Spying on German Firms
November 11, 2007
Whether it's research results, strategies for development, product information, client data or budget plans -- business secrets of successful companies are increasingly becoming coveted by industrious spies.
The spies, said Elmar Remberg, deputy chief of the Federal Office for the Protection of the Constitution (Germany's domestic intelligence agency), come from the former republics of the Soviet Union, but primarily, from China.
"China is intensively collecting information around the world -- political, military and scientific data, and company strategies in order close the gap in their technology developments as quickly as possible," Remberg said.
Current studies show that around 40 percent of German companies fall prey to industrial espionage. Furthermore, expertise worth up to 50 billion euros ($74 billion) is at risk, according to the studies. The target of the espionage are primarily nano and armament technologies, as well as that involving transportation, environment and energy.
Mid-sized businesses especially at risk
Andreas Blume, who is responsible for protecting new scientific findings at the chemicals company Evonik-Degussa, said small and mid-sized companies that are leaders in their field are especially at risk. He said he is often approched at seminars, workshops and conferences.
"Alarm bells should go off whenever someone is willing to pay for your flight, accommodations or entertainment," Blume said. "But a lot of mid-sized companies are blinded by the generous offerrs and later, they've given away their information."
Blume is also familiar with some of the tricks the intelligence services use: supposed document shredders that are actually equipped with internal shredders and UMTS transmitters, beamers that record presentations and USB sticks with so-called Trojan Horse programs that allow hackers to spy on computers.
According to the Federal Office for the Protection of the Constitution, Chinese case officers go undercover and work as journalists and diplomats in Germany, or visit trade fairs and companies with delegations.
Insiders pose major threat
Leaks from inside firms are increasing in number -- companies that take on interns from abroad are at risk, for example.
Hansjörg Fromm, director of the IBM European Center for Business Optimization in Germany, said he seen studies that show that in 2005, more than a third of assaults on security are due to breaches among employees of companies. Former employees and partners were responsible for 28 percent, he said.
"Abuse can come in many forms," Fromm said. "And as our firewalls, virus protection devices, passwords and biometic access portals become more refined, so too do the spies. They find ever cleverer ways of getting around things."
More and more e-mail spying
Internet-based assaults from outside are also increasing. Recent reports that attacks on German government computers came from China have been confirmed, said Remberg of the Federal Office for the Protection of the Constitution.
"Since 2005, we have been finding such e-mail-based electronic attacks on German government offices and companies," Remberg said. "These are pursued with incredible intensity; currently, an attack is detected every one to two days."
E-mails can contain spy programs that automatically install themselves without the user noticing. Collected information is then sent back over the Internet. Often, the programs are so well-made, that even specialists cannot detect them.
And there are other weak points, said Michael Hange, deputy chief of the German Federal Office for Information Security. "W-Lan and mobile communication are popular points of assault," he said.
A company in Thailand, for instance, offers monitoring services of cell phone conversations.
"You only have to get a hold of your parnter's cell phone and type in a few commands and then you can monitor all the calls," Hange said.
Experts say, however, that there is no way to protect against industrial espionage one hundred percent. They recommend that companies have a good IT security plan and stress that managers of companies must be more aware of the dangers. Employees must also be trained, even if they are trusted.