In the movies, the bad guys break into corporate buildings with grappling hooks and cutting tools. In the real world, they typically come in the front door, using a cellphone and toting a cup of Starbucks coffee.
Clint Emerson knows. Large companies, governmental agencies, and educational institutions pay his Frisco-based business, Escape the Wolf, to do what’s called “red teaming”—break into their buildings and computer networks to test just how well their security measures are working. That’s where the cellphone and coffee come in. When one or more of the client’s employees are walking into a building, an Emerson emissary will stroll up, holding the phone to their ear with one hand and the Starbucks in the other. “Everyone holds the door for us,” Emerson says. “We’re polite in America. We avoid conflict.”
The same basic gap in security—complaisant employees—is what often lets Emerson’s crew break into their clients’ computer networks as well. If somebody has left their computer on without signing out—or worse, left their corporate password on a sticky note—Escape the Wolf’s 12-employee team can plant software that tells Emerson that employee’s name and password remotely going forward. From there, the sky’s the limit.
Emerson, whose roughly 20 years as a Navy SEAL included national-level operations that he can’t talk about, offers the unsettling perspective that the dangers are real. Take Nortel Networks, the one-time Canadian telecom equipment giant that had its U.S. base in Richardson. In 2012, The Wall Street Journal reported that hackers, apparently from China, had for years quietly accessed Nortel’s top-level trade secrets, from research-and-development data to business plans.
In addition to state-sponsored infiltrations from China and Russia, companies must grapple with cyber attacks from organized crime. A favorite technique in 2015, Emerson says, was sending a late-night email to a corporate finance chief from the CEO’s account, directing the CFO to wire, say, $150,000 to an offshore bank account.
Escape the Wolf’s clients range from United Technologies and The Wall Street Journal to the Central Intelligence Agency and the National Security Agency. Emerson launched his company in early 2015, but spent a couple of years laying the groundwork for the firm while he was still in the service. His street cred from his SEAL days has enabled him to offer a broad range of security consulting services that go beyond red teaming. Joe Cantamessa, a former FBI commander, hired Emerson to provide “awareness training” to Dow Jones staffers when Cantamessa was running security for that financial news business. “There is no substitute for experience,” Cantamessa says.
In addition to improving corporate security measures, Emerson is something of an inventor, having gotten the “most powerful flashlight on the market” into 3,500 Walmarts. And as part of his company’s travel-security consulting, Emerson oversaw the development of a book with country-by-country suggestions on dangers to avoid in particular locations.
