intelligence professionals emphasize that they can satisfy 95 percent of their
executives' needs for information about competitors using open, public sources
and legal, ethical methods. Most companies stop there--but not all of them.
Two recent news items suggested the lengths to which some information thieves
are willing to go.
In September 2000, Irwin
Jacobs, founder and chairman of Qualcomm Inc., finished a speech to the
Society of American Business Editors and Writers in Irvine, Calif., and
stepped away from the podium in a hotel ballroom. After talking with members
of the audience for about 20 minutes, he discovered that his laptop computer
was gone. Although local police considered it to have been a commonplace theft
of a $4,000 piece of equipment, Jacobs told The Wall Street Journal that the
information on the portable's hard drive could have been far more valuable to
foreign governments. (At the time, Qualcomm was negotiating a deal for CDMA
service across the People's Republic of China.)
It was later revealed that
Jacobs' laptop had been protected by nothing more than a basic Windows
password. Security experts say that's no protection at all. "That's
dynamite," says Graham Titterington, senior analyst for technology
consultants Ovum Ltd. in London. It's bad enough, he adds, that senior
executives may carry sensitive financial information and other critical
enterprise data on a portable machine, but if that laptop enables them to
access back-end systems behind the company firewall, "that's the biggest
possible security hole in the company's fence."
In October, Microsoft Corp.
discovered that for three months someone had been breaking into the corporate
network to look at the source code of products under development. It is not
known how many other documents were also accessible to the hacker, but those
sources could have included contracts, e-mail, marketing documents and other
key components of the company's business strategy and operations.
the police view of the theft of Jacob's laptop, Microsoft officials had little
doubt that this break-in was an act of industrial espionage. The incident was
a reminder that breaking into networks has become a useful tool for illegally
cutting corners. Obviously, the protection wasn't ironclad, but Microsoft's
security team is considered top-notch and few corporations have more resources
or greater incentive to maintain the integrity of their information channels.
If they can't keep their knowledge safe, who can?