[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ISN] FBI: Enterprises need counterintelligence


By Matt Hines
September 04, 2007

The Chinese government has denied involvement in a series of hacks 
carried out against IT systems at the Pentagon in June this week, but 
the threat of technology-driven espionage has forced the FBI to push 
businesses and academic institutions to better prepare for such attacks.

Little publicly-available evidence exists to prove that foreign 
governments have backed or planned to launch attempts to steal 
intellectual property from U.S. corporations and researchers, but 
officials with the FBI claim that the problem is real and that American 
organizations must begin policing their operations more aggressively 
today to prevent valuable data from being stolen tomorrow.

In October, the FBI's Counterintelligence Domain Program -- which aims 
to foster cooperation between the agency and private entities to help 
organizations identify and protect potential intelligence risks -- will 
mark its first year in existence.

The program is already making significant steps in helping to close the 
gap between businesses and law enforcement to defend intellectual 
property from being left vulnerable to potential theft, FBI officials 

"In the past, we've always been reactive to this type of scenario and 
essentially showed up after the fact to bring resources to bear on this 
type of crime, but we want to be more proactive to help businesses and 
academic institutions protect themselves before an incident occurs," 
said Tom Mahlik, who serves as chief of the Domain program for the FBI.

"We've always responded aggressively to traditional espionage with 
investigation, such as with the theft of national secrets, but those 
cases really represent counterintelligence failures where the secrets 
are already in Beijing or Moscow and where valuable new technologies or 
intellectual property would already be gone," he said.

Counterintelligence efforts rank second on FBI Director Robert S. 
Mueller's current strategic agenda, sandwiched below counterterrorism 
work and above the fight against all forms of cyber-crime, according to 

Thus far, the Domain project has materialized primarily in the form of 
relationships built between the leaders of the agency's 56 individual 
divisions and the leading corporate entities and research groups 
identified by those units as organizations that control data that 
criminals and governments could try to get their hands on.

For instance, companies handling sensitive government work -- such as 
defense contractors and large IT systems integrators -- have already 
joined in the effort, Mahlik said. The program will be expanded over 
time to pull more companies into the fold that are developing 
cutting-edge technologies and other products that are considered to give 
the U.S. a technological or business-related advantage.

Those relationships, and training seminars held by the FBI in the name 
of expanding Domain, are aimed at identifying any research, information, 
or technologies that might be targeted by U.S. adversaries -- and to 
establish an ongoing information exchange among the program's members to 
improve protections and reduce opportunities for theft.

As for the current state of involvement of foreign nation states, 
including large terrorist groups, in intellectual property theft, the 
FBI refuses to share specific examples or hard data, but Mahlik said 
there should be little doubt that the problem exists.

"The FBI is well aware of deliberate targeted attacks that were aimed at 
stealing sensitive data from organizations, including NASA, the 
Department of Defense, and individual defense contractors," said the FBI 
expert. "We're still trying to deduce the magnitude of the problem, and 
a lot of that has to do with what we've dealt with in terms of 
investigating any ex-filtration of data and where it has ended up."

Mahlik said that two of the most significant trends feeding the need for 
corporate counterintelligence are offshore outsourcing and the heavy 
flow of foreign engineering talent into U.S. corporations and research 

While it remains hard to prove that foreigners are being trained 
specifically with the purpose of infiltrating U.S organizations to steal 
valuable data, he said that the concept is very real.

"This isn't about traditional spies anymore; the engineer, student, or 
business partner are the threat now, and these people are being given 
increased access to corporate secrets, intellectual property, and 
pre-patent research information at universities," Mahlik said. "These 
types of people are being actively used to ex-filtrate key pieces of 
information back to their homelands as there is always a race to 
establish a competitive advantage."

Data security in a global market

David Drab, principal for the Information & Content Security group at 
Xerox, said that companies are increasingly coming to the imaging giant 
looking for new ways to label sensitive information and track its flow 
among users in the workplace and throughout their supply chains.

Before joining Xerox, Drab served at the FBI for 27 years and observed, 
among other things, the flow of former KGB agents in former Soviet 
states into criminal organizations.

A good number of those intelligence experts were trained in the art of 
finding holders of sensitive corporate and national defense information 
and trying to liberate the data, he said, and many are likely employed 
in efforts to steal whatever plans they can sell to others for a profit 

"This is why you have Wal-Mart hiring former government intelligence 
officers. It's not about spying so much as it's about identifying 
business risk and what is occurring with competitors in the global 
environment," Drab said. "These companies are creating separate entities 
from traditional security or IT security to allow management to identify 
people internally who might have access to high-level information or 
might be targeted by competitors or foreign entities."

Drab points to the 2001 indictment of two Japanese-born individuals 
accused of stealing research on Alzheimer's disease from the Lerner 
Research Institute (LRI) in Cleveland as proof of the need for 
enterprise counterintelligence.

One of the accused researchers subsequently pled guilty to charges of 
misleading investigators looking into the situation, while another, who 
returned to Japan to work for a quasi-government agency working on 
Alzheimer's research, was unsuccessfully sought for extradition to the 
U.S. to face trial.

Among the tools developed by Xerox to help trace the use of paper 
documents, one of the hardest data formats to track, are gloss marks and 
infrared stamps used to create a trail of evidence as to who might have 
accessed, printed and walked off with sensitive data when copies of any 
stolen documents are recovered.

Large companies like financial services institutions have also begun 
speaking publicly about the problem of international cyber-theft, saying 
that they are already working to deal with the problem.

At the Usenix Security Symposium held in Boston in August, Jerry Brady, 
global head of IT security at New York-based financial giant Morgan 
Stanley, outlined the threat of foreign attack as a current business 
reality. He specifically cited emerging activity in the Far East as 

"Sometimes the threats are coming from the governments themselves in 
different parts of the world," said Brady. "The people who want to harm 
us drives a lot about how we think of security awareness. We do a lot of 
monitoring and threat intelligence to tell who our adversaries are today 
and who they will be tomorrow."

When asked if the government has done enough to help companies like 
Morgan Stanley deal with the issue, Brady said that the firm's 
relationship with law enforcement officials has improved over the last 
several years, specifically around intelligence gathering regarding new 

However, he said that companies cannot rely on the government alone to 
watch out for their interests overseas.

"It's popular to pin this issue on the government, but we in private 
industry need to play an even bigger role in addressing the problem," 
said Brady. "Every time we go into a new country we have to do a risk 
assessment, every country has its own IP protections and concepts and we 
know that; we know the countries where ex-KGB Soviet Bloc resources have 
ended up, and where we need to be even more vigilant."

Attend HITBSecConf2007 - Malaysia 
Taking place September 3-6 2007 featuring seven tracks of technical 
training and a dual-track security conference with keynote speakers 
Lance Spitzner and Mikko Hypponen!  -  Book your seats today!