During a meeting, it is normal to have your phone, tablet or laptop on the table. But a board of directors of a large company would do well not to do this if trade secrets are discussed, warns the boss of the Military Intelligence and Security Service (MIVD).
Major General Jan Swillens cannot say much about what the service sees happening in this area. “There are concrete examples, otherwise we will not come up with such a message”, he tells NOS, without wanting to give details. According to the Major General, the message is intended for companies working on so-called dual-use-goods.
An example of this are computer chips. “You can use them excellently for civilian applications, but can also be installed in nuclear missiles,” says Swillens. According to him, high-quality knowledge companies in the Netherlands should “take serious account” that “opponents” are interested in what they develop.
Leave equipment at home during a business trip to China
It has been known for some time that the top of Dutch companies is an interesting target for intelligence services, for example. “Large companies are often advised not to bring your work or private phone with you when traveling to China,” says security researcher Sijmen Ruwhof. “If you only lose it for a few minutes at customs, it can be tampered with.”
Which Dutch top managers does this happen to? Nothing is publicly known about this.
Nevertheless, Ruwhof sees that this danger is not always high on the agenda for companies. “I feel quite uncomfortable sitting around the table with a multinational company to discuss a security incident of which the cause is not yet known, while there are all kinds of telephones on the table.”
Frank Groenewegen, chief security expert at Fox-IT, also recognizes the danger. “This happens, a thousand percent. Which Dutch top executives? Nothing is publicly known about that.”
According to him, on the one hand, it concerns companies in the high-tech sector that are interesting. “But I would like to broaden it, what do you think of the parties that are now working on a corona vaccine? When you talk about the composition of that, you better be very careful in advance and not talk about it openly with your phone. or laptop on the table. “
Groenewegen thinks such information could be very interesting for Russia or China, for example. “They won’t shy away from putting in whatever it takes to get to this information, like one zero day“These are leaks in software that are not yet known and can therefore be used to crack phones, for example. For mobile operating systems Android or iOS, these can easily cost 2 million dollars, says Groenewegen.
Smartphones in the candy jar
Groenewegen has empty candy jars on his desk. “If we are going to talk about very sensitive things, the smartphones go into the candy jar that draws a vacuum. Then the chance is much smaller that a party will hear something.”
The question is whether listening in to a meeting is the most obvious method of eavesdropping. “If you have access to a device, you probably know a lot more than what is discussed in a boardroom,” says Michel van Eeten, professor of cybersecurity at TU Delft.
They first check whether they can get in with phishing before they start using expensive services.
He thinks the option to eavesdrop on a meeting isn’t at the top of the list. “A director’s mailbox is soon more interesting. Assuming that you are a target as a company, they will first see if they are phishing come in to see what can be achieved before they start using expensive resources. “
No bogeyman, especially weighing
MIVD boss Swillens also does not want to put everything together. “It’s not like I’m saying no more telephones. Of course it doesn’t work that way.” According to him, it also starts with consciousness. It also means that as a company you can still video conference, because physically meeting each other is often difficult nowadays.
For his own organization, this means that there are no telephones and tablets on the table when talking about matters that are ‘secret’ or ‘very secret’.