden of Swiss ������������������������������������� proceedings against him. However the recent banking’ - Hervé Falciani (42), finally comes it ex-employee, Phillip Lee Groves, revelations claim that Blazer was then to an end now his exposure list of more than ���� ��������� ������ ��������� ���� ������� already working for the FBI. 130,000 potential fraudsters from around that took place in 2007-2008, the world has emerged. ��������� ������� ������������ ����� Blazer’s co-operation with the FBI began that were copied onto a USB portable three years ago. He allegedly cut a deal with As French authorities have shared the so- ����� ������� ������ ���� ���������� the American law and tax authorities, and called HSBC or ‘Falciani list’ with other in April this year, and faces now 40 agreed to co-operate with the FBI and the countries, it also sheds light on what was ������ ��� ������� ���� �� ���� ��� ����� IRS after being threatened with unpaid tax allegedly one of the biggest violations of �������� crimes on as much as $29 million of income. banking and commercial secrecy as well as ������� His work with the FBI brought down former commercial espionage scandals in recent CONCACAF president Jack Warner following decades. Canadian Couple Arrested in China the ‘cash for votes’ scandal in 2011. This investigation also ended Asian Football The story unravelled in December 2008, for Spying Confederation president Mohammed Bin when Falcani, a systems engineer who The Chinese authorities are Hamman’s bid for the FIFA presidency. worked at HSBC’s Geneva branch fled to investigating a Canadian couple, France with data on nearly 25,000 bank living close to the Chinese border with accounts. He had arguably realised that North Korea, for stealing military the way to manage data in the HSBC bank ������������������������������������ fostered tax evasion, and decided to reveal and Julie Garratt, who ran Peter’s the wrongdoing to the whole world. Over two Coffee House in Dandong and a years he had obtained data demonstrating weekly ‘English Corner’ where the tax fraud on some 130,000 of the world’s local Chinese practised English, have great fortunes. Swiss judicial authorities, accused Falciani of commercial espionage, ������������������������������������� and issued an international arrest warrant arrests occurred less than a week against him. Controversially, Falcani was now after the Canadian Prime Minister extradited, but the French authorities opened Stephen Harper publicly implicated their investigation instead against alleged China in alleged acts of cyber fraudsters he was whistle-blowing on. ���������� ������� Falciani has since been collaborating with numerous European nations by providing Tech Firms Don’t Resist Governments the information he gathered illegally about Interception suspected tax evaders with Swiss bank accounts - specifically those with accounts in Robert Hannigan, the new chief HSBC’s Swiss subsidiary HSBC Private Bank. of Britain’s intelligence agency, France claims it recovered €186 million GCHQ, criticised technology giants (3,000 names from the list), Spain €260 such as Apple, Google, Microsoft, million (700 names) and the UK £135 million Twitter and Facebook for permitting At London Olympics in 2012, Blazer (4,000 names). In Spain alone, more than 45 ����������� ��� ���� ������ ���������� ��� organised a series of meetings with FIFA criminal proceedings were launched, based wrote in his column at Financial colleagues and football leaders at the Mayfair on Falciani’s illegal information gathering. Times, that he denounces the efforts hotel in London’s West End. He was given a This is an interesting example of large scale of the technology companies to keychain with a tiny microphone embedded corporate espionage that governments see protect against spying without legal in its specially altered fob for these meetings. as acceptable. ���������������������������������������������� �������
������������������ ������������������
WhiteRock - News WhiteRock - News
WhiteNews20-Final-Print.indd 5 12/11/14 8:33 AM Feature
6 11 Manor Courtyard, Hughenden Avenue, High Wycombe, Buckinghamshire, HP13 5RE, UK +44 (0) 844 247 4538 [email protected] www.whiterockglobal.com
Risk of Public Disclosure: Willy Wonka’s Lessons in Espionage
The movie based on Roald Dahl’s ‘Charlie and the Chocolate Factory’, the popular children’s tale about a dream of life filled with sweets, may sound merely an all-family entertainment treat for the festive season. But whilst fun for the kids, it packs an unexpected educational punch for adults. Would you believe that Willy Wonka could teach you a thing or two about privacy against corporate espionage in today’s highly competitive world of business?
The story of Willy Wonka, an eccentric candy maker who offers five children the once-in- a-lifetime chance to visit his magical factory, was published in 1964. Its author, British novelist Roald Dahl did not draw it as an innocent fiction from thin air. He based this no-holds-barred parody on the ‘chocolate wars’ that took place in the real-world candy industry – take the American coconut bar ‘Mounds’ for example. Forrest Mars Senior, the patriarch of the Mars candy empire, stole the idea in the 1950s and took it to Britain, Chocolate Wars: Talking about Mars, one of the calling his version ‘Bounty’. Brits have never biggest chocolate wars started by heard of ‘Mounds’, but ‘Bounty’ remains a The Real Wonkas and the candy giant, took place in the bestseller even today. 1990s and even involved the US Spy Factories government. Lesson 1: Smoke and Mirrors of Patenting The author of ‘Charlie and the Mars was caught flat-footed when Chocolate Factory’, Roald Dahl its arch-rival Nestlé introduced Because many candy firms are privately (1916-1990), knew a lot about what ‘Magic’, a hollow-chocolate ball with held even today and their recipes are was going on behind the curtains a Disney toy inside. The innovative not patentable, the sweets industry is of the sweets industry, a world as sweet treat enjoyed short-lived extraordinarily secretive. Throughout history, strange as his fictional Mr Wonka. overwhelming commercial success they have been a prime example of how until Mars launched a massive PR difficult it is to stop competitors from stealing During Dahl’s childhood, the two and lobby campaign effort over hot products and selling them as their own. largest British candy firms, Cadbury safety concerns that children could and Rowntree, sent so many spies accidentally swallow a tiny toy. to work in competitors’ factories This resulted in the US government It is not surprising then that Dahl’s bestseller that it became common knowledge. forcing Nestlé to pull the product about chocolate towers and caramel Also, European candy makers started from store shelves in 1997. rivers provides valuable lessons on how routinely employing detectives to to effectively guard your trade secrets. In return, Nestlé’s executives went watch the workers. Confidential However, these ideas apply equally well to car ballistic, claiming it was a corporate manufacturing processes were off- manufacturing, pharmaceuticals, IT, banking, spying campaign and they could limits to all but the loyal inner perfumery, and to any other industry. prove it. Nestlé’s agents, a series circle, the other employees had of private investigation firms, law to sign strict, highly punitive, firms, and consultants, dived into confidentiality agreements. For Whilst doing your Christmas shopping, would rubbish bins outside Mars’ New example, when Nestlé first figured you ever guess which ingredients create the Jersey offices. complex smell in your favourite bath product out how to successfully blend milk or perfume? For years it has been impossible and chocolate, only a few of its The operation was so sophisticated to find an answer. Similarly to candy executives knew the process. Nestlé that the operatives replaced each producers, the industry of consumer products also conducted employee background bag they took with ‘fake’ trash, so has also always heavily relied on in-house checks and put suspected workers maintenance men would not notice trade secret protection to avoid leaks of their under surveillance. any bags were missing. Nestlé’s natural and synthetic fragrance ingredients. private eyes also gathered phone Over the last decades, chocolate records from Mars’ offices and
makers have continued to guard their placed agents, posing as diners on However, this year, several multinational secret-sauce recipes as zealously a corporate retreat to eavesdrop on giants, including the California-based Clorox as Coke, Pepsi and McDonald’s. For Mars executives. Co. as well as Wisconsin-based S.C. Johnson, example, at Hershey’s, only an elite disclosed the scent components in their few are privy to the mix of cocoa In the end, Nestlé’s spy network was products. What is the reason behind such an beans required to produce Hershey’s able to prove that Mars did, in fact, unreasonable step? A hope that increased distinct chocolate flavour. Records work tirelessly to sink its successful consumer trust will drive brand loyalty also show that Mars blindfolded ‘Magic’ egg, the loss of which cost and boost revenues. Although a seemingly outside contractors when escorting Nestlé millions of dollars and a positive answer to consumer safety concerns, them through its factories. remarkable amount of market share. from a counter espionage perspective it is a commercial suicide.
WhiteWhiteRockRock - -Feature News
WhiteNews20-Final-Print.indd 6 12/11/14 8:33 AM Feature
7 11 Manor Courtyard, Hughenden Avenue, High Wycombe, Buckinghamshire, HP13 5RE, UK +44 (0) 844 247 4538 [email protected] www.whiterockglobal.com
Whilst many companies see different Recently, the former top-executive of Los- Lesson 4: Success Has No Friends disclosures, be it due to laws or patenting Angeles-based Korn Ferry, the world’s as a potential protection against intellectual largest executive search firm, was convicted Apple recently obtained trademark protection property (IP) theft, the harsh reality of stealing trade secrets. David Nosal (55), a for the layout of its stores, meaning that it demonstrates that once the secret is managing director and head of the company’s can stop other retailers from setting up shop disclosed, it is no longer a secret. Having Redwood City branch, left in 2004, but in a similar way. Of course, Apple is an iconic handed your sensitive information over to continued to recruit his former co-workers to brand with a unique style. But this case a patent office or a court, this automatically download confidential customer information highlights that original creative output can becomes publicly accessible. that he used to start a competing firm, Nosal be claimed as unique and be protected. Partners. �������������������������������������������� The more successful the organisation, the Nosal’s lawyers challenged the verdict, ����������������� more attention it has to pay to guarding its arguing that the company’s ‘source lists’ trade secrets and intellectual property. Even of executives who might be candidates for if it comes down to seemingly small aspects The value of the global fragrances industry recruitment were not trade secrets. Although of branding. In these cases, successful is expected to exceed US$38 billion in 2017, unsuccessful in their attempt, the lawyers organisations have no friends among other and whilst large low-priced cleaning products’ did make an important point. It is often companies, authorities or government producers like Clorox and S.C. Johnson can quite difficult to argue in court what part agencies. Close ties could lead to sharing survive the disclosure, countless luxury of confidential information is, and is not, a more information than necessary. perfume and cosmetic companies would be trade secret, especially if employees have on the brink of bankruptcy if doing the same. not been made aware of their responsibility and signed the relevant non-disclosure It is also important for small business owners That is why the Swiss Givaudan Fragrances contract beforehand. whose success depends on the innovative Corp., the world’s largest flavour and knowledge-based product or service. Often fragrance manufacturer, resisted in court they do not know much about the difference a full disclosure of the ingredients lists of Having handed your sensitive between a trade secret and a patent. A its allegedly stolen formulas after suing its �������������������������������������� Welsh entrepreneur, Michael Wilcox, made former head perfumer, James Krivda, and an a court, this automatically becomes headlines in 2012 when he became so US branch of its French rival, Mane USA Inc. ��������������������� frustrated at the cost of enforcing his patent and the poor protection that it offered in reality, that he publicly burned legal For a success-conscious organisation that paperwork for his colour printing technology wants to protect its competitive edge, it should in front of the British Parliament in protest at be a top priority to define its trade secrets alleged copying by several large businesses. and consider patenting certain products. The key difference is that whilst patents require It is probably the reason why Apple, one of full public disclosure prior to obtaining rights, the most valuable companies in the world, trade-secrecy requires just the opposite. is at the low end of what companies spend However, the first step in guarding your on lobbying politicians in Washington. The Krivda had allegedly given his new secrets far simpler. As 80% of information technology giant spends only US$2 million employer, Mane, 616 so-called ‘head-space’ leaks happen through humans, the key threat a year. This is significantly less than Google analyses and fragrance formulas worth to any organisation’s information is first and or Facebook. Significantly, Apple also has a clear choice of priority issues it lobbies for, millions of dollars that he had downloaded foremost its employees’ loyalty, awareness, that all focus on better IP protection. and printed before leaving Givaudan. and the extent of their access to confidential Even though Givaudan filed the lawsuit information. in 2008, the company did not trust the �������������������������������� I love the protective order issued by the US Federal The fact that the largest recruitment firm in film ‘Charlie and the Chocolate Factory’ and Court in Trenton last year. The perfume the world was betrayed by its own executive continue to witness the same story over and giant rightly decided that further closure has a certain irony as it underlines that the over in real life during the past 20 years. of its trade secrets, even to the legal larger the organisation, the more difficult Mr Wonka was a very clever CEO, as he authority, would cost the company more it is to contain information leaks through was the one to employ a ‘competitor’, Mr than the theft they had already suffered. insiders. Even being the market leader in Wrigglesworth, as a double agent to approach recruiting does not always make you recruit his successor candidates to see if they would It may sound unreasonable to you, but to better for your own firm, if you are unaware cross him. The bait was the ever-lasting security experts, Givaudan’s decision makes of the potential threat. ‘gob-stopper’ that Mr Wonka gave to each perfect sense. After all, while Mane today candidate as a present. The test of trust was makes US$840 million in annual sales, to see whether the candidates would give Givaudan’s revenue is still close to US$5 their ‘gob-stoppers’ to Mr Wrigglesworth. billion. This was Mr Wonka’s way to protect his brilliant mind against espionage. ���������������������������������������� Raili Maripuu, WhiteRock MD: Our feature story is seemingly seasonal and light- In ‘Charlie and the Chocolate Factory’, Dahl hearted, but it carries a very strong message. brilliantly captures the ethos of today’s WhiteRock’s 20-years’ experience in the competitive world in Wonka’s rivals who try privacy world against commercial espionage to steal his business by copying his famous confirms every day that spies do not choose treats, such as never-melting ice cream, and certain industries, they choose money (the chewing gum that never loses flavour. To value) and they choose the easy money prevent future thefts, Wonka conveniently (most vulnerable targets). Yes, controlling replaces all of his factory workers with your ‘Oompa Loompas’ seems like an Oompa Loompas, tiny creatures who are impossible task, but with the right approach indebted to Wonka for rescuing them from and professional measures it is also very vicious beasts and therefore would never achievable in today’s corporate world. It dream of betrayal. If only it could be so easy is another question whether there is an in real life. appetite and drive to achieve this culture.
WhiteWhiteRockRock - -Feature News
WhiteNews20-Final-Print.indd 7 12/11/14 8:33 AM Technology
8 11 Manor Courtyard, Hughenden Avenue, High Wycombe, Buckinghamshire, HP13 5RE, UK +44 (0) 844 247 4538 [email protected] www.whiterockglobal.com
What is a Hearing Aid System?
In a nutshell, the whole hearing aid system includes one or more microphones linked to an amplifier that connects to an induction loop system that is embedded around a room. This all works on a very low frequency that makes it undetectable without professional equipment.
The only visible element detecting that someone is listening in, is the earpiece that instantaneously transmits the sound from the microphone. This sounds simple enough, and makes these devices incredibly easy-to- purchase-and-use spy-gear for unauthorised information gatherers.
All the perpetrator needs is an earpiece that is so small it is virtually ������������������������������������� Induction Loop System: heated was secretly recorded having a even suspect a person with an alleged heated argument with a London taxi driver. hearing disability? Hearing Aid for To take revenge on the ex-politician who Corporate Spies? had criticised his choice of route, the driver illegally taped the conversation using the Analogue hearing aids, less used now, will Social responsibility and equal working hearing aid system then leaked it to the local pick up sound, translate it into an electrical conditions are the norm in today’s corporate tabloid media. As expected, the scandal that signal, amplify the audio if needed, and then environment. But whilst it is important to followed was focused on the wording that feed it into the ear. comply with the UK Equality Act (enforced Mellor used when talking to the driver, not since 2010, following the Disability on the fact of illegal recording. It is hardly However, the more advanced digital hearing Discrimination Act), organisations should be news now that hearing aid systems are aid contains a silicon chip comprising millions aware that the equipment aimed to employees used in taxis by default, which makes any of electrical components that continuously and clients with hearing disability is also one confidential conversation in these vehicles process incoming sound, convert it into of the biggest security vulnerabilities when practically public. clearer and more audible sounds and then built into offices or meeting rooms. release these at the appropriate sound level Although hearing aid systems have been into the ear. Its sophistication allows the Unisolated induction loop systems give widely used for at least two decades, making system to distinguish between sounds that unauthorised information gatherers and areas where they are used highly vulnerable need to be amplified and unwanted noise corporate spies a perfect opportunity to to eavesdropping, the threat this presents is that needs to be reduced. There are also a listen in to any confidential conversation that rarely discussed. In fact, it is almost hushed number of pre-set programs that can be takes place in the area where the system is up. One reason could be the psychological used in different situations, such as quiet fitted. All a perpetrator needs is an earpiece controversy, i.e. regulations supporting the conversations, concerts, or at parties where so small it is virtually undetectable. Besides, needs of minorities, such as disabled people, there is a great deal of background noise. who would even suspect a person with an are usually not questioned in society. alleged hearing disability? However, the main reason is negligence, Considering all this, it may come as a surprise as the majority who do not need any help that even very advanced digital hearing hearing, pay very little attention to the aids are not encrypted as the general public devices used by minorities. Therefore, we needs to have uninterrupted access to these Nearly all corporations have equipped are understandably not concerned with the systems. This is one of the biggest reasons their buildings with Audio-Frequency technical details of these devices, or whether why hearing aid systems are considered such Induction Loops they are switched off. a remarkable eavesdropping threat.
From Taxies to Meeting Rooms, You Name it!
According to our experience, neary all corporations have equipped their buildings with Audio-Frequency Induction Loops (AFILs), commonly known as hearing aid systems. Required by law in the UK, these can usually be found in the reception area, but also in meeting rooms and offices. Apart from corporate environments such as banks, hearing aid systems are today very common in public places, for example in museums, hospitals, theatres, and universities. Furthermore, the systems are also usually fitted to public transport and taxis.
Last month, the UK newspapers reported how the former Cabinet Minister, David Mellor, who was secretly recorded having a
WhiteRock - Technology
WhiteNews20-Final-Print.indd 8 12/11/14 8:33 AM Technology 9 11 Manor Courtyard, Hughenden Avenue, High Wycombe, Buckinghamshire, HP13 5RE, UK +44 (0) 844 247 4538 [email protected] www.whiterockglobal.com
The more sophisticated digital aids enable the user to watch TV while taking part Silent Text and Silent Phone: A in conversations, locate where sounds Privacy Tools: pricier option available from a pair are coming from, eliminate whistling and The Best Encrypted of highly-ranked encryption apps for feedback while on the phone, and can link Android and iPhone. The apps are up via wireless technology to a TV, mobile Messaging Programs free to install but users must sign phone, tablet, computer or other recording up for a small monthly subscription. devices. Ever since Edward Snowden revealed According to experts, the only way to mass governmental surveillance, offer real privacy is to charge users, Would You Suspect Disabled Person of there has been countless news as most free apps do not provide an Espionage? recommending new encryption always-on high-quality service. Imagine the situation that your meeting software to keep people’s rooms are equipped with a hearing aid communications safer from spying. Not Recommended: system, but it is rarely used. Chances are However, it is not easy to sort out which secret messaging tools offer that the induction loops are not religiously Gnu Privacy Guard: An often used true security. To make it easier switched off at the end of every meeting email encryption program fell short of for you, here is the list of the most when these have been used. Since these are the top score because it has not been trusted encryption tools, and the also not encrypted, absolutely anyone with a audited and past communications can fitting earpiece close to your meeting room ones the experts do not recommend. be compromised if the user’s secret can listen clearly to what is discussed in this key or hardware is stolen. room at any time. Recommended: Wickr: A cell phone encryption app Cryptocat: A free chat program that The situation is even worse if the boardroom recently profiled on CNBC lost points can be installed in any web browser or office is located close to a public area. As for not disclosing its underlying code and was famously used by journalist the sound is captured in a wide radius, the or its cryptographic protocols, and for Glenn Greenwald while he was in unauthorised information gatherer does not not having a way for users to verify Hong Kong meeting with Snowden. even have to enter your building, he can just each other’s identity. stand in the reception area or lobby, outside Nadim Kobeissi created Cryptocat in 2010 as an experiment when he was the meeting room, or on the street, and Virtru: Recently profiled in the New a 21-year-old student at Concordia eavesdrop on all confidential conversations York Times, it received low rankings University in Montreal, and it became for as long as he has patience. because it stores users’ ‘secret keys’ famous once it won a prize in a New on its own computers rather than York ‘hackathon’ in 2012. Since then, on the user’s computers. It requires he has raised about US$150,000 in ��������������������������������������� users to trust Virtru with access to grants to help pay developers to work rarely used, the chances are that the their secret messages. induction loops are not switched off on improvements to the software. ���������������������������������� ��������� ���� ��������� ��������� Signal, RedPhone and TextSecure: Record’ Chats: These are only A line-up of three mobile phone encrypted in transit, but can still be apps from San Francisco-based read by the provider. Open Whisper Systems. Signal is for making secure phone calls on iPhone, Apple’s iMessage and FaceTime RedPhone secures phone calls on encrypted texting and video calling Android, and TextSecure makes programs lost rating because its sending texts on Android safer. All software code is not open for these apps are free. Signal app also public review. It is worth keeping in tries to give users some anonymity mind that even the best encryption by using a sophisticated system called tools still don’t do enough as a ‘bloom filter’, that allows users to they all require both people find each other without sharing their communicating to install software. address books. ������������������
With people walking around wearing headphones, it is unlikely that you will ever spot a skilled spy taking advantage of the system the organisation has used, literally, to bug itself. And even when security concerns arise, how would we walk up to a stranger in order to check what exactly is he using his earpiece for? Since the hearing aid presumes a disability, the person wearing it can be vulnerable, and it provides certain immunity. Hardly anyone wants to challenge him in case he really has a disability. So, it is a question of achieving a balance between a very real corporate threat and equal opportunities. The good news is that there is simple Did You Know? technology that can very discreetly address Apple and Google have recently introduced fully encrypted mobile the problem without causing any public embarrassment, and experienced privacy ��������������������������������������������������������������� professionals can help organisations who use ������� hearing aid systems.
WhiteRock - Technology
WhiteNews20-Final-Print.indd 9 12/11/14 8:34 AM Extra 10 11 Manor Courtyard, Hughenden Avenue, High Wycombe, Buckinghamshire, HP13 5RE, UK +44 (0) 844 247 4538 [email protected] www.whiterockglobal.com
FBI Untold Story: Men Behind the Largest Spy Catch in US History In February 1940, the FBI agent and a Mormon, James Ellsworth, left his home in California, prepared for a normal day of work. Instead, he got a message from John Edgar Hoover, then director of the FBI in Washington, instructing him to take the next plane to New York City. After arrival, Ellsworth, who had quickly packed for a two-week trip, was met by two They brought to justice traitors who were stealing technological secrets to give agents he already knew. Whilst they drove ��������������������������������������������������������� him to the city, they replaced his identification cards with ones carrying a fictitious name and gave him a little background of the case. In what is still the largest espionage case Sebold’s other source was Lilly Stein, a in American history, they brought to justice ‘femme fatale’ who attempted to seduce Later that day, Ellsworth met his handler, traitors who were stealing technological him. Stein was a pretty German spy with a German-born William G. Sebold, the first secrets to give German bombers an upper specialty in luring men to bed, where they double agent in the FBI history, and the men hand in their invasion of Europe. would pillow-talk about war developments or would spend 16 months working on a case big deals taking place in industry or finance. Apparently, William Sebold was a naturalised that would eventually lead to the arrest of Stein was effective at her job, and frequently American citizen of German birth. He had 33 spies. held valuable information, such as the British been in Germany in 1939 to visit his mother, army building 1,000 planes per day. and Nazis had attempted to recruit him. Impressed with a position Sebold held in As Sebold’s involvement with the Nazi New York City, they threatened to kill him, spy ring got deeper, he was allowed to set unless he would spy in the city. up telegraph correspondence at a cottage in Long Island. The FBI was then able to Shortly after, Col. Nikolaus Ritter, head of glean substantial evidence to build a case the Wehrmacht’s head of military espionage, by monitoring the telegraph lines and the needed a man to pass information from transmissions between Sebold and the their spies in the field to German hands, and Wehrmacht. thought Sebold would fit the bill.
However, Sebold turned out to be an intensely ������������������������� patriotic man and offered his services to the ‘the most outstanding case in the Special Agent James Ellsworth FBI. He covertly contacted the US Consulate ������������������ with his wife Nell in Cologne, Germany, informing them of what he had been forced into. Brought back to the US, he met with the FBI officials who devised The master plan came to a successful finale, a new plan for him in order to build a case and in June 28, 1941, the FBI arrested 33 against the Americans working for the Nazis. Nazi spies. As many as 16 of them were Sebold and Ellsworth were to infiltrate the convicted, including Stein who received a Duquesne Spy Ring, operating in New York 12-year sentence. Duquesne received an 18- City, one of the biggest in history. Now the year sentence for his crimes. double agent Sebold moved up the ranks of These timely arrests served to deprive the German spy community in the United Adolf Hitler of the help of spies at the time States, and he set up a dummy office in he would need it the most, the convictions Times Square for German spies to hand over coming on December 12, 1941, one day information to him. after war had been formally declared against Among the ones complicit in the conspiracy Germany and Italy by the United States. were Frederick Duquesne, a war veteran, After his service with the FBI, Sebold was Nazi sympathiser, and an overall eccentric placed in an early version of the Witness character who wore a monocle and operated Protection Program by the FBI, and was an office in Wall Street. Before working relocated to California. Ellsworth continued as a Nazi spy, Duquesne had a career as a working for the FBI. The story of these men journalist with the New York Herald. So when has now been told in recently published he called companies like Grumman Aircraft ‘Double Agent’ by Peter Duffy. Engineering, requesting photos and plans of their developing technology for made-up This was, as J. Edgar Hoover called it, ‘the ‘lectures’, the firms complied. He would then most outstanding case in the Bureau’s Agent William Sebold with pass the plans to the Nazis. history.’ his wife Ellen
WhiteRock - NewsExtra
WhiteNews20-Final-Print.indd 10 12/11/14 8:34 AM Extra 11 11 Manor Courtyard, Hughenden Avenue, High Wycombe, Buckinghamshire, HP13 5RE, UK +44 (0) 844 247 4538 [email protected] www.whiterockglobal.com
Do it Like They Do: 10 Authorised Ways to Spy on Your Rival “Keep your friends close and your enemies closer.” This, probably the most famous quote directly referring to espionage, comes from Sun-Tzu, a great military strategist and general in Ancient China. Today, more than 2,500 years later, knowing about your competition is crucial in business. Furthermore, with the Internet, marketing intelligence has never been easier to access. But before you follow our legitimate action list, remember to assume everything is public these days. Whatever spying you are doing on your competitors, they are probably doing the same on you!
���������������������������������������� ����������������� In addition to Point 1, you can use tools You can do this through many different like Fan Page Karma to find out your rival’s communication channels like email, Twitter, reach. A similar process can be done on Facebook, phone and their website. You’ll Twitter with Follower Wonk. find out their response speed and knowledge. ������������������������� ������������������������������������� Using Builtwith you can determine what Find out where your competitors are platform and add-ins your competitor uses advertising and which keywords they are and where they may be vulnerable. targeting. You’ll get help from tools like AdBeat, AdGooRoo and Moat. ����������������������������������� You can use Copernic to track updates or ����������������������� particular keywords on your rival’s website. Still an important element in organic search engine ranking, you can find backlinks on ������������������ your competitors’ sites by using tools like Moz’s Onsite Explorer and Majestic Site
Explorer. Video of the Month: �� ������������ ����������������������������� Introducing the Sign up for their company newsletter or mailing list. Like and follow their company You can use tools like Alexa or Similarweb to Visual Microphone pages and executive profiles on Facebook get the information you need. Researchers at MIT, Microsoft, and and Twitter. Or create a special group for ������������������������������������� Adobe have made revolutionary your competitors in social media to make it achievement in espionage, law easier to track their posts. It is child’s play to find out what they are enforcement, countersurveillance and ������������������������������������ saying on the web with Google Alerts and forensic technology. Talkwalker. These will send you an email It is the best way to understand what your anytime a new comment about them is The companies’ researches developed competitor sells and the customer experience posted on the web. an algorithm that can reconstruct they provide. It shows you how good their an audio signal by analysing minute customer communication is, you get to Also, Social Mention and Topsy can be used vibrations of objects depicted in analyse their product and explore their post- for competitors’ overall positive or negative video. sales support for valuable tips. sentiment analysis. In one set of experiments, they were able to recover intelligible speech Did You Know? from the vibrations of a potato-chip bag photographed from 15 feet away ������������������������������������������������� ����������������������������������� through soundproof glass. says the ‘China Folk Counterespionage Manual’ ���������������������������������������������������������������� Click Here to Watch the Video �������
WhiteRock - Extra
WhiteNews20-Final-Print.indd 11 12/11/14 8:34 AM Extra
12 11 Manor Courtyard, Hughenden Avenue, High Wycombe, Buckinghamshire, HP13 5RE, UK +44 (0) 844 247 4538 [email protected] www.whiterockglobal.com
Letter from America: No Winners in Spying Breakfast Club
What $15 million story has sex, deception and espionage, and does NOT star Tom Cruise, or Daniel Craig? Hint: It is not a Hollywood movie.
It is a trade secrets lawsuit that was settled recently here in the United States. The case is GlobeRanger Corp. v. Software AG, 3:11-cv- 00403, U.S. District Court, Northern District of Texas (Dallas).
The Story in a Nutshell:
GlobeRanger makes RFID tag systems and has really good proprietary software. The U.S. Navy uses it. Software AG, a competitor, stole the software and tried to pass it off to the Navy as their own. How did they do it?
A female employee of one of GlobeRanger’s subcontractors (Naniq) developed an “improper relationship” with the Navy contracting officer in charge of soliciting bids, one Bob Bacon. Bacon sizzled, and �������������������������������������� ������������� apparently bought her lie that she was a GlobeRanger’s lost time and more Navy compliance officer. Ah, the smell of than $15 million, they may never see ���������������������������������������������� is not cyber-espionage. collusion in the morning. ������������������������������������� Bacon Gets Taken ���������������������������������������������� Bacon and others laughed after that sex and deception, were used. A director at Naniq, Kim Gray, “was unusually statement, according to the complaint. A successful” at winning contracts from the person at the meeting handed a recording of �� ����������� �������������� ���� ������� ������ Navy’s Automatic Identification Technology the exchange over to GlobeRanger. recording, was the catalyst that made this Office, according to the complaint, which case. said, “She was also having an improper Everyone Looses relationship with Bob Bacon, the married This Story is a Cautionary Tale head of Navy AIT.” Gray was also “involved GlobeRanger, of Richardson, Texas, “poured with a man at Software AG,” it alleges. a decade of work and tens of millions of To paraphrase Ferris Bueller, “Espionage dollars into developing technology that moves pretty fast. If you don’t stop and look Bacon Gets Fried is truly transformative and promised to around once in a while, you could miss it.” exponentially facilitate the flow of goods and The key words here are “look around”. You At an April 2010 conference, Bacon was information throughout the world,” according are surrounded by business espionage asked how WebMethods (their name for the to its complaint. GlobeRanger software) could be trusted to tactics. Cyber-espionage isn’t the only threat. work, given “the absence of any track record The Breakfast Club for Software AG” regarding RFID and the Scan all 360 degrees. Think holistic. middleware. Everyone now has a sad story to tell. Include proactive Technical Surveillance GlobeRanger’s lost time and development Countermeasures inspections (TSCM), “We had a jump-start because we had money is worth more than $15 million, and background checks and information security already ... implemented [the other sites] they may never see a dime if Software AG training in your budget. using GlobeRanger servers on every site,” wins the appeal. Along with Bacon, Kim Gray
Bacon allegedly answered. “So, we sort of and her other paramour are toast, business- Happy Holidays, and a safe New Year, had that in our hip pockets, which helped wise and personally. Naniq and Software AG us jump-start WebMethods because we just are left with egg on their faces. The lawyers Kevin reverse-engineered code from GlobeRanger.” walk away full. They always do.
We always value your comments and feedback. Please send us a quick e-mail: ��������������������, is our associate ���������������������������� in America. or call us on �������������������� More of his security tips may be Katrin Vaga found here� Research and PR Executive
© Cope Whiterock Limited 2014 - WhiteNews® - USCM® - SECM® - ISO9001 Registered Firm - Certification Number GB2000647
WhiteRock - Extra
WhiteNews20-Final-Print.indd 12 12/11/14 8:34 AM