The Competitive Intelligence Agent from MI5

Brand Killer Robots reveal::

All we knew about Frank was that he worked for a market intelligence service provider beforehand and that he had some trouble with his lady boss, over some flawed analysis he was supposed to have produced. His excuse was that the brief he had been given was purposely designed for him to fail and tantamount to constructive dismissal. We also knew that he was having some problems with the landlord at his flat, but that is all we were allowed to know.

Frank was a thin, wisened guy, about 5.8" and 35 years of age. He spoke in slow monotones, paused to think about what you said before responding and was fastidiously organised and tidy. His demeanour was almost one of a depressed, mole like person. In fact you got the impression that Frank was quite special. Perhaps someone who had the qualities to have held much more significant roles elsewhere.

Frank was the man from Westminster. The man from MI5. One minute Frank was an architect building market segment models, comprising growth drivers and strategic views, the next minute Frank was a spy in the middle of executive conversations and exhibitions full of competitors. Later he would be upstairs having a cosy chat with the CEO of the day - which quite often than not excluded his real boss, the Marketing Director.

Frank had a model. Frank fueled this model, from the competitive intelligence he acquired. Assimilated, distilled and qualified, qualified, qualified.

Frank had clarity. Frank had focus. Frank had quality.

Frank was the man from MI5.

Corporate Intelligence Spies:: Should we be looking Beyond the Obvious?

Brand Killer Robots reveal::

If you came across an Al kaeda cell, would you think of calling your local policemen to deal with it - or would you call MI5, MI6 or CIA? So why do managers think that corporate spies can be repelled using IT security policies or Human Resources Personnel? After all, Corporate spies have a very different motive and capability than a 16 year old hanging off an ADSL modem out of a basement in Belarus or a stupid incompetent employee pressing all the wrong buttons.

Corporate Spies are only interested in three things:

1. Gaining 'just enough' access to the target organisation

2. Perpertrating a specific attack, such as sabotage, theft and/or installing a trojan horse.

3. Exiting out - or better still, being exited out - under a cover.

Corporate spies have absolutely no interest in the organisation other than gaining sufficient access to target areas, then maintaining and leveraging their position in the organisation until such a time as they have infilitrated their tradecraft to achieve the desired result.

A spy will not play the same games as security personnel expect them too. They will not attempt to gain access to a system, whilst sitting at a desk with a fixed ip address, so system logs can be later scanned and reveal their attempts at locating data inside the managing directors PC folder. They will not make any specific requests themselves for access to any resource, so they build up a record of attempted breakins. They will not allow themelves to be seen to see or do anything that can be classified as 'out of the ordinary'.

What they will do is take more documents to the photo copier than they needed to (maybe pocket the ones they weren't supposed to be copying). Perhaps print 2 copies of the same document (under the guise of being a mistake if detected -"only meant to print one guv!") and then fold the second copy into a paper airplane and slip it in to the top pocket.

What they will do is elicit certain types of information from staff by offering stories of past experiences designed to provoke the right kinds of response and to develop trust.

What they will do is to alter the AT settings on a modem to enable them to dial in to the network at midnight and lift one or two interesting company files.

What they will do is look technically inept, to enable them to engender pity and support from their peers, which usually leads to access to further information.

What they will do is test the strength of executive accumen and corporate strategy by demonstrating potentially viable business solutions or scope the security officers level of knowledge and confidence, by mentioning they have recently read an article on a new security threat, that they know you won't have implemented measures for.

No, the activities of the corporate spy will not be halted by conventional approaches to information security or personnel management.

They can only be halted by trained counter intelligence operatives. People who look beyond the obvious.