Three abnormal lurking places for digital fraud
6 min read
14 June 2016
Data is the lifeblood of most modern day businesses, but it presents a challenge in that it is portable, easily manipulated and relatively effortless to duplicate, so here are the abnormal places that digital fraud attacks may lurk.
Countless businesses are susceptible to data vulnerability, be it from a “planted” mole, or a disgruntled employee or someone trying to get a foot-up in their new position.
When it comes to responding to a situation, which includes seeking appropriate legal advice, the most important task at-hand is to secure any or all evidence in a forensically sound manner to enable a full investigation and to prevent data loss.
Normally investigations focus on: a) what activities individuals have undertaken on a computer and; b) whether any data had been transferred from the computer in an unauthorised manner.
However, businesses should be aware that vital data can also lurk outside of these “normal” places. Below are three examples of investigations that have gone beyond the norm and have been instrumental to legal cases.
(1) Skype and WhatsApp
On one occasion, three key people from different countries within our client’s business resigned at similar times to join a rival, which subsequently made a sustained effort to penetrate a new market.
The suspects were probably conscious that emails would be monitored and therefore turned to Skype’s chat functions. We were able to rebuild their conversations, and found that the dialogue was unguarded and open.
In addition, one of the suspects had synchronised his iPhone with his work computer, creating a backup that allowed his WhatsApp messaging conversations to be recovered and analysed. When this was combined with the Skype data and other nuggets of information, the case unraveled and significant damages were recovered.
Continue reading on the next page for the remaining lurking locations and what to do if you suspect fraud.
In a similar case, a key employee within our client’s business handed in his notice and announced he was setting up his own business. Despite making assurances to the contrary, it turned out that he was entering into direct competition armed with our client’s proprietary information.
One of the first telling signs of fraudulent activity came to light through the analysis of the network logs, which seemed to indicate that there was unusual amount of traffic occurring during the nights proceeding his announcement. Subsequently, the legal team obtained a court order that allowed us to forensically image data from the suspect’s home and his new business address.
During this process, not only did we discover the ‘storage device,’ but we also found evidence of how the information had been amalgamated into the new business. As a result, our client was able to secure a favorable legal settlement.
(3) The back door left wide open
Thirdly, when one of the lead coders left our client’s employment to engage in a new venture, everything at first seemed to be amicable. However, two chance conversations suggested to our client that all was not what it seemed. The coder had joined a new company that appeared to be competing with our client and it seemed to have developed a similar solution in a fraction of the time it had taken our client.
A closer examination of all the systems and the evidence contained upon them highlighted that not only had the coder connected devices from his home to the client’s systems, but data transfers to his home had continued long after he had left, allowing him to continue to monitor his old employer’s development activities.
During subsequent legal proceedings, the coder’s new company had to hand over versions of their source code for analysis. On first glance, the code appeared very different from our client’s code, however, as our analysis progressed, we noticed that their code had originated from our client’s proprietary intelligence. In the end, the coder’s new company had to withdraw its product from the market and pay substantial damages.
What to do if you suspect digital fraud
Data leaves its digital fingerprints in many different places. These fingerprints can allow an investigator to unearth vital evidence and intelligence to get to the facts.
However, it is vital that businesses suspecting foul play avoid interfering with the evidence and thereby damaging a potential case. Instead, they should take the following steps:
- Do not turn on the device – no matter how tempting it is to “have a look”
- If a computer is on, turn it off directly at the power switch; do not use the shutdown command; if a server is on, power it down
- Freeze the scene and ensure that the computer/device and any digital media is securely stored
- Try and identify the user and other potential media
- Call an expert as soon as possible
Phil Beckett is an MD with Alvarez & Marsal’s Global Forensic and Dispute Services practice in London
These are the tricks of the trade to avoid cyber scammers.