IN THE NEWSPAPERS
Cloak and brolly thieves outwit alarms
The Independant - June 27 2003 at 09:42PM
Wendy Knowler
Some security companies have known for months that burglar syndicates have found a way to make themselves "invisible" to the passive infrared detectors of conventional alarm systems, yet have elected to keep their clients in the dark while they source new systems to outwit the criminals.
The directors of Durban insurance brokers Eikos thought the contents of their Berea office were adequately protected by the alarm system installed by South Africa's biggest security alarm company, Chubb, but last weekend thieves managed to break in and make off with R50 000 worth of computers without activating the alarm.
"We were baffled and called for records from the company's control room, which showed the alarm had not failed," said Eikos director Hemraj Sewbalas.
"It was then that Chubb's PRO told me how burglars could 'cloak' themselves to reduce their emissions and elude detection by the sensors," he said.
"When I asked why we hadn't been informed that our alarm system could be overridden in this way, I was told the company did not want to create panic among its clients, which seems ridiculous given the risks involved."
In contrast to Chubb's approach, rival alarm company Enforce sent letters to its 7 000 Durban clients a few weeks ago, warning that the company had footage showing intruders "screening themselves from detection by conventional Passive Infrared Detectors (PIRs) by hiding behind open umbrellas".
As infrared sensors pick up body heat as opposed to motion, the cloaking "reduces the amount of emitted infrared energy to such a level that it does not cause activation of the PIR". The letter urged clients to upgrade to a dual technology detector consisting of an "either/or" system of PIR and microwave, which picks up motion.
"When we discovered the 'cloaking' ploy, we went to our suppliers and asked them for an affordable alternative," said Enforce group marketing manager Gary Tintinger.
After running trials on the new system - involving staff running about in wetsuits, wet blankets and clutching umbrellas - the company offered the alternative to their clients.
"Hundreds of our clients are converting to the dual technology," said Tintinger.
Each sensor costs R500 and an area the size of a three-bedroomed home, for example, would need two.
Tintinger admits to "teething problems", but says the company is fine-tuning the system.
Chubb's regional manager Neil Zaltsman slammed the Enforce approach as "irresponsible".
"By going public with the fact that thieves are using umbrellas and wetsuits, we're going to see a lot more of these incidents in the coming months," he said. "Chubb has known about this problem for at least a year, but we elected not to tell our clients because we don't believe that the alternatives offered by the suppliers are thief-proof."
Johannesburg-based risk consultant Dave Casey, who conducts forensic investigations for the insurance and security industries, said in 43% of burglaries during which the alarm did not activate, poor installation was to blame.
"In other cases, thieves were able to remain undetected by crawling along the floor between office desks," he said.
He recommended the "either or" dual technology detector as a alternative to conventional infrared detectors.
Durban-based insurance assessor Philip Pass confirmed the upsurge in computer theft by "very slick operators" who are able to bypass alarm systems by many means, including "cloaking".
top
Computer Thieves Hit Businesses
The Mercury - November 21, 2002
Angela Bolowana
Take extra care over the Christmas holidays - that's the warning to businesses after an increase in computer thefts in Durban in recent months, with about 160 firms being hit in the Durban west area alone.
In the past two years, an average of five companies a week have been hit by computer thieves believed to be part of a syndicate operating in the city, according to a Hillcrest computer security company called Compusafe.(www.compusafe.co.za)
Police have confirmed that a number of companies, especially in the Pinetown area, have reported computer theft from their premises. Some have been burgled more than once, losing equipment worth thousands of rands.
Supt M R Pillay, of the Pinetown SAPS, said eight people had been arrested in connection with computer-related thefts.
Computer theft has also been on the increase in other parts of the country. Last month the Johannesburg offices of the South African Press Association were stripped bare of computer equipment, leaving the organisation unable to function for a period. Earlier, the offices of Gauteng Education Minister Mary Metcalfe were broken into and thieves made off with 50 computers worth R500 000.
Mr Ian Colls, the director of Compusafe, said about 160 companies had suffered losses in the Pinetown, Westmead and New Germany areas in the past year.
Other areas that had seen an increase in computer theft included Umhlanga Rocks, Mayville, Berea, Gateway Industrial, Mount Edgecombe, Jacobs, Bluff, Mobeni and Queensburgh.
"The problem of IT theft has been going on for at least the last two years with about five companies being hit a week," he said. "The syndicate moves from area to area usually breaking into three companies close together at a time, or starting in a particular road and returning until they have pretty much cleaned out the area.
"Colls warned companies to be extra cautious over the December period. "People need to do something before they go on holiday. Last year, about 120 companies were broken into over a nine-day period after they had closed for the holidays.
" He also urged companies to be careful with technicians doing technical work on telephone lines.
top
Cops scan computer theft gang
Daily News - August 05 2002 at 11:06AM
Yvonne Grimbeek and Louis Oelofse
A syndicate operating in Pretoria is stealing computers to sell at rock bottom prices outside South Africa's borders.
Police said they had identified a syndicate operating in the city which was responsible for a spate of computer thefts and robberies over the past few months.
Captain Piletji Sebola said a special investigating team had been appointed to look into the computer thefts, which include high-profile cases such as the computer thefts from the Telkom Towers and the Nigerian High Commission.
'They take the drives out of the boxes and then take them across the border'
Police do not want to say exactly how many computer thefts have been reported since the beginning of the year, claiming the information is classified as part of the crime statistics, which Safety and Security Minister Charles Nqakula said would only be released once a year.
Sebola, however, said the computer thefts ranged from housebreakings at residential properties and schools to thefts at larger concerns, like Telkom Towers.
Sebola added that the syndicate was mainly interested in the hard drives. In many instances, screens were left behind. "They take the drives out of the boxes and then take them across the border to our northern neighbours where the electronic equipment is sold at very low prices," he said.
The investigating team has identified several prominent members of the syndicate and a breakthrough is expected soon.
Telkom spokesman Andrew Weldrick said the theft of computers from their offices did raise the question of industrial espionage.
top
Computer Mafia
Daily News - June 10, 2003
Liz Clarke
Industrial espionage, involving the accessing of sensitive company information by sophisticated mafia-type syndicates, is emerging as a sinister new threat in the wake of escalating computer theft in South Africa.
Among the hundreds of companies targeted nationally are those operating in the KwaZulu-Natal industrial areas of Pinetown, New Germany, Stamford Hill and Springfield Park.
However, for every one computer theft in KwaZulu-Natal there are 22 similar thefts in Gauteng, most of them in Pretoria, Centurion and in the Johannesburg CBD
Syndicates target companies' records
.While the value of the equipment stolen is substantial, the theft of protected company information could be both dangerous and destructive. Records that could fall into criminal hands are company records and working details, information on cash transactions, bank account details, addresses and whereabouts of staff and clients.
In one instance e-mail messages were sent, supposedly from top management, to clients asking them not to place money in the company's bank account because there was a technical problem. An alternative bank account was given. once money had been deposited it was swiftly closed.
The South African Police Services estimate that in 2002 alone an estimated R326 million worth of computers were stolen, more than was taken in bank robberies and violent cash-in-transit heists put together. The SAPS Specific Crimes report that in 2001 10 778 business premises were burgled in KwaZulu-Natal. Police sources say they expect this figure to rise by the end of 2003.
Ian Colls, a Pinetown-based businessman who has undertaken an extensive investigation into computer theft, said that South African companies were still "very naive" when it came to the threat of industrial espionage and that valuable and highly sensitive information was being given to syndicates "on a plate". He said that in the absence of any legislation in South Africa that dealt per se with the theft and illegal use of company information, extra vigilance was vital.
"People might think that a stolen computer is just a matter of an upgrade through their insurance company," he said, "but they forget that it is often not the equipment, but the information, that the criminals are after. We are not yet sure how it is being used, but the potential for abuse is a huge concern.
"Chris Allan, managing director of Tile Trends in Pinetown, has been the target of computer theft six times. "We have excellent alarm systems and good security but the gangs still get in. What is worrying is that the criminals ignore computers in the work station area, and steal only the main computer containing company information.
"He said that a further concern was that 50 or 60 companies in his area had been broken into and computers stolen, without a single arrest being made. "We need a thorough investigation into where these computers are going and who is behind this systemic targeting.
"The manager of a company in the industrial complex of Westmead, who asked not to be named, said that he had decided to leave the area and start his business elsewhere. "It is absolutely absurd what is going on. You can't conduct business like this. How can you expect investment when you are being robbed left, right and centre?
"Security companies which protect industrial premises believe that many companies have not kept up with the times. In some cases alarm systems haven't been changed since they were installed 10 to 15 years ago.
Oliver Dallaway, of Secureco Security, said that as criminals became more sophisticated, alarm systems needed to be upgraded to cope with new threats. "To keep one step ahead requires regular forensic auditing.
"Regional manager of Chubb Security and chairman of the South African Intruders Detection Services Association (SAIDSA), Neil Zaltsman, said that it was "still too early" to see whether the theft of company information had impacted on crime.
"It might sound a bit James Bondish, but it is something that needs to be watched carefully. What we do know is that there are new market users who need entry level PCs and that there is a ready market in the recycling of components, including the hard drive.
"He said that among solutions that companies could look at was the installation of devices into the PC linked to the alarm system.
Spokeswoman for the statutory Private Security Industry Regulatory Authority (PSIRA), Ronel Verryne, said that it was imperative that companies employed security personnel who were legally registered with PSIRA.
"Companies that accept quotes for security services below the statutory minimum wage are asking for trouble," she said. "In all probability the people employed won't be registered with us. And if they have criminal records they won't know."
top
Beware the insiders
---------------------------------------------------------
In South Africa computer related crimes cost more than all the armed robberies and bank heists added together. But hackers only account for a very small percentage of that.
---------------------------------------------------------
David Shapshak
---------------------------------------------------------
The real economic damage caused by computer crime is committed by insiders who already have access to networks, not hackers trying to prove their technical prowess, computer experts warn. Most computer crime is practised by organised crime syndicates, disgruntled employees, embezzlers and, rarely, hackers.
The South African Police Service says it investigated an estimated R326-million stolen through computer crime last year and expects an increase this year. This is more than what was taken in bank robberies and violent cash-in-transit heists put together.
Internet-related crime represented 4% of the investigations by the police's computer unit. Fraud, on the other hand, accounted for 34% of investigations, with fraud involving corruption representing 12%, and theft and fraud 5%.
Bank fraud is often the result of people with inside knowledge exploiting existing holes in the system. Nedbank's Martin Pienaar says where bank fraud does occur, it is as a result of collusion between criminal syndicates and insiders.
Hackers, however, tend to be bright young computer users who test their abilities by breaking into networks or server computers, usually belonging to big corporations, banks and occasionally military institutions.
This weekend newspapers reported hackers had gained access to the server companies like Acenet and the Internet service providers Internet Solution and MWeb. The organisations confirmed the attacks but stressed the information was not critical and their security has been plugged.
A common "hack" is to tie up a server with repeated requests for irrelevant data, causing it to crash or to be unavailable to anyone else.
This means shutting down an organisations's Internet operations. This type of hacking often involves downloading software that "pings" the server, a radar-like means of sending a pulse to a computer to establish whether the machine is active.
Firewalls, the protective encryption software which prevents unrecognised computer users gaining access to isolated networks, are designed to shut down when they are hacked, a computer expert says. The Pentagon, the expert points out, is hacked three times a day.
"There has never been one successful commercial hack in South Africa," says another computer expert. This means no hacker has made a profit through stealing money or information.
Earlier this year, Israeli teenager Ehud Tenenbaum hacked into Nasa and the Pentagon. In a classic case of hacking hysteria, FBI agents could only identify him as "The Analyser" and knew he came from the Middle East, before the Tel Aviv resident turned himself in.
top
News service crippled as gang robs premises
SAPA - October 20 2002 at 12:52PM
A gang of armed robbers who took vital computer equipment from the Johannesburg headquarters of the South African Press Association (Sapa) brought editorial operations to a total halt in the early hours of Sunday.
At least five robbers, one armed with a pistol, overpowered a guard at the gate to the association's office park in Greenside, north-western Johannesburg. The robbers forced the guard to remove his uniform and one of the gang members dressed himself in it.
The gang then made their way to Sapa's offices. The bogus guard presented himself at the newsroom security gate at about 2am, Sapa editor Mark van der Velden said.
A journalist, who was on the graveyard shift, opened the security gate to the bogus guard.
"They tied up our journalist, Nombuso Dlamini, with computer cable. Her brother and two of his friends, who were keeping her company while they studied for school exams, were also tied up.
"The robbers then went through our newsroom and computer system and took all the best equipment. In the process, our communications system was spiked, with no information going in or out," Van Der Velden said.
"The robbery appears to have been quite well planned because they (the robbers) demanded to know why Nombuso was not by herself as she should have been."
At least 16 computer workstations were either removed or damaged.
"All electronic equipment of any value was taken, right down to the coffee machine and one of our technician's spectacles," the editor said.
It was not immediately possible to put an accurate value on the goods taken, and Sapa staff were still assessing the damage caused. Van Der Velden, however, estimated that the value of the goods taken could be in the region of R200 000.
Sapa's technical staff managed to cobble together enough of a system to set up a skeleton service by noon on Sunday.
"We are very grateful that nobody was physically injured," Van Der Velden said.
Sapa is the country's independent national news agency, owned as a co-operative by most of South Africa's major newspapers.
It gathers, edits and distributes news and information around the clock to supply newspapers, radio, television and foreign news operations.
top
Gang of computer thieves hit the tax man
SAPA - December 15 2002 at 03:39PM
A gang stole 47 computers from the Pretoria office of the SA Revenue Service on Sunday morning, police said.
Captain Piletji Sebola said six men travelling in a bakkie drove up to two security guards at the main gate in New Muckleneuk around 7.50am and said they had come to collect the computers. The guards allowed them in but were held up at gunpoint and made to open the offices.
The gang took until 10.15am to select 47 computer hard-drive units which they loaded into the bakkie before driving away.
Sebola said the police computer theft task team was alerted and some Sars officials were being recalled from holiday to assess the situation and its implications.
Police were investigating a possible link to the theft of four computers by a gang of eight men from Independent Rand Falls at Samcor Park in Silverton near Pretoria at 3.30am on Saturday in which a 28-year-old security guard was held up, Sebola said.
top
Computer Theft
Business Day (Johannesburg) -
November 18, 2002
Chantelle Benjamin Legal Affairs Correspondent
POLICE believe there are several computer-theft syndicates in Gauteng, each focusing on a particular institution, such as schools, government institutions or businesses and the problem is spreading to other provinces.
Police spokeswoman Henriette Bester said there had been a recent rise in computer theft spurred by demand for cheaper computers and accessories.
"There are different syndicates involved and their modus operandi differs. Some rob at gunpoint, some break in during the night, while others hijack trucks," Bester said.
"They also target different outlets like Telkom, Spoornet and so on. It appears it has spread to other provinces."
In only two weeks, towards the end of September, syndicates targeted the Mozambican consulate in Illovo, the SA Press Association, Moneyweb, Mega-Freight in Boksburg, a Dimension Data branch in Sunninghill, the offices of the Gauteng Agriculture MEC, Conservation, Environment and Land Affairs and Diepkloof's Ikaneng Primary School.
In the past six months Telkom has lost 300 computers throughout the country. Several outlets such as Incredible Connection have been targeted.
The stolen computers are not being taken out of the country, however. Police say more stolen computers are coming into the country than are being smuggled out. "The unit is working with other countries to trace the overseas owners of stolen equipment and to share information."
Most of the stolen computers are sold in parts, but laptops tend to be sold as complete units. "It is very difficult for a member of the public to know if the computer is stolen," said Bester. "The best advice we can give is to contact the manufacturer who has the means to trace ownership."
Two Cameroonian men appeared in court on Friday on charges of contravening sections of an act governing second-hand dealers after police confiscated equipment worth R2m from an Orange Grove pawn shop because the paper work was not in order. Owner of the shop, Isaac Nzitie, and his technical assistant, Serge Jomota, were each released on R10000 bail.
Police are hopeful that the arrest will assist them in their investigation. Computer owners are asked to write down the serial numbers of the mother board, memory chip and hard drive and keep it in a safe place.
top
CRIME STATS
Report on IT theft
DISCLAIMER
For legal reasons this is my expressed opinion and the following information needs further investigation. In no way am I implicating that members/companies in the security industry are directly responsible for the theft of computers and electronic equipment. Further more, I have advised clients of security companies to bring the matter of computer theft up with their security company and to get a second opinion regarding how serious the issue is. When asked which security companies I would recommend, I have named companies with the lowest loss statistics, or those companies that have come to the party and have become Pro-actively involved in trying to prevent computer theft.
To whom it may concern,
From February 2002 to December 2002 I assisted the Pinetown SAP, Leon Daffel and Rodney Hillagen, Durban Intelligence, and the insurance industry in investigating the syndicate stealing computers in the Westmead, Pinetown, and New Germany areas. I started a business called Compusafe specializing in the protection of computers against theft. I started asking questions to companies who had suffered IT loss, and soon realized that we were dealing with a very well organized syndicate possibly involving Telkom employees, security company reaction staff/control room staff, as well as installers, private installers, and possibly several “ bad apples” in the police force.
Here are my findings so far: ( for legal reasons this is my expressed opinion and the following information needs further investigation )
The problem of IT theft in my area has been going on for at least the last two years on a consistent basis with about 5 companies being hit per week. The syndicate move from area to area usually breaking into 3 companies close together at a time, or starting in a particular road and returning time after time until they have pretty much cleaned out that area. Another pattern was to hit the two outside companies first, and then the one in the middle. Most companies had a repeat break-in 2 to 3 weeks later for the new computers, some the very same day the computers were replaced. This year alone about 162 companies have been hit, only 3 of which to my knowledge did not have alarm systems. There have been zero arrests on site, or leaving the scene of the crime, however there have been arrests for trying to sell the computers or storing them. This zero arrest on site led me to start looking at why and who could be doing this. I approached several of the bigger security companies to try and come to some sort of conclusions and to get them to warn their clients of the syndicate, do date not one company has received any helpful warning letters or memos .The answers I was given from several security companies was that they were inside jobs, the thieves were doing smash and grabs using umbrellas and raincoats to get around the passives. The general feeling was that we were dealing with a common thief with simple house breaking tools. The security companies were adamant that their clients were paying for monitoring and response and that the responsibility of prevention was not their responsibility and not economically viable unless the client was prepared to pay for it.
Findings:
· Many of the companies robbed received telephone calls from “ switchboard “ companies enquiring on their systems asking how many telephones, fax machines, computers and modems they had. Many of them that answered these questions were robbed shortly afterwards. I spread this info and the syndicate has since stopped using this method.
· An alarming number of companies had had a visit from a Telkom technician claiming a fault on their fax line. The trusting companies never bothered to ask for id or a faults report and simply let them in to do their thing. Some of the faults were genuine, but Telkom trucks had been seen working late at night in the areas up telephone poles, perhaps prepping the faults to gain access to a company in order to scout it out.
· Far too many of the break-ins happened without the alarms even going off. In the majority of cases access was gained through the front door, bottom glass door window, or front window with or without burglar proofing. The thieves knew if there were glass break detectors or not.
· The bottom half of the interleading office doors were removed so as not to activate any possible mags which are always on the top of doors.
· The syndicate always seemed to know which computers had modems and which were used for internet banking. The only people who have access to this information is Telkom.
· Many of the time when an industrial park was hit, the telephone lines were tampered with, or simply cut. This would render all telephone linkup useless, but not radios.
· Companies with radios were generally accessed through the roof to remove the aerial. Who knows if you have an aerial and where it is located.
· Companies would be hit when asking for a quote to have an alarm system fitted, or shortly after having one fitted.
· Companies would be hit after a rep would call to recommend upgrading a system.
· Companies that had just moved into the area would be hit in the fist 4 to 6 weeks.
One has to took at the fact that almost no arrests have been made at the scene, and this started me looking at the possibility that the thieves know how to get around alarm systems using the same technology that is meant to protect people. Sure the method of using umbrellas does work, but cannot explain how a 30 to 45 minute job can be done in 3 to 7 minutes reaction time. My proposal is that these guys are in and out long before the alarm goes off, if it goes off at all. I had a meeting with the Technical Manager of one of the bigger well known security companies and discussed all the possible ways to get into alarm systems from the outside, and what you could do once you were in. His response was that it was unlikely, but not impossible.
We only have two communication links for alarms, telephone and radio. The systems are supposed to be configured so that both trigger simultaneously, or the radio link kicks in if the telephone fails. I think that some of the systems are deliberately being configured incorrectly to allow for break-ins. Most alarm systems use the fax line, hence the Telkom theory, and this is a two-way communication between the alarm control panel and a computer. The computer is usually inside the security company, perhaps the control room, but anybody on the outside with the correct programme, codes and intelligence could access this system or maybe that of the client’s system. I think codes have been compromised, they say every man has his price. The security companies with the computers locked up in the director’s offices seem to have the least number of clients losing computers! Once in the system, the syndicate has control and can manipulate the settings, like changing the entry/exit time from 45 seconds to say 45 minutes. This would explain why they’re long gone and out of the area by the time reaction arrives. The question is how the event logs are being altered so as to not show a history.
Many companies have their name, telephone and fax number advertised outside their building. All you would need is an untraceable pay as you go cell phone to keep the fax line engaged long enough to rob and leave the area. The line could also be prepped from within Telkom, if you don’t pay your bill they cut outgoing calls but not incoming calls. The alarm would not see this as a cut line, but possible as an engaged line, and the system returned to normal after the robbery.
Certain people in the security industry feel that my ideas are far fetched, but they also admit that anything is possible. The problem of IT theft is a national one and is not being run by idiots. These guys are making big money not only by selling computers, but by using the stolen information for crimes such as house breaking, armed robberies, hijacking of cars and trucks carrying electronic equipment, internet fraud,etc. These guys invest money in learning how to get around alarm systems for cars, homes, offices, etc. We are either dealing with criminals that are just too good to get caught, or they are getting help from insiders in security companies, SAP, installers,etc. The high levels of corruption in our country and in the security and intelligence industry cannot be denied, but not enough is being done about prevention of crime. The security industry is in the unique position of being able to get involved more in prevention than just offering monitoring and response. Their clients are their biggest assets and they need to start looking out for their best interests. They say crimes pays, and it does for certain industries, but to ignore a problem and to not inform the public of the dangers of crime to their clients, in my opinion is negligence and could be seen as riding on the criminals back for their own financial benefit – Proverbs 28:5.
You may ask what and why my interest in stopping IT theft when my company sells security for computers? I head up the Hillcrest Park Neighbourhood Watch under Eric Tocknell,Hillcrest SAP, working with reservists, Metro and security companies, and have seen what can be done if you apply yourself. Our biggest way of preventing crime is to inform the client/public of the crime in the first place so that firstly they are aware, and secondly that they can make the best decisions regarding the level of security they need. I hate crime with a passion and it is more important to me that we prevent it than just respond to it. I have been in business for myself for 10 years and have seen enough commercial crime to make me want to leave this country like everyone else, but I choose to stay. The difference is that I’m prepared to do something about it.
Ian Colls
top
· The offices of Mary Metcalfe, Gauteng MEC for Agriculture, Conservation, Environment and Land Affairs were broken into last weekend and 50 computers, worth about R500 000, were stolen.
· Dimension Data's group facilities manager, Nick Caldwell, said their branch in Sunninghill was hit over two consecutive weekends - October 4 and 10. "They seemed to be looking for something specific."
He said that in both cases the thieves were looking for central processing units.
In both instances, the people were armed, and a guard was shot in one of the cases. "Fortunately our security system is one of the best, and the thieves were unable to take anything," Caldwell said.
· Ingrid Krige, senior manager corporate communications for Telkom, said the thieves seemed to be looking for the hard drives of the computers. "In the last six months, Telkom has lost in excess of 300 computers nationally," she said.
The volume of equipment stolen, said Krige, had given Telkom the impression that an organised unit might be responsible.
Trucks with a capacity to carry 30 or 40 computers are believed to have been used.
· Ikaneng Primary School in Diepkloof, Soweto, became the target on Wednesday night.
There are similarities between the theft at the school and the other incidents.
Thieves gained access through the electric fence around the computer room and stole 15 computers.
The school's principal, Florah Lesele, said: "We appeal to whoever stole the equipment to please bring them back, because they are of no use to them." The equipment is custom-made for teaching."
· Early in August, 19 hard drives were stolen from Charter House, a school in Weltevreden Park, Roodepoort.
"This was not a smash-and- grab job. The method of entry was very elaborate," said Warrick Dodge, headmaster of the school.
He said the entire affair was very suspicious because the thieves knew exactly where to go.
They had cut the locks of the perimeter gate and gone straight to the school's junior primary computer building. They had entered through a hole they had made in the roof.
top
INDUSTRIAL ESPIONAGE
"Who says industrial espionage is a relatively new thing? Man has always recognised technology as a means to gain power over another, so they guarded their secret carefully. Alchemists of the medieval period all had their secret notebooks full of coded lists, ingredients and amounts that pointed towards the synthesis of gold." In our modern world industrial espionage is rampant and methods include making use of casual employees working as undercover agents, hackers, hired teams of burglars, trash-picking, exploration of dumpsters, bugging, etc.
Definition
Industrial Espionage is the discreet gathering of intellectual and sensitive data in an unethical and/or unlawful manner in order for the gatherer of such information or someone else to get the edge in the market place in unlawful competition.
Some South African companies are unaware of industrial espionage practices. In South Africa there is no law prohibiting industrial espionage per se. However acts of espionage could be accommodated under theft, trespassing, etc.
The underlying philosophy of industrial espionage is, why spend years and millions of rands on research and development and developing a customer base when you can bribe an employee in the competitor's camp for a few rands, tap their telephones, or bug their offices, etc.
According to the American Society for Industrial Security (ASIS), occurrences of industrial espionage in American business have grown by more than 260 percent since 1985 which could amount to as much as $63 Billion per year. The FBI estimates that espionage costs corporate America more than $50 Billion per year.
Industrial Espionage in South Africa is regarded as an acceptable way of doing business, with no danger of legislation to deter it. In South Africa it has been attempted to use various criminal statutes to counter espionage when the perpetrator is caught, but as said these laws do not specifically cover the theft or improper gathering of proprietary information.
Clearly, in today's business arena, information is more valuable than ever. Every orgainisation is vulnerable to information theft. Companies can not simply sit back, whilst a fortress mentality of hiding behind fences, locks, alarms, access controls and guards is also not the answer. The enemy most often is already inside the fortress as about 85% of espionage crimes are perpetrated by employees. Your security may be great to keep the outsiders out, but does nothing to prevent insiders exporting company secrets.
In this regard companies must change the way they think "security". They must identify their valuable information resources and who might be interested in them.
They must decide where defenses are needed and where to find the right people who can provide them. OF&A encourage companies to conduct background checks before bringing in the team of supposedly qualified software professionals. Besides having immediate access to the arsenal of company information, unscrupulous programmers can be bribed to plant a Trojan horse in the corporate computer system, and in doing so build a 'backdoor' offering them repeated access to company data. The laptop of a high ranking executive on the road is also loaded with the company's latest and most vital activities and plans, and is often left in the hotel room during lunch or dinner. It is the easiest thing to access a room, boot up the laptop, copy the data on the hard drive whilst a partner armed with a cell phone keeps the executive under close surveillance while the other leaves the premises without anyone being any the wiser.
Even sitting aboard an airliner may not be safe. It is alleged that the French have been accused of bugging seats in the first class section of their airliners. The same for French hotel rooms frequented by executives.
Legislation is, however, not always the answer because should a company catch the spy and resort to civil or criminal prosecution, the nature of the confidential information stolen, is commonly made public during the trial which is an ironic consequence of legal rules that in order to obtain justice, the victim will have to make public the very same information it is trying to protect, making the value of the confidential information far less. The secret therefore is to protect confidential information in such a manner that the spy can not get it in the first instance!
top
The Programming Secretary/Damilah
I am trying to create a public awareness campaign in the greater Durban area with respect to the problem of computer theft from offices and factories. Since February 2002, I have been assisting the Pinetown SAPS detectives branch with investigating the syndicate responsible for over 160 companies suffering losses in Westmead, Pinetown and New Germany. I made the front page of the Mercury 21 November 2002 entitled “ Computer thieves hit businesses” which is a start, but by no means enough for the general public. On the same day I appealed to all the major security companies to assist in this campaign (see attachment below).
Would it be possible for ECR to assist in getting the message out to the community by having a spot of air time, I think you call it crime watch , where by myself and representatives of the major security companies can discuss the problem and put forward recommendations for the December shut-down period when most companies are closed and left vulnerable. Chubb Security have already come forward with their full support.The problem of computer theft is very serious as the public are not aware of the follow-on crimes as a result of stolen information. The kind of information being stolen is creditors and debtors lists, internet banking details, vehicle tracking, payment methods, stock evaluation, addresses of staff and clients, etc.
We need to get the message out to the community as soon as possible, so please would you get back to me .
top
|
