Dirty Deeds Data Trail Doesnt Die
GRAND RAPIDS — A common theme emerges when discussing cybersecurity. There was universal agreement between the IT security firms interviewed and representatives from the public sector, legal and financial fields that the single largest vulnerability in both the office and the home is the user.
“I have a friend that says, ‘You have already hired your biggest security threat,’” said Scott Montgomery, director of security for CPR. “Quite honestly, when I come into an organization it’s quite threatening. In some cases, I’m there to criticize people. But I’m not there to get them in trouble; I’m there to help them.
“Other times, and much more frequently, what I do is much more explicit.”
Montgomery said the fastest growing part of CPR’s consultancy business is forensics investigation. The firm works with attorneys and private investigators to uncover electronic crime and abuse for both domestic and corporate clients.
Eighty percent of all threats come from within an organization, he said. Most of those are through human error and ignorance. Sometimes, the employee is the threat.
“We look under the covers; we catch the affairs and everything else that’s going on,” he said. “Sometimes we stumble across information bordering on harassment that if somebody had been aware of, it never would have happened.”
He constantly finds downloaded music and videos. He’s found an employee selling company stock through an eBay store.
“Sometimes we’re called in to find out why an employee is there eight hours a day and doesn’t get anything done,” he said. “I come back with a report showing that out of an eight-hour day he spent six hours downloading music and updating his Web page and two hours online gaming and chat messaging.”
Frequently, his investigations root out the theft of trade secrets.
“We have found several cases where we have been brought into organizations where there has been collaboration and corruption within a group that were collecting data so they can start their own business,” Montgomery said. “Every company has an employee that thinks they can run the business better.”
A similar thing happened at Clear Channel Broadcasting. Just before tendering her resignation, a sales representative e-mailed her new employer, Citadel Broadcasting Co., a marketing proposal for one of her accounts. Clear Channel dug up the e-mail and used it as evidence in a successful lawsuit against its competitor and former employee.
“A lot of the people who do this think they are very clever, and usually they are,” said Rachelle Thatcher, director of investigations for DK Security. “What they don’t realize is that what you do on a computer never really goes away. They may think they’ve deleted it and it’s gone, but everything can be brought back.”
“We can bring back data that is several years old,” Montgomery said. “Even if I can’t make a full recovery, if I can recover 50 percent of that damning image, it’s the same result.”
“I cannot recall a time when we’ve taken a case and haven’t been able to prove a client’s suspicions,” said Thatcher. “By the time they suspect that something has happened, it has probably been happening for awhile.”
Dennis Echelbarger of CPA firm Echelbarger, Himebaugh, Tamm & Co. often employs computer forensics to find evidence of embezzlement.
“We’re very successful at finding them,” he said. “But more often than not, nothing comes of it. The employer feels embarrassed and doesn’t pursue it. They’re satisfied if they can stop it and maybe get some reimbursement.”
For domestic cases, Montgomery offers a warning to potential clients.
“I always tell them, don’t bring me in unless you’re willing to see what I’ll provide,” he said. “There is a digital reference now that didn’t used to be there. It’s devastating and it’s the same with an employer.
“If you bring me in to see how this person is using company information, in almost every case we’re finding pornographic Web sites or harassment-based e-mail.”
Thatcher agreed. When asked what the one commonality was in these cases, which encompass about 10 percent of DK’s investigations, her answer was quick.
“Porn. There is always pornography.”
As for the corporate investigations?
“Still porn. It’s usually there, too.”
Montgomery said that companies should remember that computer forensics works against companies, too.
“Recycling a hard drive is not an option,” he said. “The proper way? Drill holes in it and incinerate it.”