Mike Ludwik had a few minutes to kill before the meeting began. He hated being late for meetings of any kind, even these informal “off the cuff” sort of meetings that Annette arranged this morning. Even worse, he hated it when other people were late for meetings. It was bad enough that they wasted their own time, but to waste the time of everyone’s was just plain rude.
Annette actually showed up a few minutes early which was just fine. She walked right in when she saw that Mike wasn’t on the phone and plopped herself down in a guest seat. Wasting no time, she began, “Remember when we talked about our security problems? You were checking into the more traditional means someone might use to steal information and I was going to sort of go over our computer security with a fine tooth comb?
“Well, I ran into something interesting.”
After a pause, Mike prompted her, “And?”
“There’s always been a certain amount of spying, disgruntled employees divulging sensitive information, accidental data access and just plain data theft happening all over the corporate and government data landscape and it’s really hard to notice anything new in the area of information ‘exposure’.
“However, I discovered a company which offers a remarkable ‘service’ to its customers and I wonder how many more like it there might be in operation out there. They will sell you information about just about anybody. I’m not talking about sales and demographic information from all your competitors, I’m talking about private stuff. The sort of stuff you might hire a private investigator for. Only these guys do their ‘investigation’ simply by watching data transmissions from their ‘target’ that traverse the information infrastructure over public phone and internet lines. They contend that since the data is traveling across so-called ‘publicly funded’ phone and data circuits, the information is available to the public.”
“So,” Mike responded, “there are outfits out there whose sole business is to simply monitor what comes and goes from an internet perspective from any prospective target and these people make money from this?”
“Apparently quite a lot of money based on what they charge for this so-called service. They monitor web traffic and perhaps, most importantly, any e-mail traffic, sift through it looking for potentially valuable information – at least valuable to a competitor – and package up the whole report and hand it over to your enemy.
“I found out about this really by chance. They don’t advertise, they have a web site which looks like a front for a legitimate data mining consultant outfit. But, most of their client base is built on reputation and word of mouth. Understandably, if the privacy fanatics found out about this, they would have a field day. Depending on your interpretation of legal use of public data circuits, they are basically stealing information and selling it on the gray market. Pretty cool really, no face to face meetings, no pawn shop or fence go-between and since no one knows their data has been recorded and re-sold, no one even knows a theft has occurred.”
“I see where you’re going with this Annette, since our little operation here is very cutthroat with very high stakes, you’re going to say that perhaps we’ve been ‘hit’ by these people. But, I thought you said that you were pretty confident that even if someone were able to intercept and monitor data traffic between us and our contractors, there would be no chance of exposure because of the high quality encryption we have forced upon all parties involved.”
“That’s still true, and I don’t see how we could be at risk, but, and that is a really big ‘but’, the information I have heard through the rumor mill is that these guys are even presenting stolen data to their customers that was encrypted by the target. Now, keep in mind, this is only a rumor, but I wanted to bring it to your attention.
“I don’t actually have anyone that I know of that has already been a target of one of these little deals, but I am still working on trying to find one. The trouble is in most cases, in fact, probably in all cases, the target organization doesn’t even know they were a target. The ones buying the information from this outfit are not admitting anything let alone having a frank and open discussion with me, so I doubt I’ll get too much further.”