Competitive Intelligence Versus Industrial Espionage

[Роман]

Submitted by stiennon on Fri, 08/15/2008 - 3:02pm.

Every organization should be aware of the types of techniques competitors use to gather intelligence on their business or operations. It sometimes catches you by surprise to learn of the types of activity your competitors engage in. A friend of mine once interviewed at one of the Big Four accounting firms (PwC, KPMG, E&Y, Deloitte.) The person she interviewed with was ex-agency (CIA, NSA, FBI). The questions she had to answer were very telling:

1. You are sitting on an airplane next to a consultant from a competing organization. He has his laptop open and is working on a proposal. Do you lean back and read that proposal?

2. The airline passenger gets up to go to the bathroom, leaving a folder of documents on his seat. Do you leaf through it?

3. You find some key documents in a hotel lobby relating to a competitor’s bid on the same project you are working on. Do you keep the documents or turn them in to the hotel unread?

Yes, large companies do employ people who are charged with gathering this type of information. There are some great tools online for gathering competitive intelligence. Knowing what Google keywords your competitor is purchasing as well as what their total spend is can be useful. Page rank, Alexa data, banner ad programs are useful as well.

While some of this data cannot be hidden from snooping competitors there are some precautions you should be taking.

1. Make sure that you have no “unpublished” pages on your website. Directories such as /stage, /temp, /index2, /new, are easily discoverable.

2. Configure your email servers so they do not bounce emails sent to unknown users. Legitimate emails can be discovered by a lack of response from a brute force emailing to all combinations of first name – last name.

3. Check regularly for registrations of domain names that are simple misspellings of your primary domain.

This last point is an interesting one. Say an attacker is hoping to harvest interesting documents sent to your organization. Purchase orders, invoices, reports from your accountants, etc.? They can register a domain that is a common misspelling of yours and collect any emails accidently sent to it. A researcher at Symantec reported last week that he believes he has found such an attempt registered out of China.

 

There may be a fine line between competitive intelligence gathering and industrial espionage. In my mind, information that is in the public domain is legit for CI while internal documents are not. You should protect yourself from the gathering of both types of intelligence.

 

_ttp://www.networkworld.com/community/node/31114

 

[Теоретик]

Submitted by stiennon on Fri, 08/15/2008 - 3:02pm.

Every organization should be aware of the types of techniques competitors use to gather intelligence on their business or operations. It sometimes catches you by surprise to learn of the types of activity your competitors engage in. A friend of mine once interviewed at one of the Big Four accounting firms (PwC, KPMG, E&Y, Deloitte.) The person she interviewed with was ex-agency (CIA, NSA, FBI). The questions she had to answer were very telling:

1. You are sitting on an airplane next to a consultant from a competing organization. He has his laptop open and is working on a proposal. Do you lean back and read that proposal?

2. The airline passenger gets up to go to the bathroom, leaving a folder of documents on his seat. Do you leaf through it?

3. You find some key documents in a hotel lobby relating to a competitor’s bid on the same project you are working on. Do you keep the documents or turn them in to the hotel unread?

Yes, large companies do employ people who are charged with gathering this type of information. There are some great tools online for gathering competitive intelligence. Knowing what Google keywords your competitor is purchasing as well as what their total spend is can be useful. Page rank, Alexa data, banner ad programs are useful as well.

While some of this data cannot be hidden from snooping competitors there are some precautions you should be taking.

1. Make sure that you have no “unpublished” pages on your website. Directories such as /stage, /temp, /index2, /new, are easily discoverable.

2. Configure your email servers so they do not bounce emails sent to unknown users. Legitimate emails can be discovered by a lack of response from a brute force emailing to all combinations of first name – last name.

3. Check regularly for registrations of domain names that are simple misspellings of your primary domain.

This last point is an interesting one. Say an attacker is hoping to harvest interesting documents sent to your organization. Purchase orders, invoices, reports from your accountants, etc.? They can register a domain that is a common misspelling of yours and collect any emails accidently sent to it. A researcher at Symantec reported last week that he believes he has found such an attempt registered out of China.

 

There may be a fine line between competitive intelligence gathering and industrial espionage. In my mind, information that is in the public domain is legit for CI while internal documents are not. You should protect yourself from the gathering of both types of intelligence.

 

_ttp://www.networkworld.com/community/node/31114

As my friend from Inst for International Ecomony and Global Affairs (IMEMO RAN) said, there's nothing absolutely secret; all information you need, you can have using open sourse intelligence; the "Top secret" cliche is used by G-men only for havin' extra-charge. Plus, as Roman and Mr. Yuschuk say, the difference is that CI-professionals don't use illegal special means ("bugs"). That's right, but before starting a research (I mean doing the order), they need to study the customer in order not to give him critical information about the object, that can be use to harm the latter

 

[hound]

А у меня на сайте (в форуме) народ обсуждает отличие КР от ПШ - и что-то разницы не видит... Наверное, не-профи.

[CI-KP]

А у меня на сайте (в форуме) народ обсуждает отличие КР от ПШ - и что-то разницы не видит... Наверное, не-профи.

Обычно подобные обсуждения - сродни обсуждению деятельности милиции по сериалу "Опера" или рассуждению о деятельности разведки по сериалу о Джеймсе Бонде.

 

Большинство обсуждающих, как правило, руководствуются распространенным принципом "Я это кино не смотрел, но осуждаю". Это нормально :)

[AlexT]

Интересная тема. Спасибо. Есть что обсудить.

Обычно подобные обсуждения - сродни обсуждению деятельности милиции по сериалу "Опера" или рассуждению о деятельности разведки по сериалу о Джеймсе Бонде.

 

Большинство обсуждающих, как правило, руководствуются распространенным принципом "Я это кино не смотрел, но осуждаю". Это нормально :)

 

:smile20: Меткое сравнение.