This is a good article on a new trend in corporate spying: companies like Wal-Mart and Sears have resorted to covert surveillance of employees, partners, journalists, and even Internet users to protect itself from "global threats."
"Like most major corporations, it is our corporate responsibility to have systems in place, including software systems, to monitor threats to our network, intellectual property and our people," Wal-Mart spokeswoman Sarah Clark said in a statement in April. Following the Gabbard firing, Wal-Mart said it conducted a review of its monitoring activities. "There have been changes in leadership, and we have strengthened our practices and protocols in this area," Clark said.
At a gathering of security specialists in New York City in January of 2006, David Harrison, the former Army military intelligence officer who was hired by Senser to head Wal-Mart's analytical security research center, provided a rare glimpse into the company's monitoring operations. Harrison told the gathering Wal-Mart faces a wide range of threats: "A bombing in China, an armed robbery in Brazil, an armed robbery in Las Vegas, another bomb threat, and that was just yesterday," Harrison said.
To safeguard its employees and operations Wal-Mart has tapped its massive data warehouse of information, now believed to be larger than 4 petabytes (4,000 terabytes), to look for potential threats. It tracks customers who buy propane tanks, for example, or anyone who has fraudulently cashed a check, or anyone making bulk purchases of pre-paid cell phones, which could be tied to criminal activities. "If you try to buy more than three cell phones at one time, it will be tracked," he reportedly told the audience.
Gabbard, the Wal-Mart employee fired for recording reporters' phone calls, said in his interview with The Wall Street Journal that Wal-Mart uses software from Raytheon Oakley Networks to monitor activity on its network. The Oakley product was originally developed for the U.S. Department of Defense.
The Oakley software is so sophisticated it can allow administrators to visually see what types of information are moving across the network, from Excel spreadsheets to job searches on Monster.com, or photos with flesh tones that might indicate a user is viewing pornography.
And this article talks about ex-CIA agents working for corporations:
The best estimate is that several hundred former intelligence agents now work in corporate espionage, including some who left the C.I.A. during the agency turmoil that followed 9/11. They quickly joined private-investigation firms whose U.S. corporate clients were planning to expand into Russia, China, and other countries with opaque business practices and few public records, and who needed the skinny on international partners or rivals.
These ex-spies apply a higher level of expertise, honed by government service, to the cruder tactics already practiced by private investigators. One such ploy is pretexting -- obtaining information by pretending to be somebody else. While private detectives have long posed as freelance reporters or job recruiters to get people to talk, former agents have elevated pretexting to an art.
Similarly, ex-agents have helped popularize the use of G.P.S.-based monitoring devices and long-range cameras for following people around. One corporate-espionage technique comes straight from the C.I.A. playbook. In the constant search for the slightest edge, some hedge funds and investment companies have turned to a handful of private-investigation firms for a tactic that seems to fall between science and voodoo. Called tactical behavior assessment, it relies on dozens of verbal and nonverbal cues to determine whether someone is lying. Signs of potential deception include meandering off topic rather than sticking to the facts and excessive personal grooming, such as nervously picking lint off a jacket. This method was developed by former lie-detector experts from the C.I.A.'s Office of Security, which administers polygraph tests to keep agents honest and verify the stories of would-be defectors.
Most of the ex-agents' activities, from surveillance to lie detection, are perfectly legal. In the wake of the 2006 Hewlett-Packard scandal, detectives used pretexting to obtain the private telephone records of company directors, employees, and journalists. In an effort to track leaks to the media, federal law was tightened to prohibit using fraudulent means to obtain telephone records. Financial records were already off-limits. But federal law doesn't forbid assuming a false identity to get other information -- an area that ex-spies exploit.
Still, a few techniques favored by the spies-for-hire do appear to violate privacy statutes. One of these involves using "data haunts," extreme methods of electronic monitoring such as tracking cell-phone calls and gathering emails by relying on secretly installed software to record computer keystrokes. An ex-C.I.A. agent described a group of his former colleagues who set up shop offshore so that they could tap into telephone calls -- a practice prohibited by federal law -- outside U.S. jurisdiction. "They call themselves the bad boys in the Bahamas," he said.
Even some of the legal methods are controversial within the industry. Certain old-school firms won't stoop to dumpster diving or stealing garbage -- which is usually legal as long as the trash is on a curb or other public property --" because they consider it unethical. They say that the prevalence of former intelligence agents in the field and the rise of unscrupulous tactics have tarnished a business that often struggles with its reputation. One longtime investigator complained that he recently lost business to some ex-C.I.A. officers who promised a potential client that they could obtain the phone and bank records of a target -- something that is illegal in most cases.
Current and former employees said Diligence's ex-spies also held classes in using false identities to obtain confidential information. Ex-employees said it wasn't unusual for an investigator to have five or six cell phones, each representing a different identity, on his or her desk. And while ex-C.I.A. and former MI5 agents were old hands at such deception, the new initiates sometimes got confused and answered a phone with the wrong name.
All interesting. It seems that corporate espionage has gone mainstream, and the debate is more about how and when.
On a related note, this paragraph disturbed me:
On occasion, Diligence investigators were dispatched to collect garbage from a target's home or office. In some cases, two former employees said, Diligence hired off-duty or retired police officers to take trash so that they could wave their badges and fend off any awkward questions.
It's public authority being used for private interests. We see it a lot -- off-duty police officers guarding private businesses, for example -- and it erodes public trust of authority. In the case above, I'm not even sure it's legal.
Posted on January 16, 2008 at 12:21 PM • 37 Comments