Industrial Espionage

Industrial espionage (IE) is defined as the illegal acquisition of secrets from business competitors. It is an enigmatic phenomenon in business practice. IE is distinguished from all legal activities of competitive intelligence and scanning of the organizational informational environment. In addition to the distinction between legal and illegal activities, industrial espionage differs from environmental scanning with respect to the focus of the activities. The latter ones are systematized by three methods of managerial information gathering: (1) discovery: gathering of new information, at best largely unguided by the given a priori knowledge and predispositions; (2) expansion: incorporating well-defined information needs and being, thus, more focused on particular aspects that are considered to be worth investigating in further detail; and (3) monitoring: shifting from detection to a permanent observation of relevant developments.

With respect to this scheme, IE activities fit into the category of expansion. Because the spying organization usually has prior knowledge of the rival firm, it uses IE activities to complement this prior knowledge. Therefore, IE is unlikely to reveal “new” developments in the competitive arena, as proposed by the mass media.

Several historical examples clarify the importance of the IE problem: For instance, the Russian supersonic airplane TU-144 is suspected to have been constructed on the basis of the Anglo-French Concorde project. More recently, Oracle took SAP to court because of the illegal download of internal documents. Another prominent case is the 2007 “unauthorized intrusion” into computer systems of the TJX Companies, where 45.7 million credit and debit card numbers were hacked, along with 455,000 merchandise return records containing customers' driver's license numbers, Military ID numbers, or Social Security numbers. Apart from the sheer number of customers affected, this case is remarkable because even after disclosing the fraud, the company was unable to stop the intrusion immediately.

Besides machinery construction and software engineering, the pharmaceutical and the chemical industries are frequently the targets of espionage attacks. The Economic Crime Survey, conducted in 2007, summarizes data from 5,400 companies located in 40 countries. More than 43 percent of these companies admitted that they had been a victim of one or more significant economic crimes during the previous two years, although not all the frauds were IE-related. According to these data, China, Russia, India, Indonesia, Brazil, Mexico, and Turkey are high-risk countries because they harbor many aggressive IE offenders. Notably, in some nations, IE activities are supported or even initiated by governmental administrations. According to the U.S. National Counterintelligence Center, a total of 109 nations were identified as having conducted IE activities in order to steal U.S. corporate intellectual property in 2005. Thus, the distinction between IE and national security activities does not hold for business practice. Proceedings, methods, and technologies are similar; only the legalization differs.

Targeted Information

Secrets acquired by IE are typically divided into three data qualities: (1) customer data, particularly transactional details like prices, discounts and order volumes, [Page 860]credit card details, purchase histories, preferences, etc.; (2) technical data, such as formulas, manufacturing process details, etc.; and (3) strategic information, for instance plans for new product introductions, entries into foreign markets, negotiation results on alliances, cost calculations, etc.

...