By Luke Bencie
For most international business travellers, overseas hotel accommodations can conjure up an array of images. Depending on the region of the world they travel, frequent fliers know that lodging is never consistent. For example, Southeast Asian hotels deliver a personal attention to detail that can only be found in the Orient, while hotels in the Middle Eastern Gulf states compete against one another through stunning opulence to attract powerful sheikhs and wealthy oil barons. Closer to home, Latin America and the Caribbean provide relaxing, tropical beach resorts, while Europe still offers old world charm in quaint surroundings.
However, no matter what part of the globe your business takes you, there is one constant that should never be overlooked – namely, the threat of economic and industrial espionage. Each year, we see an increase in the number of suspicious incidents reported to both the FBI and DOS involving the targeting of American business travellers. US-protected information and/or trade secrets are commonly stolen, whether overtly or surreptitiously. Although the US delineates about a dozen countries as the prime locations/suspects in these acts of economic and industrial espionage, travellers have reported incidents occurring throughout the world.
Yet, in no other location is this threat more prevalent than in your own hotel room! The reason for this is simple: a hotel room is one of the easiest places to surreptitiously collect sensitive information and/or business secrets.
International hotel rooms are your enemy’s gateway to economic and industrial espionage. These enemies can include economic competitors, criminals, hostile foreign intelligence services, speculators/investors looking for inside information, computer hackers, and “private collectors” – individuals who steal secrets and then sell those secrets to the highest bidder. The fact of the matter is that if you are a businessperson travelling with sensitive corporate information, odds are you will be targeted for economic or industrial espionage. Unfortunately, the majority of international business travellers, regardless of how often they travel, are oblivious to these threats.
Before proceeding further, it is important to clarify the difference between economic and industrial espionage, as both pose an enormous threat to business travellers.
Industrial espionage is essentially an attempt by an industry competitor to acquire sensitive information from a rival business, government agency, or academic institution. Economic espionage is also an attempt to acquire sensitive information, but it is usually executed by a foreign intelligence service (be it the host country intelligence service or a third-party service). International Borders do not restrict foreign intelligence collection operations. Travelers can be targeted by a third-party intelligence service, or private collector, with the host country unaware of the type of unilateral activity. The following is an analysis of the different types of espionage that can take place in a business traveler’s hotel room.
Covert Hotel Room Intrusions
Traditionally, the easiest way to steal a businessperson’s valuable information is to perform a covert entry into their hotel room while that person is away (Do Not Disturb signs be damned!) Operatives (or collectors) might gain access by picking the lock, bribing/manipulating a hotel employee, or working in conjunction with the hotel itself. It should be noted that many hotels, regardless of whether or not they are part of a major international chain, have an obligation to support the host government’s intelligence and law enforcement services. In many cases, popular hotels are merely a franchise and thus are owned and operated by a foreign state entity (such as the Ministry of Interior, Ministry of Tourism, or a local business person who works in cooperation with the government). Regardless of who is behind the attempt, covert intrusions typically top the list of non-open-source intelligence gathering techniques.
Once access is gained, the operative will immediately look for sensitive intelligence to exploit. This could be a laptop computer, a computer tablet, a briefcase, a cell phone, a PDA, a company report, a notebook, and/or a day planner. The belief that password protecting your laptop, cellphone, or PDA somehow makes them safe from clandestine exploitation is naive. Most commercially available or commercial off-the-shelf (COTS), electronic computer exploitation devices can easily work around passwords. These devices can image and duplicate the contents of your computer’s hard drive within minutes. Additionally, cell phone SIM cards can be copied in a matter of seconds (our company performs a live demonstration of this hard drive imaging technique in our “Counter-Espionage for Business Travelers Course”).
Those who think that storing valuables in the hotel room safe makes one immune to such dangers should think again. If anything, hotel safes offer the operative a centralized location at which to begin their “search and exploit” mission. There is not a hotel safe in the world that cannot be accessed with a master code or a master key (otherwise, half of all hotel safes would have to be replaced each year as a result of guests who accidentally forget their combinations or lock the safe upon check-out). Unless you travel with your own personal safety, which can be dead bolted to the floor, you are better off just locking your valuables in your suitcase… which, of course, is not that much more secure.
Electronic Surveillance of Hotel Rooms
In some instances, an operative will not risk a covert hotel intrusion to gain access to a target. To combat this problem, intelligence collectors rely heavily on the use of electronic surveillance. It is certainly much easier to gain access to a target’s room prior to check-in, and outfit the room with a series of electronic surveillance devices, than during the target’s actual stay. Audio and video recording devices, telephone wire-tapping capabilities, and opening/sharing room Wi-Fi networks are all common tactics that can be utilized to acquire information. One should never assume that a discrete conversation would not be overheard in a hotel room. This rule applies to bathrooms, as well.
There are many legendary stories of Cold War spies who would hold meetings with their assets (informants) in the bathroom, as they ran the shower to drown out the recording capabilities of concealed listening devices. However, with today’s technology, this should only be attempted as a last resort. Which begs the question, if you are holding sensitive business meetings in your bathroom with the shower running, what kind of business are you in, anyway?
The other threat that arises when your hotel room is under surveillance has to do with your own behaviour. In many countries, businessmen (and women) will be solicited for sex by a local “honeypot,” or pre-paid intelligence asset, in hopes of capturing an act of infidelity on film. Soon after, an unknown operative will blackmail the businessman. In return for the operative keeping evidence of the encounter hidden, the businessman will have to secretly turn over sensitive company information.
A traveller’s best defence against blackmail would be to follow the time-honoured advice of the US Intelligence Community: “Don’t do anything with anyone overseas that you wouldn’t want published on the front page of the Washington Post!”
Room Stacking/Surveillance Detection
Electronic hotel surveillance is a legitimate concern for international business travellers. One way to help identify whether or not you might be under surveillance is to consider where your room is situated within the hotel. For some less-sophisticated countries, the use of electronic surveillance is a budgetary issue. Therefore, many international hotels will place “guests of interest” in rooms that are at the end of the hallway or along the corner of the building. If the guest is travelling as part of the group, the group may be “stacked” in these corner rooms, one on top of each other. For example, if the rooms at the end of the hallway end in the number “02,” the group will be placed in rooms 202, 302, 402, 502, etc. The purpose of this stacking technique allows the local surveillance team to run an unnoticeable wire down the corner exterior wall of the hotel, thus affordably monitoring the conversations that take place in those corner rooms (as opposed to wiring each room individually or having a wire hanging down the middle of the building).
Radio Frequency (RF) scanners/detectors, as well as “spy finder” camera revealers, can be used to determine if a room might be under technical surveillance. For high-profile business or diplomatic meetings, technical surveillance counter-measure (TSCM) sweeps can also be performed to ensure that hotel and conference rooms are free of audio and video surveillance (although they are somewhat expensive, time-consuming, inconvenient and not 100% effective). A more practical alternative would simply be not to hold sensitive conversations in your hotel room.
According to the Office of the National Counterintelligence Executive, US citizens travelling abroad continue to be the target of foreign intelligence collection activities. Many foreign governments and foreign businesses place a high priority on acquiring US Government and private industry-protected information (classified, sensitive, and proprietary). Despite the end of the Cold War, the threat of Americans becoming targets of espionage from intelligence services as well as private collectors has become greater than ever.
Today’s international business travellers are savvy when it comes to frequent flier programs, more efficient methods to process through security lines, and which airport lounges make the best Bloody Marys’. What most travellers are missing, however, is the knowledge necessary to protect themselves and their company’s sensitive information from economic and industrial espionage. Intellectual property theft is a $300 billion a year problem, with no signs of slowing down. Until businesspeople recognize the significance of the threat, and more importantly incorporate proper counter-espionage “tradecraft” overseas, it will remain open season on these travellers from competitors, foreign intelligence services, and private collectors. As the US Department of State informs American business travellers headed overseas, “the threat is real!”