Industrial and commercial espionage

Anyone who travels a lot on business will have noticed infamous product copies. However, there are not only facsimiles of watches, jewellery or army knives: Around 70 percent of German companies are apparently affected by product and brand espionage (VDMA study Product Piracy, 2014). The damage to the Swiss mechanical and plant engineering industry would have to be in the similar billions.

At Swiss customs, one experiences time and again that even "atypical" goods such as screwdrivers, electrical switches or car accessories are pushed across the border.

Cheap counterfeits may dazzle tourists elsewhere, but excessive sales of counterfeits undermine domestic businesses and jobs. When it comes to actual industrial espionage, associations and political commissions also point to lengthy recourse requirements and significant location problems, see the "Swissness rules" to be implemented as of 1 January 2017.

A single distributed advance copy of an innovation announced as significant brings with it image, if not reputation, problems. But how can manufacturers, who have to establish themselves on many levels, protect themselves against brazen copiers at trade fairs or in the legal environment?

Dubious customer conversations
Of course, companies want to present themselves as open and accessible. After all, they don't want to scare away new customers. On the contrary. However, too lax an "open-mindedness" unfortunately also harbours gaps. A particularly casual approach to acquisition at trade fairs and events could also attract plant spies. Security experts such as Doug Helton, former counterespionage specialist with the U.S. Air Force, emphasize: "Trade fairs are perfect for criminal activities. It's easy to mingle and ask surveys." In the trade jargon, this approach is known as

"New customers can pass on confidences, no matter how small."

Elicitation" is the term used to describe the skimming of conversations. One of the spies' most important means of elicitation is to deliberately mention false information that the counterpart, the actual insider, wants to correct. The most sensitive product points are then carelessly revealed.

By providing specific details, possibly through frivolous picture postings on social media sites, previously familiar, polite customers can crib partial information, possibly originating mass. Klaus Nowocz of bbcom secure, a security service provider specialising in mobile phones, says: "Manipulated mobile phones with fictitious customer numbers enable remote data taps after the show."

Companies therefore show themselves vulnerable to espionage not only in conversations and in the actual stand setup. The real vulnerability lies in BYOD devices, in private communication models that expose unprotected information in mobile use. Last but not least, many companies present themselves using laptops or iPads that have not been locked, let alone protected (encrypted)

The oldest trick in the book, however, is "flattery". Trade fair visitors praise the expertise of the employee at sales stand XY.

Economic spies inspire employees at every level, if possible, and are not stingy when it comes to eliciting important elements for an entrepreneurial panorama from others. Unfortunately, industry trade fairs and network dialogues are not immune to dubious customers, or eavesdroppers and colporteurs.

Focus on leading trade fairs
The press office of GDS Düsseldorf, the largest shoe fair in the world, recently revealed that up to 170 counterfeits were recorded around the GDS trade fair date. Other relevant trade fairs probably harbor even more serious damage lists. With regard to an unstoppable wave of plagiarism, it is astonishing that so far only those responsible for BASELWORLD, the most important trade fair for jewellery and watches, have set up an internal arbitration tribunal unique to the industry

For over 25 years, the MCH Group has been committed to protecting intellectual property and supporting the fight against plagiarism within the framework of the BASELWORLD World Watch and Jewellery Show. At this exhibition, anyone who feels that their intellectual property rights have been infringed by the presentation of an object may appeal to the exhibition's internal arbitration tribunal - the so-called panel. The panel decides within one day whether the rights to invention patents, designs, protected works or trademarks have been "infringed".

Even if the customers or exhibitors classified as criminals are no longer allowed to enter the exhibition grounds, further copycats and abuses are the order of the day at leading trade fairs. Many copiers make use of inconspicuous and simple techniques: they photograph products from a distance, they may even sketch studied products by hand 1:1. According to the MCH Group, the only thing that helps against this are patrols of undercover security guards who stroll through the halls.

The fact is: industrial companies would have to expel notorious "copyists" from their sales stands themselves - a complex balancing act between customer openness and the protection of trade secrets.

Legal uncertainties
Even if insiders no longer attach as great a role to white-collar crime in this country as they did before (see PwC study "Global Economic Crime Survey - A Swiss Perspective"), the auditing firm PwC shows that Swiss companies are affected by corruption and white-collar crime. 65 percent of 83 Swiss executives surveyed ranked embezzlement first among economic crimes, with cybercrime coming in second with 26 percent of the vote.

Only the punishments for white-collar crimes, legal experts inform, will have a greater impact than two years ago. Two years ago, 60 percent of the affected SMEs reacted with dismissals for in-house white-collar offenders. Now, terminations occur in more than 80 percent of cases. In about 60 percent, according to Fabio Tobler of PwC, civil criminal proceedings are initiated. More controversial in matters of information protection and white-collar crime seems to be the ability to draw a crystal-clear line between delinquents and specialists in each case. Federal authorities, for example, show timidity in distinguishing (CD) data thieves from whistleblowers. - Ivan Büttler, managing director of Compass Security AG and official Swiss "hacker", currently sees only marginal offences in the area of industrial espionage in Switzerland.

However, Büttler points to increasing cyberattacks in the banking and insurance sectors: "Hackers, but also employees, repeatedly try to conduct insider trading with unpublished quarterly reports." The crux of the matter: Efficient risk and control management in companies requires - see KonTraG, the law on control and transparency in the corporate sector - accounting transparency.

Criminal forces, according to the specialist of Compass Security AG, would therefore especially try their hand at sensitive banking or administrative data.

Further information on current IT dangers and abuses in the social engineering sector is provided by the Reporting and Analysis Centre for Information Assurance (MELANI) at: www.melani.admin.ch.