Dienstag, 23. August 2011

EADS goes by rail

A few days ago – time and date are not important – I took the train from A to B, sitting there and reading about security problems inside the military industry, insider threats and bad spies from the outside. Louis Gallois, head of EADS – Europe’s defence and aerospace group, told us that industrial espionage threat is very real and very dangerous in China. Only in China?

I found myself inside a typical situation, which was predestinated for any ambitious spy from a foreign country, a noisy competitor or just an engaged extremist who wants to bomb the company. This situation shows me clearly how mindless all this stupid corporate papers and out-dated power point lectures are, when it comes to the profane and boring time in the afternoon, driving home, thinking about the girl last night, waiting for the next beer: A man sat in front of me, tired and obviously frustrated with his personal situation (Yes, I can interpret your facial expression and I can read in your sad eyes).

He ate his unhealthful chips, drank his unhealthful lemonade and decided to accept the incoming telephone call. With a too loud and clear voice he said his name and then, recognizing that it was his friend or colleague on the line, named him with his name as well. They talked about their last project and at least arranged a meeting in a bar in the town I also know (btw: the beer in this bar is too expensive).

After this disruption of my reading I examined his laptop.

And this:

Aha: EADS.  I checked my small private database via VPN and found 306 entries, among other things names, adresses, numbers etc. But this would be only important for a later background research – if this would be my intention.

Next thing: This guy was sitting at the end of the coach. Suddenly I had to go to the restroom and by accident I found later some pictures on my smartphone. Happily they were fuzzy *lol*

How many substantial errors can I list?

  1. The guy: He was talking too loud in the public about his plan for the evening with the accurate time, combined with
  2. my knowledge of his employer (EADS) and my pretty certain knowledge about
  3. his unhappiness, vanity and carelessness.
  4. The very easy access to his laptop: interfaces were open. Maybe bluetooth as well, his mobile on the table in front of me. And of course his
  5. really dense idea to read something on the laptop in the public. Et al. there were plans from buildings, sheets etc. easy to see.

This guy had luck – not only because I will not show his real face. If I would have a clear picture of his face maybe the following result would be another one…. And maybe Facebook Face Recognition would bring more results…

Ergo: Back to school!

Of course I don´t like trusts dealing with military stuff, but: They are building planes like Airbus as well. Ok, if they will ask me very friendly and promise to pay me much money I will teach them avoiding situations like this one! It´s not enough to build up an internal huge security branch with former intelligence officers. A few simple tricks and you will get an overload of information like the one above or the following:

And this is just a very simple example. I can remember a lecture of a journalist who showed me a few pictures directly taken inside the Airbus laboratories, which were not locked and not guarded by anyone. I still wonder how this can happen to a company which is to be found e.g. on the US-DOD contractors list with various entries. In 2009 Mr. Gallois discussed in Berlin the topic „Technology and People: Key Factors for a Sustainable Future of the Aeronautic, Space and Defence Industry“. Well, without a few clever security measures there will be no bright future and next year too no place on the “Top 100 Government Contractors”-list. And next time it´s not me sitting there amused, but a really bad guy…