Traveling for Work? 5 Tips to Protect Yourself From Espionage
In the TV show The Americans, there is a scene at a conference in which Russian spies kidnap a Lockheed Martin engineer and blackmail him to acquire sensitive technology research in his hotel room. While most security or high-tech professionals are unlikely to be kidnapped, other aspects of this scene might as well have been taken from a real-life scenario. In a world that increasingly measures national power with economic dominance, nations’ industrial bases find themselves relentlessly threatened by the theft of proprietary information and critical technologies.
These risks are only proliferating as foreign adversaries shift their espionage activities away from military and political targets to commerce. Additionally, industrial espionage may also be committed by domestic competitors eager to gain an advantage in the commercial space. Since security professionals often travel for work conferences and industry events, it is critical to be aware of the psychological techniques threat actors may use to elicit confidential information. You may already be aware of attacks that are delivered through malware in emails or phishing attempts from your mobile device, but it is just as important to be aware of the hacking attempts that can occur face-to-face, when you’re least expecting them.
For more than two decades, former CIA senior intelligence officer Peter Warmka made a living out of exactly this form of clandestine intelligence collection, commonly referred to as social engineering. In his memoir, Confessions of a CIA Spy: The Art of Human Hacking, he shares the detailed methodologies that he and other threat actors use to breach the security of their targets. Following his retirement, Warmka made it his personal mission to educate American corporations, organizations, and academic institutions on how to protect their sensitive information and personal data from hacking attempts through the Counterintelligence Institute.
In a recent interview, Warmka explained his motivation for getting involved in educating organizations and security professionals on how to protect themselves from espionage: “When I retired from the CIA back in 2010, I started seeing a lot of data breaches happening globally, affecting every type of organization. I realized people are over-focused on technology as a solution to preventing these data breaches, regardless of the fact that over 90 percent of successful data breaches start with some form of social engineering, or what I like to call human hacking.”
According to Warmka, people are generally more open when they are out traveling and attending conferences compared to their regular routines, making these environments fertile ground for targeting individuals. With this in mind, Warmka shares several tips on how professionals can protect themselves.
Be Aware of the Information You Share on Social Media
Many spies use social media as a starting point to gather background information and create a profile of their target that includes a strategy on how to best approach said target. If you detail your education or volunteer activities on LinkedIn, a threat actor can use this as a pretext to approach you and create affinity. If you post photos of yourself frequently drinking or partying on Instagram, you might inadvertently be indicating a weakness for a threat actor to exploit. From economic status to political convictions, all information you share on social media can be used for manipulation.
If Something Doesn’t Feel Right, Counter with Your Own Questions
When prying information from his targets, Warmka often asked subtle, indirect questions with the aim of getting the target to speak as much as possible.
“If the target brings up an interesting piece of information that I want to glean more details on, I might repeat the statement to the target to encourage him to talk more about those details,” explains Warmka. “I might make a statement about a certain technology that I know to be untrue, just so the target will correct me and reveal sensitive information.”
If someone seems too eager for information from you, listen to your gut. Turn the tables on that person and start asking him questions about himself. If he carefully pulls away, that could be a red flag. Find a quiet place to check out the person online; if all you can find is a LinkedIn profile and nothing more, this might be a sign that someone is not who he says he is.
Take Additional Precautions if You Are One of the Conference Speakers
Conference speakers present unique opportunities for a threat actor. The speaker’s bio and schedule are likely to be posted at the conference, making it easier for the threat actor to track and approach the target following the presentation in a casual manner. Warmka admits that he often took advantage of these situations, complimenting the speaker on her work and then encouraging her to open up further on a topic that the target was clearly enthusiastic about.
Never Lend Out Your Electronic Devices
Don’t lend your phone to anyone, even if it’s just so someone can make a quick call. It can take only seconds to perform a cash transfer or install malware on your device.
Conduct Yourself Accordingly in the “Privacy” of Your Hotel Room
Assume that none of the conversations you have in your hotel room are private, especially if you are traveling to a conference outside the United States that has looser surveillance laws. As for the safes in your hotel room, they can be easily breached by someone who works at the hotel without you ever being the wiser.
If you use the Wi-Fi, ascertain the hotel’s private network ahead of time, since it is easy for someone to set up another Wi-Fi that has a name that is very similar to the hotel’s legitimate, closed network.
Next time you’re traveling, keep in mind that knowledge is power—especially in the hands of your competitors. Educate yourself to recognize common hacking attempts so you can keep your critical information safe, no matter the location.
Jessica Lauren Walton is a communications strategist, video producer, and writer in the U.S. defense sector. She has written articles on a range of security and mental health topics and conducted interviews with military leadership, psychologists, filmmakers, CIA officers, journalists, and more. To learn more about her work and forthcoming memoir about an American working in the Israeli security field, visit www.jessicawaltonwriter.com.