Friday, June 12, 2015

Guest Blogger: Walter Felix Cardoso Junior

Today’s guest blogger is our alumnus, Walter Felix Cardoso Junior (DPRM 2002, CDIM 2004, ICCT 2006) Retired Colonel of the Brazilian Army, PhD in Production Engineering from the Federal University of Santa Catarina, researcher in Defense and Intelligence Processes, is Manager of Systems Architecture and Operational Intelligence of Cassidian Defence and Security of Brazil Ltd authored this article. The English version is presented in the beginning with the Spanish version to follow.

El blogger invitado de hoy es nuestro egresado, Walter Felix Cardoso Junior, (DPRM 2002, CDIM 2004, ICCT 2006) Coronel Retirado del Ejército Brasileiro, Doctor en Engeñaría de Producción por la Universidad Federal de Santa Catarina, investigador en Defesa y Procesos de Inteligencia, es Consultor de Arquitectura y Sistemas de Inteligencia.  La versión en inglés la presentamos primero y la versión en español está a continuación.

The statements and opinions presented by the author do not represent the views of the Department of Defense (DoD), the National Defense University (NDU) or the William J. Perry Center for Hemispheric Defense Studies.  Any release, quotation or extraction for publication must be coordinated with the author of the document. 

Las ideas presentadas por el autor no representan las opiniones oficiales, ni del Departamento de Defensa (DoD), la  Universidad Nacional de Defensa (NDU) o el Centro de Estudios Hemisféricos de Defensa William J. Perry. Para cualquier uso, en todo o en parte, de las mismas, o para su publicación, se sugiere la debida coordinación con el autor del documento.

Brazil 2014 – Corporate Espionage
By Walter Felix Cardoso Junior

Initial ideas

This essay aims to draw attention to the basic theme of corporate espionage. It clarifies and perhaps advises our employees that operate in Latin America, and especially in Brazil, to better understand the need for self-protection; not only that, but to apply proactively defensive attitudes that may mitigate the security risks of business operations.

I analyze the experience and the reorganization of the contemporary world economics’ space, as a result, largely, of the controversial financial concentration that seriously affected the United States and Europe in recent years, in the context of the current international situation, the antithesis of the Neoliberalism disseminated by the countries of the first world until the great crisis of 2008. The phenomenon has favored the rise of regional geopolitical powers that, every day, signs their role in the overall multipolar; highlight among them Brazil.

Brazil assumes, effectively, the great exponent of posture, while industrialized and emerging power which imposes itself as the largest in Latin America. This probably happens because this nation has almost half of the regional domestic gross product, population and physical continental basis. Only the city of São Paulo, the largest Brazilian metropolis, alone produces more wealth than the State of Israel, Egypt and Chile, according to the International Monetary Fund (IMF). In 2009, São Paulo held the position of the fortieth economy of the Planet[1].

There are obvious abundant flows of speculative capital in the territory, which may make the country vulnerable, including the insistence of clandestine groups in an attempt to irrational exploitation of their wealth, especially in the Amazon, and perhaps in the pre-salt (oil).

With the weakening of central power, exercised by the wealthiest and most developed countries, Brazil has recently become an interesting and attractive economic hub of global significance in several respects. However, reins here, the capital rule, which associates risks in proportion of higher returns.

If things in Brazil, on one hand seemingly got better in the economic dimension, on the other hand, it went against serious deficiencies pointed out in the Human Development Index (HDI), which led me to focus on in this article, the lack of effective solutions the dimension of Public Safety, not only for the people but also for business organization.

Indeed, Brazil has been a champion of good and bad practices in safety issues. While the Government and the people organized enough to strive forward in the planning and implementation of social protection measures, the population is between two fires: on the one hand, the failure of public policies that result in increased crime, especially that associated drug trafficking (mainly crack); on the other hand, endemic corruption and inefficiency of justice, in many cases, exacerbated by the growing power of "organized" crime (better say, "systematized"), with the contamination of the state apparatus in the three branches, all this added to the tradition of electing mediocre politicians with no vocation to serve.

Regarding public safety in some corners of this giant of the Latin America, the picture is bleak; so, the trend is getting worse with the achievement of world-class sporting events, the 2016 Olympic Games, because they can bring decoys for the expansion of criminal assaults: frauds, cyber-attacks, diversion of resources, terrorism, espionage, among other trickier activities.

My experience and analysis indicate a significant increase in casualties among Knowledge Workers, usually as a result of misinformation about potential risks involving activities that require intensive human relationship, especially in environments where it becomes easy to disregard the Regulations and Corporate Procedures already consolidated.

In the following text, I want to emphasize that attitudes can be simple, many without any economic cost, but of great importance for self-protection. With the same tone, I recommend attention to the safeguarding of intangible corporate, institutional corroborating the necessity to develop a true mindset of risk prevention in the chain of knowledge production, from planning, collection, processing and analysis, and even its controlled spread. 

The threats and where they could appear
the war migrated permanently to the "economic dimension". The agent who handles sensitive defense informational input and security strategic business, especially those professionals who circulate on "risk environments" such as Brazil and other Latin American countries, are always in danger.

Espionage is a crime, but thrives with impunity in most corporate environments, business, government and the third party. Many professionals who deal with sensitive knowledge have a misguided perception of privacy, which is unreal and illusory, riskier than they think.

The illegal capture of sensitive information can be perpetrated by Intelligence Services (in Brazil, the Brazilian Intelligence Agency - ABIN, and the "Intelligence" of other nations that operate here with ease), Armed Forces and Auxiliary, government agencies not linked to "intelligence services" (such as the IBGE, the Brazilian Institute of Geography and Statistics, the Institute for Applied Economic Research - IPEA, among other agencies with the abilities to deeply investigate citizens and their companies), banks and other public and private parties in the financial system, private research agencies, nonprofit organizations (non-governmental organizations - NGOs), private research companies masquerading as security condominium companies segments through media journalists linked to media organizations or freelancers, academics researchers, interns and trainees (often introduced by competitors), but also by various criminal organizations that operate in this diffused transnational environment.

Methods to operationalize espionage
The planned effort to catch illegal information inputs in corporate environments, as those in Brazil and other Latin American countries, may involve convergent processes and often complementary. To better understand the phenomenon of espionage practiced here is necessary to consider the cultural heritage of the Brazilian people (subservient mainly colonizing culture Lusitanian), and its peaceful nature, inherited a history of bloody conflicts permeated by few (the last major war on the Brazilian territory occurred in the far nineteenth century), the governmental system prevailing political ideology, business practices, and what many call "ethical market". Nevertheless, beyond the rigor of this study anthropological bias, will be essential to study and understand the capability of the forces that compete in regional arena, viewed as adversaries, rivals, opponents and the top of that scale, classified as enemy, to undertake actions adverse and illegal to obtain relevant information at any cost.

I cast a vast technological apparatus used in illegal surveillance activities, aimed to observe and track discrete targets, specialized devices that are available to citizens in any Brazilian city, midrange, low cost, which can be materialized in devices often imperceptible, invasive and very effective.

The Cold War’s old spy tactics cannot be disregarded in Brazil, such as recruitment[2], infiltration[3], extortion by blackmail, and pheromone traps, which here have been employed widely in corporate battlefields, by being classic cases. Proliferate yet discreet and illegal actions of looking for something on hotel premises to obtain evidence to be used in due course against the honor and privacy of people targeted for playback and modification or replacement of confidential documents, theft laptops and other objects to disguise intent, including collection of sensitive and careless garbage, but rich in information resources for the competitors.

It is worth mentioning that, in general, victims of theft equipment occurred in a hotel suite may possible adverse suspect action planned by unfair competition, however, if more dependencies from the same establishment has also been "visited" and properly "cleaned", suspicious may weaken, and the argument will prevail burglary followed by common larceny.

Technical clandestine information-gathering
I call first line Intelligence the one which surprises their targets, mainly because it acts secretly and gets right to the point of interest. We can point to several recent cases of espionage with this "digital" in Brazil. For instance, in "Secrecy and Democracy," Oswald Le Winter, former CIA (Central Intelligence Agency, U.S.), the author clarifies the intercepts of phone calls occurred in 1995 on the Brazilian authorities and company executives of the French Thomson, about a radar system that the Brazilians wanted to acquire to monitor the Amazon area. The U.S. firm Raytheon, also interested in the dispute, effectively spied on the links, and in possession of confidential information, has benefited, in the case of the Amazon Surveillance System (SIVAM), a deal that surpassed the figure of $ 1, 3 trillion US dollars. For better assimilation of the potential risk of subtle techniques applied by intelligence officers, relate, soon after, the most threatening:

Data Extraction: Two people can engage each other in a seeming normal conversation, but it is not, since one of them (the agent), hides his real goals, during the conversation, and protects his identity to obtain relevant information from another previously indicated. The technique is to let the target comfortable enough to wander about the desired informational inputs, almost always free of guilt, the "leak" of relevant sensitive information. It is an invasive practice which has recognition problems, but unable to prevent the targets from lies, or they can refuse to answer certain questions.

Social Engineering: Using planned, covert, deliberate and intentional personal sympathy, seduction, influence, persuasion, lies and vile purely to attract, persuade, deceive, manipulate and obtain conscious cooperation and often on involuntary of one or more people, all with the purpose of gaining features, advantages and mainly a potential access to data and information of high interest of the agents, in person, at a distance, or a combination of both modalities.

Listen Clandestine: It is generally sufficient to agents posting favorably in relation to targets, to listen (capture) talks, even without the aid of specialized equipment. In certain situations, you can use sophisticated and discrete devices to film and record the distance, with absolute clarity even in low light and can eliminate ambient noise through filters.

Clandestine Entry: Invasion of private property, vehicles, hotel’s rooms in hotels and business or government facilities to take or copy documents, correspondence and trash, or to install or to collect electronic surveillance devices previously installed.

Electronic Intercept: It's a classic and important mode to obtain other’s information, in general using illegal interception of phone, using electronic devices able to collect the flow of voice and data communications.

How to protect our person
I recall the common concept that there is no unachievable target, therefore I say it is appropriate and necessary to set aside any shred of ingenuity in the face of actual facts and take a proactive and professional stance, clear and objective against acts of espionage. First of all, know in advance your own security vulnerabilities (including the company’s), then act to minimize them, by participating in constant and updated tech training with objectives aimed at protection and always opt for decisions supported by common sense before risk situations.

Obviously, these measures are only the first steps on the scale of the necessary expertise of staff within the company. They tend to improve the security status of professionals, amid ubiquitous and illegal attempt to capture information in hazardous environments. Then I will suggest effective attitudes that are easy to perform by those comrades who seek protection against espionage:

• When away from work, turn off the computer or set to hibernation mode.

• At the end of the workday, lock drawers and files. Documents and reports, including the old ones, should be stored properly, or even destroyed if not needed. Locking doors and check the latches of the windows is also recommended, even if the office is located in the company's internal dependency or in a building’s upper floor.

• Without it becoming obsessive, try to leave some small traps to the intruder "leave the signature" at coming into your room and accessing documents and computer: a role slightly leaning to the phone, the laptop in a certain position, an open agenda in our chosen page, imperceptible triggers that will indicate unauthorized access.

• Answer the phone calls in formal and professional way, measuring your words well in case of inadequate or trick questions. This is a basic care to protect the organization against invasive processes of social engineering. Give preference to requests about products information or services submitted in writing (e-mail).

• Grind sketches and scraps of paper containing sensitive information, and timely, important documents that are no longer needed, as I said, garbage configures an excellent resource to be exploited by spies, due to carelessness and improper functioning of the false sense that only the cleaning elements manipulate the public.

• Be very careful with the information you want to share on social networks. It’s wrong to believe there are always well intentioned people participating in networking sites and WEB that these people work for free for the amusement of others. Social networks consist also in negotiable databases, which store addresses, names and other sensitive information that are easily accessible. By providing ideas and images that could identify individuals or organizational employees, remember you're representing, not only you, but your family and the Company.

• In case of travel, be upfront, plan and seek to learn about all the security conditions prevailing in the area you will act, and also learn about the people who you will interact in with these environments.

• Instead of carrying the laptop in typical suitcases, which attract the attention of opportunistic prefer to disguise it in a briefcase or backpack, if you opt for the backpack, remember to carry it in the front of the body.

• Unless you receive specific guidance, do not provide personal or functional data to third parties and do not discuss service matters with strangers, travel agents and intermediaries or disclose information about the Company and the work in progress.

• Ignore or avoid compromising conversations and suspicions questions. If this is not possible, respond to callers in a polite but noncommittal manner.

• In airports, subways and any external events, take extra care in cases of suspicious approaches, apparently casual, especially those made by well-articulated and attractive opposite sex.

• The commercial area employees are especially encouraged to communication and visibility, essential characteristics for success in your activity. These fellows need to be more attentive than others, because they are naturally more accessible than the others approaches from strangers.

• In risky environments do not leave visible vulnerable mobile devices such as laptops, tablets, etc., nor forsake in safes or hotel suites.

• Keep in separate the processing devices and storage media of sensitive information.

• It is recommended that your business card contains only sufficient information for institutional presentation of the employee and the Company’s name, address and phone numbers. Additional data may be added on the back of the card by hand, when and if necessary.

• Do not address sensitive issues in public transportation, elevators, restaurants, stations or other public places. If a co-worker asks about a sensitive issue, move the conversation to another topic. We never know who is listening.

• Never use unfamiliar interlocutor’s equipment to process or transmit sensitive information.

• As soon as possible, report to a proper channel, all suspicious incidents experienced.

Keeping a low profile visibility
In certain cases, considering regional characteristics, it may be difficult to establish and maintain a low profile visibility while performing work outside of headquarters. A simple tour of duty with the holding of thematic presentations, you can join the professional of government programs and important and sensitive corporate projects, which end up being attractive to practice adverse actions, such as espionage.

To behave in an unusual manner on a day by on a large Brazilian metropolis like São Paulo, Rio de Janeiro or Brasilia, can, in certain situations, arouse unwanted attention from malicious people. Attitudes like these are enough to significantly reduce the security status of the professional in public.

To maximize discretion in risky areas, it is prudent not to use uniform, corporate logos and buttons in public. A simple demonstration of depth domain knowledge about a specific and relevant topic reinforces the status of an intelligence target for first-line rival, and also for criminals who are always lurking.

The use of exaggerated and ostentatious means of protection can increase the security risk, because the procedure may clash over what is usually adopted by the group, eventually placing the person at an unusual focus of attention. Other risk behaviors should be avoided at all costs, such as the acquisition of objects not allowed by law, cohabitation, albeit fleeting, with people of ill repute, the consumption of narcotic substances, including alcohol and congeners, and some common practices in business travel.

Technology that facilitates the espionage practice
The cyber espionage poses an exponentially threat worldwide, and Brazil is no exception. There is an increasing demand for safeguarding protected informational inputs from governments and also businesses secrets. Note that digital security experts have reported in the press that Latin America recorded significant annual growth of offensives, whereas in countries like United States, Australia and Canada, statistics indicate a decrease.

The criminal intangible assets subtracting, customarily performed by "insiders" and their co-opted, is changing format, and each passing day, it becomes easier and cheaper to get remotely sensitive information from an organization. The intensive use of Internet social networks associated with the proliferation of smartphones and tablets in corporate connections, and facilities to carry in their pockets proprietary information have inspired dangerous security vulnerability. Without a trace, hackers and spies can invade the fixed and mobile devices, and they may even have access to better protected corporate databases.

Well short of wanting to turn this into major theme paranoia, I add that the standard operating procedure of protection usually suggested to executives who travel by trenches Latin America recommends the following:

• Do not use mobile phones, tablets and notebooks of own. Use pre-prepared corporate devices whose information content is extracted before departure and after arrival[4].

• Choose strong passwords, subjecting them to a safety test. Remember that in addition to personal, nontransferable, password possesses the feature of irreversibility, in other words, the holder cannot deny its authenticity, in case the same leak, for negligence, malpractice, even if in good faith[5].

• Do not enable Bluetooth and Wi-Fi, keeping your phone within reach and sight.

• During service meetings, turn off your phone and remove the battery from the device as it is technically possible to remotely turn on the microphone.

• Connect to the Internet only via encrypted channel (VPN) with password like "copy and paste" from an inserted USB drive (token).

• Transmit sensitive data information only by a secure channel, controlled and knowledgeable by the organization on the other end.

• Use only USB drives with encryption system to process sensitive information.

• Do not get people in hotel suites to handle confidential matters because there is a great possibility of being monitored by imperceptible electronic devices.

• Avoid being the target of lip-reading in risky situations discreetly covering part of the face and mouth when using a mobile phone or address sensitive issues with interlocutors in public.

To ignore the espionage is dangerous, especially when someone operates in hazardous environments. Any informational input can be obtained without authorization, support or knowledge of the people or organizations (targets). The world is increasingly driven by business intelligence, which makes protection issues more complex and expensive.

I assert, finally, that, contrary to what many people think, probably is the result of what they see in adventure movies, the practice of espionage in countries like Brazil, is not only about persecution in shantytowns, furtive meetings in the suburbs areas of large cities or in social sophisticated gatherings cut. It occurs most often in common use spaces, offices, happy hours and coffee breaks, mainly through the use of fleeting human abilities to perceive, seduce and persuade, when, what really counts is gain a competitive advantage. Protecting yourself from eavesdropping is a constant challenge, a goal to be pursued during the daytime by any conscious professional.

[2] Illegal technicians coop people within the target organization to act on behalf of a sponsor, through blackmail or reward. Should be considered a variation of this technique, called "cooptation of useful innocent", which consists in making a collaborator provides data without realizing the gravity of what you are doing, to ignore the true intent of the agent, who disguises through some subterfuge creative and seemingly innocent.
[3] Illegal technicians enter upon the achievement of a normal selection process, agents in key positions in the target organization to raise and transmit data of interest.
[4] For this to be feasible in corporations there must be good coordination between the internal sectors of Technology and Counter-Intelligence (Security).

Brasil 2014 - Espionaje Corporativo
Por Walter Felix Cardoso Junior

En un mundo donde la guerra ha migrado definitivamente a la dimensión económica, las personas que trabajan con información sensible, de seguridad o de negocios y, que circula en "ambientes de riesgo", está siempre en peligro.
El espionaje es un delito, pero prospera impunemente en la mayoría de los ambientes corporativos, empresariales y gubernamentales, sobre todo porque buena parte de los profesionales que trabajan con el conocimiento tienen una percepción de que la privacidad es algo muy poco realista. La captura clandestina de información sensible o confidencial puede ser llevada a cabo por los Servicios de Inteligencia (incluidos los de otras naciones), las agencias gubernamentales no vinculadas a los “servicios secretos” (como la Reserva Federal, el IBGE o  IPEA), las agencias privadas de investigación, las organizaciones del tercer sector (organizaciones no gubernamentales - ONG), empresas privadas de investigación que se hacen pasar por empresas de seguridad, los periodistas (vinculados a empresas de comunicación o trabajadores independientes), académicos, pasantes y becarios infiltrados por la competencia, así como también, por las organizaciones criminales.

En este trabajo se pretende aclarar la naturaleza de esta amenaza en el ámbito corporativo, indicando las actitudes básicas que pueden mejorar la protección individual y funcional, contribuyendo así al desarrollo de la mentalidad proactiva y la prevención de riesgos de seguridad.

Métodos de Operación
El esfuerzo de planificación de la captura ilegal de insumos informacionales en ambientes corporativos acostumbra a involucrar procesos convergentes y que tienden a ser complementarios. Para comprender mejor el fenómeno de espionaje es necesario considerar la herencia cultural de un pueblo, o su sistema político-ideológico gubernamental, las prácticas vigentes en los negocios y, principalmente, las capacidades contendientes de opositores y rivales, de emprender acciones adversas e ilegales de búsqueda de información.

La tecnología utilizada en las acciones de vigilancia clandestina, seguimiento y observación discreta de objetivos, se encuentra disponible en el comercio, a bajo costo, por medio de dispositivos muchas veces imperceptibles, invasivos y bastante eficientes. No obstante, antiguas tácticas de espionaje en tiempos de la “guerra fría”, como el reclutamiento[1], la infiltración[2], la extorsión mediante chantaje y la extorsión armadas por trampas sexuales, continúan siendo empleadas en los campos de batalla corporativos. Proliferan, incluso en estos entornos, acciones discretas e ilícitas de emboscadas en dependencias hoteleras, para obtener pruebas que puedan ser utilizadas oportunamente contra la honestidad o la vida privada de las personas seleccionadas, la reproducción alteración o sustitución sigilosa de documentos confidenciales, o el robo de computadores personales disfrazando la verdadera intención. Acerca de esa práctica criminal, vale la pena resaltar, que en general, las víctimas de robo de equipos en una suite de un hotel, pueden sospechar de una posible acción desfavorable prevista por la competencia desleal; en tanto que si otras dependencias del mismo establecimiento también hubiesen sido “visitadas” o debidamente “limpiadas”, las sospechas se debilitarán y prevalecerá la tesis de allanamiento o hurto común. La técnica hostil que procura enmascarar la motivación de ese acto de espionaje es llamada “Disfraz de intención”.

Técnicas de recolección de información     
La inteligencia de primera línea sorprende a sus objetivos o blancos, principalmente porque las acciones que desenvuelve son sigilosas y van directo al punto de interés. Sin embargo, el rostro más amenazador de los agentes de espionaje, puede ser percibido por la aplicación, muchas veces imperceptible de las siguientes técnicas (sutiles), entre muchas otras:
 Extracción de datos: Los interlocutores casuales, pueden hacer uso de algo que parece ser una conversación normal, pero que no lo es, ya que el agente oculta sus reales intenciones durante la conversación y protege la propia identidad para obtener información relevante de personas previamente señaladas. La técnica permite dejar a las personas lo suficientemente cómodas para proporcionar, sin culpa y costo alguno, información sensible. Esta es una práctica invasiva de difícil reconocimiento, pero que no evita que esos objetivos puedan mentir o negarse a responder determinadas preguntas.
Ingeniería Social: El uso planificado, disimulado, deliberado e intencional, de la simpatía personal, de la seducción, de la influencia, de la mentira y persuasión vil, para atraer, convencer, engañar, manipular y obtener la cooperación consciente y muchas veces involuntaria de una o más personas, todo con el fin de obtener facilidades, ventajas y principalmente acceso real o potencial a datos e informaciones de elevado interés de manera presencial (cara a cara), a distancia, o por una combinación de ambas formas.
·         Escucha clandestina: en general es suficiente para los agentes contabilizar favorablemente relaciones con las personas señaladas como blancos para oír sus conversaciones sin ayuda de equipos. En determinadas situaciones es posible utilizar dispositivos sofisticados y discretos para filmar o grabar a distancia con absoluta nitidez, asimismo, con poca luz y pudiendo eliminar el ruido ambiental por medio de filtros.
·         Entrada Clandestina: La invasión de propiedad privada, de vehículos o habitaciones en hoteles e instalaciones para sustraer o copiar documentos o incluso para implantar dispositivos electrónicos de espionaje.
  Interceptación electrónica (escucha telefónica): El uso ilegal de dispositivos electrónicos para interceptar y tener acceso a comunicaciones telefónicas de terceros.

Como protegerse
Inicialmente es necesario dejar de lado la ingenuidad y asumir una postura profesional clara y objetiva en contra de los actos de espionaje: primero, conocer previamente las propias vulnerabilidades y las de la organización, luego hacer formación técnica destinada a la protección y siempre optar por las decisiones de buen juicio en situaciones de riesgo. Estas son medidas básicas que promueven la seguridad de las personas en entornos omnipresentes de captura ilegal de informaciones. A continuación, se presentan la relación de actitudes por parte de las personas, que resultan eficientes y de fácil ejecución:
Cuando esté fuera del lugar de trabajo, apague el computador.
Al finalizar un expediente, guárdelo, cierre las gavetas y archivos. Documentos e informes, inclusive los antiguos, deben ser guardados adecuadamente o bien destruidos.  Trancar las puertas y comprobar también que los pestillos de las ventanas estén cerrados, es recomendable, incluso si la oficina está ubicada en las dependencias internas de una empresa o en pisos superiores de un edificio.
Conteste las llamadas telefónicas de una manera profesional y proteja a la organización de procesos invasivos de ingeniería social.
     Triture o destruya los papeles que contengan información sensible, así como documentos importantes que están caducos.

Tenga mucho cuidado con la información que desee compartir a través de las redes sociales. Al proporcionar ideas e imágenes que puedan identificar empresas o instituciones recuerde que usted está representando a su familia y a la organización a la que pertenece.
Oriente a sus dependientes sobre lo que no puede ser posteado en las redes sociales, principalmente fotos reveladoras con signos externos de riqueza y datos que faciliten su ubicación geográfica.
En caso de viajes, procure informarse anticipadamente sobre las condiciones de seguridad del área en va actuar y también sobre las personas con las cuales va a interactuar.
No señale a los agentes de viaje información sobre las actividades profesionales en progreso.
A menos que recibamos orientación específica en contrario, no converse sobre asuntos de servicio con extraños o divulgue informaciones sobre su empresa y trabajos en progreso o proporcionar datos personales o funcionales a terceros.
Ignore o evite conversaciones o preguntas sospechosas e incriminatorias. Si esto ocurre, responda a sus interlocutores de manera evasiva.
En aeropuertos o en eventos, esté atento o sospeche de los eventos aparentemente casuales, especialmente los protagonizados por atrayentes personas del sexo opuesto.
·         Mantenga separados los medios o equipos de almacenamiento de información sensible.
No aborde asuntos sensibles en transportes públicos, elevadores, restaurantes, aeropuertos, o en otros lugares públicos. Un compañero de viaje puede hacer desviar la conversación hacia otros temas, pues nunca se sabe quien está escuchando.
No utilice equipos desconocidos para transmitir información sensible.
Tan pronto como sea posible, reporte a través del canal adecuado, todos los incidentes sospechosos.

Manteniendo un perfil bajo de visibilidad
Comportarse de manera inusual para el día a día puede, en determinadas situaciones, estimular la atención no deseada de otras personas. Eso es suficiente para reducir el estado de seguridad del sujeto en un ambiente. En ciertos casos, es difícil establecer y mantener un bajo perfil durante la realización de trabajos fuera de la sede. Un simple viaje de servicio, como la realización de presentaciones profesionales, puede estar asociado a programas de gobierno o a proyectos corporativos importantes y sigilosos, señuelos para la ocurrencia de acciones adversas de espionaje. Para maximizar la discreción en zonas de riesgo, es prudente no utilizar piezas de uniformes, botones y logos corporativos en público. Una simple demostración de dominio sobre un conocimiento específico en materias relevantes, refuerza las condiciones de ser un blanco para la inteligencia rival y eventualmente para los criminales. La utilización ostentosa y exagerada de procesos y medios de protección individual también puede aumentar el riesgo, porque coloca a la persona en el foco de atención.  Las conductas de riesgo deben ser evitadas a toda costa, tal como la adquisición durante los viajes de objetos no permitidos por la ley, la cohabitación, aunque fugaz, con personas de mala reputación, el consumo de sustancias estupefacientes (y bebidas alcohólicas), etc. pues amplifican bastante los grados de exposición.

Tecnología y espionaje
El espionaje cibernético hoy en día representa una amenaza creciente para la protección de información clasificada de los gobiernos y de los secretos empresariales, especialmente cuando se viaja hacia los países con mayor desarrollo tecnológico. La sustracción criminal de activos intangibles, habitualmente realizadas por los “insiders” (agentes infiltrados y colaboradores insatisfechos), van cambiando de formato; cada día que pasa se hace más fácil y más barato obtener remotamente las informaciones sensibles deseadas por una organización.
El uso constante de internet, la proliferación de smartphones y la facilidad de conexión de dispositivos personales a las redes corporativas y de portar informaciones exclusivas, posibilitan una significativa vulnerabilidad de seguridad. Sin dejar vestigios, los hackers-espías consiguen invadir estos aparatos portátiles y pueden tener acceso a los bancos de datos corporativos.
Lejos de ser una paranoia, el procedimiento operacional estándar para los ejecutivos que viajan por las trincheras del primer mundo, recomienda los siguientes procedimientos de precaución:
·         No porte teléfonos celulares, tablets y notebooks propios. Utilice aparatos corporativos previamente preparados, cuyo contenido sea eliminado antes de la partida y borrado nuevamente a su regreso.
·         No habilite Bluetooth y Wi-fi, manteniendo siempre el teléfono celular bajo control y a la vista.
·         Durante las reuniones de servicio, apague el teléfono y retire la batería del dispositivo, es posible encender remotamente el micrófono.
·         Conéctese a internet solo a través de canal cifrado (VPN) con contraseña del tipo “copiar y pegar” realizada a partir de un pendrive (token).
·         Solamente transmita datos e información sensible por un canal seguro, controlado y previamente acordado con la organización.
·         Use solamente pendrive con sistema de criptografía para procesar temas sensibles.
·         No reciba a personas en la suite del hotel para tratar temas confidenciales, pues usted puede estar siendo monitoreado por medio de artefactos electrónicos imperceptibles.
·         Evite ser blanco de lectura de labios en situaciones de riesgo, tapando parte de su rostro al utilizar el teléfono celular, o al tratar asuntos importantes con interlocutores en ambientes públicos.
En conclusión
La ingenuidad de ignorar la inteligencia es tonto y puede ser peligroso. Cualquier insumo informacional puede ser obtenido sin autorización, apoyado incluso, por el conocimiento de las personas o de sus organizaciones. El mundo impulsado la inteligencia de negocios, torna las medidas de protección cada vez más complejas, y la seguridad tiene que estructurarse en forma eficaz en los ámbitos organizacionales y personales.
Por el contrario de lo que puede verse en las películas de aventuras, el espionaje no se da con persecuciones desenfrenadas,  utilizando automóviles carísimos por las concurridas calles de las metrópolis y con bandidos disparando contra los agentes de la ley. Se produce en los espacios y zonas de uso común de las empresas; en los happy hours, en los coffee-breaks, principalmente por medio de habilidades humanas para percibir, interactuar, seducir, preguntar, escuchar, comprender y registrar mentalmente. Protegerse del espionaje es un desafío constante un objetivo que debe ser perseguido diariamente por cualquier profesional.   

[1] Técnica ilegal de cooptar personas dentro de las organizaciones señaladas como blancos para actuar en beneficio de un patrocinador, mediante una recompensa o chantaje.
[2] Técnica ilegal de introducir, mediante un proceso selectivo normal, agentes en puestos claves de una organización señalada como objetivo, para levantar y transmitir datos de interés.

No comments:

Post a Comment