"The FBI is well aware of deliberate targeted attacks that were aimed at stealing sensitive data from organizations, including NASA, the Department of Defense, and individual defense contractors," said the FBI expert. "We're still trying to deduce the magnitude of the problem, and a lot of that has to do with what we've dealt with in terms of investigating any ex-filtration of data and where it has ended up."
Mahlik said that two of the most significant trends feeding the need for corporate counterintelligence are offshore outsourcing and the heavy flow of foreign engineering talent into U.S. corporations and research institutions.
While it remains hard to prove that foreigners are being trained specifically with the purpose of infiltrating U.S organizations to steal valuable data, he said that the concept is very real.
"This isn't about traditional spies anymore; the engineer, student, or business partner are the threat now, and these people are being given increased access to corporate secrets, intellectual property, and pre-patent research information at universities," Mahlik said. "These types of people are being actively used to ex-filtrate key pieces of information back to their homelands as there is always a race to establish a competitive advantage."
Data security in a global market
David Drab, principal for the Information & Content Security group at Xerox, said that companies are increasingly coming to the imaging giant looking for new ways to label sensitive information and track its flow among users in the workplace and throughout their supply chains.
Before joining Xerox, Drab served at the FBI for 27 years and observed, among other things, the flow of former KGB agents in former Soviet states into criminal organizations.
A good number of those intelligence experts were trained in the art of finding holders of sensitive corporate and national defense information and trying to liberate the data, he said, and many are likely employed in efforts to steal whatever plans they can sell to others for a profit today.
"This is why you have Wal-Mart hiring former government intelligence officers. It's not about spying so much as it's about identifying business risk and what is occurring with competitors in the global environment," Drab said. "These companies are creating separate entities from traditional security or IT security to allow management to identify people internally who might have access to high-level information or might be targeted by competitors or foreign entities."
Drab points to the 2001 indictment of two Japanese-born individuals accused of stealing research on Alzheimer's disease from the Lerner Research Institute (LRI) in Cleveland as proof of the need for enterprise counterintelligence.
One of the accused researchers subsequently pled guilty to charges of misleading investigators looking into the situation, while another, who returned to Japan to work for a quasi-government agency working on Alzheimer's research, was unsuccessfully sought for extradition to the U.S. to face trial.
Among the tools developed by Xerox to help trace the use of paper documents, one of the hardest data formats to track, are gloss marks and infrared stamps used to create a trail of evidence as to who might have accessed, printed and walked off with sensitive data when copies of any stolen documents are recovered.