computer forensics

Check your network security. It's not so good stated the short, terse, anonymous email received by a software development firm, warning about possible network intrusions.

by ( - March 2012)


"Check your network security. It's not so good," stated the short, terse, anonymous email received by a software development firm, warning about possible network intrusions.
Further, the email implied that an intruder was able to access the firm's confidential client files.
The radar went up.
During the course of the following week, the software development firm started paying more attention to its network and internet security. Sure enough, they started seeing weird things. Two of these strange activities were an enormous amount of network logs coupled with unusually heavy network traffic volume from anonymous ports.
The software development firm called Digital Wyzdom to investigate. A team of three was assigned to this case comprising a forensic specialist, an investigator, and a security specialist.
What Digital Wyzdom learned during the investigation was that an ex-employee-an information technology system administrator-had been fired several months earlier for misuse of corporate assets. System administrators typically have oversight of a company's information technology systems and network, and as such, have special and broad privileges.
This disgruntled ex-employee was 38 years old and had been with the software development company for four years prior to being fired.
He was fired because he had padded his corporate expense account for about $10,000. In addition, he was giving certain employees access special ports which in turn gave them access to porn sites, video games, and movies during the work day from the company's computers. In return, these employees might slip him $20 cash now and then.
And he himself was surfing porn sites during the day, too. "Free" porn sites are notorious for malware of all kinds.
Digital Wyzdom recommended to the software development firm to do a bug sweep of its offices. This yielded fruit: a hidden camera-a wireless, Bluetooth camera costing about $200-was found in the company's offices.
"So, with the collaboration of this ex-system administrator and an outside hacker, it looked like the plan was to collect confidential company information and probably sell it back to the software company. The motive was either blackmail or to destroy their reputation by making them look bad in the media," says Gene McLean, Managing Director - Alliances, at Digital Wyzdom.
Digital Wyzdom found enough evidence for the software development firm's lawyers to send a detailed email to the ex-system administrator, warning him if this activity did not stop, they would not only pursue him in a civil matter, they would also call the police," says McLean.
After this email, the ex-system administrator stopped his malfeasance altogether.
For more information, or for reporters on deadline, please contact Jana Schilder, partner at First Principles Communication, at: Jana@JanaSchilder.com, mobile (416) 831-9154.