James Bond might be the world’s best-known spy, but nowadays even an obscure international business traveler could face similar surveillance threats from a hostile foreign intelligence service or even a business competitor. For example, though most American business travelers aren’t aware of the threats of espionage, the dangers are greater and more prevalent than ever before. According to the FBI, an estimated $300 billion worth of American intellectual property and business intelligence (IP/BI) is stolen via espionage each year, primarily by the likes of China, Russia, Iran, North Korea, and even France. And this estimate is considered low, as many public companies never report their losses for fear of shaking investor confidence.
Consider the thousands of executives, scientists, consultants, and lawyers passing through airports around the world each day. They carry, along with proprietary documents and complex computer files, the latest in personal electronic gear such as smartphones, laptops, and tablets. Their goal is to further their interests, improve their bottom line, engage in transactions with foreign partners, and maintain their competitive edge. Such activities might not facilitate a nuclear strike or a terror attack from a rogue nation or organization. Nevertheless, the information business travelers carry with them often can give their overseas competitors a significant edge, probably meaning the difference between their organizations winning multimillion dollar international contracts or filing for bankruptcy. And the IP/BI they carry with them can be of immense value to a competitor, a foreign intelligence service, or a private data collector such as a hacker.
For such reasons, those in the intelligence field have called espionage the world’s second oldest profession. One could argue that since the dawn of civilization only time itself has proven more valuable than information. Prior to the age of instant communications, intelligence operatives usually targeted international travelers who were known diplomats, military personnel or government contractors — essentially, those individuals most likely to carry sensitive information. But thanks to the advent of in-flight social networking, which provides passengers the chance to discover more about their fellow seatmates and access their profiles before or during flights, anyone who travels internationally can become a target of opportunity.
Imagine, for example, that your company is competing for a lucrative contract, and you are flying overseas to make a final presentation. Wouldn’t your competitors love to know what you are presenting before they do likewise? In the world of corporate espionage, identifying an unsuspecting target who’s pinned to the seat next to you during a transoceanic flight constitutes a juicy opportunity to obtain all manner of useful information. Thanks to programs like Delta’s “Innovation Class” and KLM’s “Meet and Seat Program,” your competitors can begin to target you days in advance.
In the parlance of intelligence operatives, this activity is called elicitation. It entails subtly extracting valuable data from apparently casual conversation. Elicitation techniques exploit several fundamental traits of human nature, including the fact that most people want to be polite and answer questions honestly, that everyone prefers to appear well informed about their work, and that everyone enjoys talking about themselves. It might seem counterintuitive, but most people often feel uncomfortable withholding information from or lying to strangers. As a result, people inadvertently spill the beans about sensitive details — about themselves, their jobs, and their companies and families — without realizing it.
During World War II, the phrase “Loose lips sink ships” became a strict mantra for troops to avoid talking about their missions for fear that the enemy was always listening. But no one could have imagined how today the internet, and in particular WiFi networks and social networks, have made it possible to access any kind of electronic file, far exceeding the espionage methods employed by intelligence officers during the Cold War. Now, operatives can steal intellectual property and business intelligence, and possibly classified data, by disabling encryption, breaching firewalls, and employing the latest networking technologies without their target’s knowledge and with little risk of exposure.
When I advise clients about overseas travel, I emphasize that one of the most dangerous locations anyone can use to check and send email is an international airport terminal and their hotel room. Complimentary WiFi networks are notorious for allowing operatives to intercept such activities. In many cases, host governments provide these networks specifically to create data-collection opportunities. The threat is equally real in foreign hotel rooms, despite the misconception that staying in a U.S. name brand hotel is safe — because many of these hotels are franchises owned by host governments or their associates.
What can you do to protect yourself and your business secrets? The following list represents the most important procedures you and your colleagues should follow on your next trip abroad:
- Avoid disclosing your travel details to strangers.
- Never put electronics in your checked luggage.
- Consider traveling with a disposable cellphone (they are less susceptible to eavesdropping).
- Use a separate “throw-away” email to communicate with your family and coworkers (this prevents hackers from penetrating your company’s email system even after you have completed your trip).
- Consider installing an asymmetric email encryption program such as “Pretty Good Privacy” (PGP) on your computer, which allows you to encrypt and decrypt your email over the Internet.
- Put sensitive business documents on password-protected USB drives (such as “Iron Key” or “BitLocker”).
- Never use complimentary WiFi when traveling, unless absolutely necessary, and always use a trusted VPN.
- Never leave your sensitive business materials and/or electronics unattended in your hotel room — and your hotel safe is not safe! Carry all electronics with you at all times (hence, the need for smaller devices).
- If you spend time in the hotel bar, be cautious of what you say and to whom, because they are prime hunting grounds for espionage operatives.
- Be mindful of sexual entrapment (the Russians are still the masters of “honeypots” and have blackmailed many a business traveler into disclosing sensitive information in exchange for keeping their affairs secret).
- Use a strong passphrase (instead of password) containing up to 14-18 characters (and change it every 180 days or after every international trip).
- Make it a habit to power-off your devices when they are not in use.
Individuals, organizations and nations rise and fall, but the basic principles of survival and success remain unchanged. Gathering knowledge about the competition means achieving economic, political, and personal gain. You no longer need someone to carry a “Double O” license to kill and the latest spyware from “Q Branch” to conduct espionage. They simply need to purchase relatively inexpensive or even free, off-the-shelf software (widely available in most app stores) and an international airline ticket.