05 Apr Corporate Spy: I Was LinkedIn Before It Was Invented
Robert Kerbeck, author of “Ruse: Lying The American Dream From Hollywood To Wall Street”
London – Apr. 5, 2022
A former corporate spy has explained how social engineering paved the way for his success in the field and why stolen data is still a hot commodity in corporate America.
It might bring to mind James Bond and the Wolf of Wall Street, but Robert Kerbeck’s story had humble beginnings: a typical college education, work as a salesman, and the pursuit of a career in acting.
Kerbeck eventually became one of the most sought-after corporate spies in the U.S. in a world of shady dealings that the former operative says is still alive and well today.
Speaking on the Cybercrime Radio Podcast, Kerbeck said he used to con others into giving him sensitive information which was then sold on to rival companies. He was able to make millions of dollars in his former career by becoming an expert in social engineering.
Kerbeck’s memoir, “Ruse: Lying The American Dream From Hollywood To Wall Street,” is a new addition to publisher Steerforth’s roster as of February this year.
The former spy never set out to join the world of information theft. However, it all began in an “innocuous” fashion, Kerbeck told us, starting with difficulties in the acting realm caused by a lack of contacts and the lack of an artistic background.
Cybercrime Radio: “I was LinkedIn before LinkedIn was invented”
An uber spy tells his story
Kerbeck spent some time working for his family’s dealership. It wasn’t fated to last, though, as the “dishonesty” made him “uncomfortable” — an ironic prospect for the future corporate spy, he acknowledges. Before long, he had moved to New York to try and make it as an actor, and while work did trickle in, he needed a side hustle to survive.
The job that materialized provided the greatest acting opportunity of his life — although far from a typical one.
Kerbeck was introduced to the world of corporate spying through a college roommate, of whom their brother recommended Kerbeck to a woman in charge of a corporate spying initiative.
“Who accidentally stumbles into a job as a corporate spy?” Kerbeck said. “But that’s exactly what I did. And, of course, the spying was far more dishonest than car selling.”
The jobs started small. While posing as a student, he would approach members of a business to secure information a competitor wanted, and then he would be paid at minimum wage.
We have to remember that back in the 90s and 00s, the flow of information was far more constrained. There were no major social networks, no recruitment drives over LinkedIn, and transparency was far from the corporate collective mind.
As a result, valuable information — including a company’s hierarchy, the top earners, projects, and more, was kept behind locked doors.
“I was LinkedIn before LinkedIn was invented. We live in this era now where so much information is public, but not that long ago, most information was private. Especially corporate information: who worked in a firm, who ran the teams, who were on the team, who the best people were in terms of the internal rankings — this information was incredibly valuable to competitors.”
It was so valuable that corporations were willing to spend “tens of millions of dollars, if not hundreds of millions of dollars, every year to spy on each other,” according to Kerbeck.
We’ve heard it said ad nauseam that in cybersecurity, the weakest link is the human element. This is the frail part of a business chain that Kerbeck exploited in his ruses, and the same tactics still apply to social engineering today — no matter that technology has evolved exponentially in the last few decades.
While phishing today includes spam and spray-and-pray tactics, more sophisticated con artists will perform reconnaissance. In what is known as spear phishing, targeted attacks against high-profile individual and their organization often require in-depth knowledge to be successful.
Kerbeck applied the same principle and was able to successfully impersonate the employees of target businesses — and go so far as to masquerade as executive-level staff.
Furthermore, he was able to identify and avoid the “gatekeepers” — often jumping straight above them and going for management to collect the information he needed.
“A company can bolster their hardware, their security, their computers, and all of that stuff from hackers — but if I can call your company and get an individual inside the company to tell me anything I want to know, all of that time and money has been wasted and is for naught,” the former spy said.
Kerbeck told us that the information rival forces wanted back then is still a valuable asset today and can be plundered with the right social engineering. Indeed, despite having outed himself by writing a book about his adventures, Kerbeck still receives calls from past clients.
The former espionage expert says that corporate spying is “endemic” in the U.S., and while keeping them nameless, claimed that the 20 largest companies in the country have either used his services or a “handful of others,” in the past, to steal data and gain a corporate advantage.
“I’m not going to shed too many tears for corporate America … but at the end of the day we were rusing particular individuals, and so those individuals were being taken advantage of — which is something I’m not particularly happy about,” Kerbeck says. “There is still information that is still not publicly available, and that is what the corporations are after.”
– Charlie Osborne is a journalist covering security for ZDNet. Her work also appears on TechRepublic, Cybercrime Magazine, and other media outlets.
Go here to read all of Charlie’s Cybercrime Magazine articles.