Industrial espionage, also known aseconomic espionage,corporate spying, orcorporate espionage, refers to the systematic and unauthorized acquisition ofsensitive business information. This practice typically targetstrade secrets,proprietary operational data, andintellectual property belonging to competitors or other organizations. The information is gathered with the intent to gaincompetitive advantage, facilitate business decision-making, or for commercial sale to interested parties. Industrial espionage is conducted by various actors, including current or former employees, contractors, corporate competitors, foreign governments, andcriminal organizations, and is universally recognized as both illegal and unethical.[1][2]
While political espionage is conducted or orchestrated bygovernments and is international in scope, industrial or corporate espionage is more often national and occurs between companies orcorporations.[3]
In short, the purpose of espionage is to gather knowledge about one or more organizations. Economic or industrial espionage takes place in two main forms. It may include the acquisition ofintellectual property, such as information on industrial manufacture, ideas, techniques and processes, recipes and formulas. Or it could includesequestration ofproprietary or operationalinformation, such as that on customerdatasets,pricing,sales,marketing,research and development, policies, prospectivebids, planning ormarketing strategies or the changing compositions and locations of production.[4] It may describe activities such as theft oftrade secrets,bribery,blackmail and technologicalsurveillance. As well as orchestrating espionage oncommercial organizations, governments can also be targets – for example, to determine the terms of a tender for agovernment contract.
Economic and industrial espionage is most commonly associated withtechnology-heavy industries, includingcomputer software andhardware,biotechnology,aerospace,telecommunications,transportation andengine technology,automobiles,machine tools,energy,materials andcoatings and so on.Silicon Valley is known to be one of the world's most targeted areas for espionage, though any industry with information of use to competitors may be a target.[5]
Information can make the difference between success and failure; if atrade secret is stolen, the competitive playing field is leveled or even tipped in favor of a competitor. Although a lot ofinformation-gathering is accomplished legally throughcompetitive intelligence, at times corporations feel the best way to get information is to take it.[6] Economic or industrial espionage is a threat to any business whoselivelihood depends on information.
In recent years, economic or industrial espionage has taken on an expanded definition. For instance, attempts tosabotage a corporation may be considered industrial espionage; in this sense, the term takes on the wider connotations of its parent word. That espionage andsabotage (corporate or otherwise) have become more clearly associated with each other is also demonstrated by a number of profiling studies, some government, some corporate. TheUnited States government currently has apolygraph examination entitled the "Test of Espionage and Sabotage" (TES), contributing to the notion of the interrelationship between espionage and sabotage countermeasures.[7] In practice, particularly by "trusted insiders", they are generally considered functionally identical for the purpose of informingcountermeasures.
Economic or industrial espionage commonly occurs in one of two ways. Firstly, adissatisfiedemployee appropriates information to advance interests or to damage the company. Secondly, a competitor or foreign government seeks information to advance its own technological or financial interest.[8] "Moles", or trustedinsiders, are generally considered the best sources for economic or industrial espionage.[9] Historically known as a "patsy", an insider can be induced, willingly or underduress, to provide information. A patsy may be initially asked to hand over inconsequential information and, once compromised by committing acrime,blackmailed into handing over moresensitive material.[10] Individuals may leave one company to take up employment with another and takesensitive information with them.[11] Such apparent behavior has been the focus of numerous industrial espionage cases that have resulted in legal battles.[11] Some countries hire individuals to do spying rather than the use of their ownintelligence agencies.[12]Academics, business delegates, andstudents are often sought to be used by governments in gathering information.[13] Some countries, such asJapan, have been reported to expect students to bedebriefed on returning home.[13] A spy may follow aguided tour of afactory and then get "lost".[10] A spy could be anengineer, amaintenance man, acleaner, aninsurance salesman, or aninspector: anyone who has legitimate access to the premises.[10]
A spy maybreak into the premises tostealdata and may search throughwaste paper andrefuse, known as "dumpster diving".[14] Information may be compromised via unsolicited requests for information,marketing surveys, or use of technical support or research or software facilities.Outsourced industrial producers may ask for information outside the agreed-uponcontract.[15]
Computers have facilitated the process of collecting information because of the ease of access to large amounts of information through physical contact or theInternet.[16]
Economic and industrial espionage has a long history. FatherFrancois Xavier d'Entrecolles, who visitedJingdezhen,China in 1712 and later used this visit to reveal the manufacturing methods ofChinese porcelain to Europe, is sometimes considered to have conducted an early case of industrial espionage.[17]
Historical accounts have been written of industrial espionage betweenBritain andFrance.[18] Attributed toBritain's emergence as an "industrial creditor", the second decade of the18th century saw the emergence of a large-scale state-sponsored effort to surreptitiously take Britishindustrial technology to France.[18]Witnesses confirmed both theinveigling oftradespersons abroad and the placing ofapprentices in England.[19] Protests by those such asironworkers inSheffield andsteelworkers inNewcastle,[clarification needed] about skilledindustrial workers being enticed abroad, led to the firstEnglishlegislation aimed at preventing this method of economic and industrial espionage.[20][19] This did not preventSamuel Slater from bringing British textile technology to theUnited States in 1789. In order to catch up with technological advances of European powers, the US government in the eighteenth and nineteenth centuries actively encouraged intellectual piracy.[21][22]
American founding father and firstU.S. Treasury SecretaryAlexander Hamilton advocated rewarding those bringing "improvements and secrets of extraordinary value"[23] into the United States. This was instrumental in making the United States a haven for industrial spies.
East-West commercial development opportunities afterWorld War I saw a rise inSoviet interest inAmerican andEuropeanmanufacturing know-how, exploited byAmtorg Corporation.[24] Later, with Western restrictions on theexport of items thought likely to increase military capabilities to theUSSR, Soviet industrial espionage was a well known adjunct to other spying activities up until the 1980s.[25]BYTE reported in April 1984, for example, that although the Soviets sought to develop their ownmicroelectronics, their technology appeared to be several years behind theWest's. SovietCPUs required multiplechips and appeared to be close or exact copies of American products such as theIntel 3000 andDEC LSI-11/2.[26][a]
Some of these activities were directed via theEast GermanStasi (Ministry for State Security). One such operation, "Operation Brunnhilde," operated from the mid-1950s until early 1966 and made use of spies from manyCommunist Bloc countries. Through at least 20 forays, many western European industrial secrets were compromised.[27] One member of the "Brunnhilde" ring was aSwisschemical engineer, Dr. Jean Paul Soupert (also known as "Air Bubble"), living inBrussels. He was described byPeter Wright inSpycatcher as having been "doubled" by theBelgianSûreté de l'État.[27][28] He revealed information about industrial espionage conducted by the ring, including the fact thatRussian agents had obtained details ofConcorde's advanced electronics system.[29] He testified against twoKodak employees, living and working in Britain, during a trial in which they were accused of passing information on industrial processes to him, though they were eventually acquitted.[27]
According to a 2020American Economic Review study, East German industrial espionage in West Germany significantly reduced the gap intotal factor productivity between the two countries.[30]
A secret report from theMilitary-Industrial Commission of the USSR (VPK), from 1979 to 1980, detailed howspetsinformatsiya (Russian:специнформация, "special records") could be utilised in twelve different military industrial areas. Writing in theBulletin of the Atomic Scientists,Philip Hanson detailed aspetsinformatsiya system in which 12 industrial branch ministries formulated requests for information to aid technological development in their military programs. Acquisition plans were described as operating on 2-year and 5-year cycles with about 3000 tasks underway each year. Efforts were aimed at civilian and military industrial targets, such as in thepetrochemical industries. Some information was gathered to compare Soviet technological advancement with that of their competitors. Much unclassified information was also gathered, blurring the boundary with "competitive intelligence".[25]
TheSoviet military was recognised as making much better use of acquired information than civilian industries, where their record in replicating and developing industrial technology was poor.[b][25]
Following the demise of the Soviet Union and the end of theCold War, commentators, including theUS Congressional Intelligence Committee, noted a redirection amongst the espionage community from military to industrial targets, with Western and former communist countries making use of "underemployed" spies and expanding programs directed at stealing information.[31][32]
The legacy of Cold War spying included not just the redirection of personnel but the use of spying apparatus such as computer databases,scanners for eavesdropping,spy satellites,bugs andwires.[33]
Former CIA DirectorStansfield Turner stated in 1991, "as we increase emphasis on securing economic intelligence, we will have to spy on the more developed countries—our allies and friends with whom we compete economically—but to whom we turn first forpolitical andmilitary assistance in a crisis. This means that rather than instinctively reaching for human, on-site spying, the United States will want to look to those impersonal technical systems, primarilysatellite photography and intercepts".[34]
FormerCIA DirectorJames Woolsey acknowledged in 2000 that the United States steals economic secrets from foreign firms and their governments "with espionage, withcommunications, withreconnaissance satellites". He listed the three reasons as understanding whether sanctions are functioning for countries under sanction, monitoring dual-use technology that could be used to produce or develop weapons, and to spy on bribery.[35]
In 2013 The United States was accused of spying onBrazilian oil companyPetrobras. Brazil's PresidentDilma Rousseff stated that it was tantamount to industrial espionage and had no security justification.[36]
In 2014 former US intelligence officerEdward Snowden stated that theNational Security Agency (NSA) was engaged in industrial espionage and that they spied onGerman companies that compete with US firms. He also highlighted the fact the NSA usesmobile phone apps such asAngry Birds to gatherpersonal data.[37]
According to a 2014Glenn Greenwald article, "potentially sabotaging another country's hi-tech industries and their top companies has long been a sanctioned American strategy." The article was based on a leaked report issued from former U.S.Director of National IntelligenceJames R. Clapper's office that evaluated how intelligence could be used to overcome a loss of the United States' technological and innovative edge. When contacted, theDirector of National Intelligence office responded, "the United States—unlike our adversaries—does not steal proprietary corporate information", and insisted that "the Intelligence Community regularly engages in analytic exercises". The report, he said, "is not intended to be, and is not, a reflection of current policy or operations".[38]
In September 2019, security firmQi An Xin published report linking the CIA to a series of attacks targeting Chinese aviation agencies between 2012 and 2017.[39][40]
A significant, state-sponsored transfer of technology occurred during and after World War II, when the U.S. government formally seized patent rights from Axis powers like Germany and Italy[41]. This was followed by programs such as theTechnical Industrial Intelligence Committee (TIIC) under the Department of Commerce, which actively dispatched missions to Europe—particularly Germany[42]—to investigate, document, and acquire technical processes and patents. This systematic effort also extended to Allied nations; financially exhausted European countries, including the United Kingdom, were often compelled to make 'voluntary transfers' of intellectual property as a condition for aid or loans. Historians have argued that this large-scale acquisition of foreign intellectual property was a key factor in the post-war technological and industrial ascendancy of the United States, which subsequently licensed much of this Intellectual Property back to European firms.[43]
Israel has an active program to gather proprietary information within the United States. These collection activities are primarily directed at obtaining information on military systems and advanced computing applications that can be used in Israel's sizablearmaments industry.[44][45]
Israel was accused by the US government of selling USmilitary technology and secrets to China in 1993.[46]
In 2014 American counter-intelligence officials told members of theHouse Judiciary andForeign Affairs committees that Israel's current espionage activities in America are "unrivaled".[47]
Computers have become key in exercising industrial espionage due to the enormous amount of information they contain and the ease at which it can be copied and transmitted. The use of computers for espionage increased rapidly in the 1990s. Information has commonly been stolen by individuals posing as subsidiary workers, such as cleaners or repairmen, gaining access to unattended computers and copying information from them.Laptops were, and still are, a prime target, with thosetraveling abroad on business being warned not to leave them for any period of time. Perpetrators of espionage have been known to find many ways of conning unsuspecting individuals into parting, often only temporarily, from their possessions, enabling others to access and steal information.[48] A "bag-op" refers to the use ofhotel staff to access data, such as throughlaptops, in hotel rooms. Information may be stolen in transit, intaxis, atairport baggage counters,baggage carousels, ontrains and so on.[14]
The rise of the Internet andcomputer networks has expanded the range and detail of information available and the ease of access for the purpose of industrial espionage.[49] This type of operation is generally identified as state backed or sponsored, because the "access to personal, financial or analytic resources" identified exceed that which could be accessed bycyber criminals or individualhackers. Sensitive military or defense engineering or other industrial information may not have immediatemonetary value to criminals, compared with, say,bank details. Analysis of cyberattacks suggests deep knowledge of networks, with targeted attacks, obtained by numerous individuals operating in a sustained organized way.[49]
The rising use of the internet has also extended opportunities for industrial espionage with the aim of sabotage. In the early 2000s, energy companies were increasingly coming under attack from hackers. Energy power systems, doing jobs like monitoringpower grids orwater flow, once isolated from the other computer networks, were now being connected to the internet, leaving them more vulnerable, having historically few built-in security features.[50] The use of these methods of industrial espionage have increasingly become a concern for governments, due to potential attacks by hostile foreign governments or terrorist groups.
One of the means of perpetrators conducting industrial espionage is by exploiting vulnerabilities in computer software.Malware andspyware are "tool[s] for industrial espionage", in "transmitting digital copies of trade secrets, customer plans, future plans and contacts". Newer forms of malware include devices which surreptitiously switch on mobile phonescamera andrecording devices. In attempts to tackle such attacks on their intellectual property, companies are increasingly keeping important information "off network," leaving an "air gap", with some companies buildingFaraday cages to shield fromelectromagnetic orcellphone transmissions.[51]
Thedistributed denial of service (DDoS) attack uses compromised computer systems to orchestrate a flood of requests on the target system, causing it to shut down and deny service to other users.[52] It could potentially be used for economic or industrial espionage with the purpose of sabotage. This method was allegedly utilized byRussian secret services, over a period of two weeks on acyberattack onEstonia in May 2007, in response to the removal of aSoviet era war memorial.[53]
In 1848, theBritish East India Company brokeQing China's global near-monopoly on tea production by smuggling Chinese tea out of the nation and copying Chinese tea-making processes.[54] TheBritish Empire had previously run a considerable trade deficit with China by importing the nation'stea and other goods. The British attempted to rectify thedeficit by tradingopium to the Chinese, but encountered difficulties after theDaoguang Emperor banned the opium trade and theFirst Opium War broke out. To avoid further issues in trading tea with China, the East India Company hiredScottishbotanistRobert Fortune to travel to China under the guise of a Chinese nobleman and obtain Chinese trade secrets and tea plants for replanting. Infiltrating Chinese tea-making facilities, Fortune recorded the Chinese process for creating tea and smuggled tealeaves andseeds back to the East India Company.[55] The East India Company later introduced these methods tocompany-ruled India, using India to compete and surpass China in tea production.[56]
Between 1987 and 1989,IBM andTexas Instruments were thought to have been targeted by FrenchDGSE with the intention of helping France'sGroupe Bull.[57] In 1993, U.S. aerospace companies were also thought to have been targeted by French interests.[58] During the early 1990s, France was described as one of the most aggressive pursuers of espionage to garner foreign industrial and technological secrets.[57] France accused the U.S. of attempting to sabotage itshigh tech industrial base.[57] The government of France allegedly continues to conduct ongoing industrial espionage against Americanaerodynamics andsatellite companies.[59]
In 1993, car manufacturerOpel, the German division ofGeneral Motors, accusedVolkswagen of industrial espionage after Opel's chief of production,Jose Ignacio Lopez, and seven other executives moved to Volkswagen.[11] Volkswagen subsequently threatened to sue for defamation, resulting in a four-year legal battle.[11] The case, which was finally settled in 1997, resulted in one of the largest settlements in the history of industrial espionage, with Volkswagen agreeing to pay General Motors $100 million and to buy at least $1 billion of car parts from the company over 7 years, although it did not explicitly apologize for Lopez's behavior.[60]
In April 2009,Starwood accused its rivalHilton Worldwide of a "massive" case of industrial espionage. After being acquired byThe Blackstone Group, Hilton employed 10 managers and executives from Starwood. Starwood accused Hilton of stealing corporate information relating to its luxury brand concepts, used in setting up its Denizen hotels. Specifically, former head of itsluxury brands group, Ron Klein, was accused of downloading "truckloads of documents" from a laptop to his personal email account.[61]
Amazon is alleged to have used a 75% owned shell company ("Big River") to perform corporate espionage on its rivalseBay,Shopify, andWalmart.[62][63]
On 13 January 2010,Google announced that operators, from within China, had hacked into their Google China operation, stealing intellectual property and, in particular, accessing the email accounts of human rights activists.[64][65] The attack was thought to have been part of a more widespread cyber attack on companies within China which has become known asOperation Aurora.[65] Intruders were thought to have launched azero-day attack, exploiting a weakness in theMicrosoftInternet Explorer browser, the malware used being a modification of thetrojan "Hydraq".[51] Concerned about the possibility of hackers taking advantage of this previously unknownweakness in Internet Explorer, the governments of Germany and, subsequently France, issued warnings not to use thebrowser.[66]
There was speculation that "insiders" had been involved in the attack, with someGoogle China employees being denied access to the company's internal networks after the company's announcement.[67][68] In February 2010, computer experts from the U.S.National Security Agency claimed that the attacks on Google probably originated from two Chinese universities associated with expertise incomputer science,Shanghai Jiao Tong University and theShandong Lanxiang Vocational School, the latter having close links to theChinese military.[69]
Google claimed at least 20 other companies had also been targeted in the cyber attack, said by theLondonTimes, to have been part of an "ambitious and sophisticated attempt to steal secrets from unwitting corporate victims" including "defence contractors, finance and technology companies".[65][64][66] Rather than being the work of individuals or organised criminals, the level of sophistication of the attack was thought to have been "more typical of anation state".[64] Some commentators speculated as to whether the attack was part of what is thought to be a concerted Chinese industrial espionage operation aimed at getting "high-tech information to jump-startChina's economy".[70] Critics pointed to what was alleged to be a lax attitude to the intellectual property of foreign businesses in China, letting them operate but then seeking to copy orreverse engineer their technology for the benefit of Chinese "national champions".[71] In Google's case, they may have (also) been concerned about the possible misappropriation of source code or other technology for the benefit of Chinese rivalBaidu. In March 2010 Google subsequently decided to cease offeringcensored results in China, leading to the closing of its Chinese operation.
The United States charged two formerNetLogic Inc. engineers,Lan Lee andYuefei Ge, of committing economic espionage against TSMC and NetLogic, Inc. A jury acquitted the defendants of the charges with regard to TSMC and deadlocked on the charges with regard to NetLogic. In May 2010, a federal judge dismissed all the espionage charges against the twodefendants. The judge ruled that the U.S. government presented no evidence of espionage.[72]
In May 2010, the federal jury convictedChordiant Software, Inc., a U.S. corporation, of stealingDongxiao Yue's JRPC technologies and used them in a product called Chordiant Marketing Director. Yue previously filed lawsuits againstSymantec Corporation for a similar theft.[73]
Revelations from the Snowden documents have provided information to the effect that the United States, notably vis-à-vis the NSA, has been conducting aggressive economic espionage againstBrazil.[74] Canadian intelligence has apparently supported U.S. economic espionage efforts.[75]
The Chinese cybersecurity company Qihoo 360 accused the Central Intelligence Agency of the United States of an 11-year-long hacking campaign[76] that targeted several industries including aviation organizations, scientific research institutions, petroleum firms, internet companies, and government agencies.[77]
A 2009 report to the US government, by aerospace and defense companyNorthrop Grumman, describesChinese economic espionage as comprising "the single greatest threat to U.S. technology".[49] Blogging onthe 2009 cyber attack on Google, Joe Stewart ofSecureWorks referred to a "persistent campaign of 'espionage-by-malware' emanating from the People's Republic of China (PRC)" with both corporate and state secrets being "Shanghaied".[78] The Northrop Grumman report states that the collection of US defense engineering data stolen through cyberattacks is regarded as having "saved the recipient of the information years of R&D and significant amounts of funding".[49] Concerns about the extent of cyberattacks has led to the situation being described as the dawn of a "new cold cyberwar".[79]
According toEdward Snowden, theNational Security Agency spies on foreign companies.[80] In June 2015 Wikileaks published documents about the National Security Agency spying on French companies.[81]
During December 2007, this was suddenly revealed thatJonathan Evans, head of theUnited Kingdom'sMI5, had sent out confidential letters to 300 chief executives and security chiefs at the country's banks, accountants and legal firms warning of attacks from Chinese 'state organisations'.[82] A summary was also posted on the secure website of theCentre for the Protection of the National Infrastructure, accessed by some of the nation's 'critical infrastructure' companies, including 'telecoms firms, banks and water and electricity companies'.[83] One security expert warned about the use of 'customtrojans,' software specifically designed to hack into a particular firm and feed back data.[83] Whilst China was identified as the country most active in the use of internet spying, up to 120 other countries were said to be using similar techniques.[83] The Chinese government responded to UK accusations of economic espionage by saying that the report of such activities was 'slanderous' and that the government opposed hacking which is prohibited bylaw.[84]
German counter-intelligence experts have maintained the German economy is losing around €53 billion or the equivalent of 30,000 jobs to economic espionage yearly.[85]
InOperation Eikonal, GermanBND agents received "selector lists" from theNSA – search terms for their dragnet surveillance. They contain IP addresses, mobile phone numbers and email accounts with the BND surveillance system containing hundreds of thousands and possibly more than a million such targets.[86] These lists have been subject of controversy as in 2008 it was revealed that they contained some terms targeting theEuropean Aeronautic Defence and Space Company (EADS), theEurocopter project[87] as well as French administration,[88][86] which were first noticed by BND employees in 2005.[87] After the revelations made by whistleblower Edward Snowden, the BND decided to investigate the issue whose October 2013 conclusion was that at least 2,000 of these selectors were aimed at Western European or even German interests which has been a violation of the Memorandum of Agreement that the US and Germany signed in 2002 in the wake of the9/11 terror attacks.[86] After reports emerged in 2014 that EADS and Eurocopter had been surveillance targets theLeft Party and theGreens filed an official request to obtain evidence of the violations.[86][89]
The BND's project group charged with supporting theNSA investigative committee in German parliament set up in spring 2014, reviewed the selectors and discovered 40,000 suspicious search parameters, including espionage targets in Western European governments and numerous companies. The group also confirmed suspicions that the NSA had systematically violated German interests and concluded that the Americans could have perpetratedeconomic espionage directly under the Germans' noses.[86][90] The investigative parliamentary committee was not granted access to the NSA's selectors list as an appeal led by opposition politicians failed at Germany's top court. Instead the ruling coalition appointed an administrative judge,Kurt Graulich [de], as a "person of trust" who was granted access to the list and briefed the investigative commission on its contents after analyzing the 40,000 parameters.[91][92] In his almost 300-paged report[93] Graulich concluded that European government agencies were targeted massively and that Americans hence broke contractual agreements. He also found that German targets which received special protection from surveillance of domestic intelligence agencies byGermany's Basic Law (Grundgesetz) − including numerous enterprises based in Germany – were featured in the NSA's wishlist in a surprising plenitude.[94]
"Competitive intelligence" involves the legal and ethical activity of systematically gathering, analyzing and managing information on industrial competitors.[95] It may include activities such as examining newspaper articles, corporate publications, websites, patent filings, specialised databases, information at trade shows and the like to determine information on a corporation.[96] The compilation of these crucial elements is sometimes termed[by whom?] CIS or CRS, aCompetitive Intelligence Solution orCompetitive Response Solution, with its roots inmarket research. Douglas Bernhardt has characterised "competitive intelligence" as involving "the application of principles and practices from military and national intelligence to the domain of global business";[97] it is the commercial equivalent ofopen-source intelligence.
The difference between competitive intelligence and economic or industrial espionage is not clear; one needs to understand the legal basics to recognize how to draw the line between the two.[98][99]
'Competitive intelligence involves the application of principles and practices from military and national intelligence to the domain of global business. It is where the art and disciplines of both intelligence and strategic management converge. Competitive intelligence is the flip side of the strategy coin,' stresses Douglas Bernhardt, author of Perfectly Legal Competitor Intelligence.
{{cite web}}: CS1 maint: multiple names: authors list (link)| International | |
|---|---|
| National | |
| Other | |
