Archive for July, 2009
Computer Forensics: Navigating for Survival and Success.
It is hard to imagine anyone in business these days who hasn’t heard of cyber hacking, anonymous emails, encrypted files, unauthorised access or cyber bullying. The list is endless. But what many haven’t heard of is diagrammatic and timeline rebuilding, complex transactional analysis, forensic investigation, visual mapping of data, plus call and cell tower analysis. Yet, they’re precisely the sorts of things that can save you from a business demise everyone dreads.
Know Where You Sit in a Fast-Moving Technological World: Lesson ONE.
An American commentator last year lamented that, ‘the information-dense, hyperlink-rich, spastically churning Internet is in effect rewiring our brains, making it harder for us to engage in deep, relaxed contemplation.’ True, but the danger isn’t so much that we no longer have time for philosophical rumination or to smell the roses. Rather, it’s that in this era of ‘wall-to-wall connectivity’ we place too much faith in our own technological literacy. Because we drive our laptops and BlackBerrys to the limit, we grow complacent and believe that attacks will only come from angles we’re already acquainted with – and think we’ve addressed. We lose interest in learning about associated dangers we don’t know we don’t know about.
Cyber Sabotage and Phone Hacking Rife
Despite the rampant nature of industrial espionage, it’s a topic that receives surprisingly little coverage in the media. When Germany announced recently that Chinese spies were costing its corporate world billions every year, as well as thousands of jobs, it was Britain’s Guardian that highlighted the story (July 22). As globalisation increasingly weaves us into its intricate pattern, most businesses still feel it’s something that can’t happen to them. Imagine being the subject of a damaging attack and not even knowing. That’s unforgivable in an era when diverse methods of sophisticated forensic investigation are readily available.
The German claim, which came from a counter-intelligence expert in one of the country’s states, warned that China was using an array of ‘polished methods’ to steal industrial secrets. Russia, he said, was also at the top of the list of nations utilising their national intelligence apparatus to help save billions on their own R & D budgets. While Russia had hundreds of thousands of agents, China had a million and ‘years more experience’. It also had the ambition of being the world’s leading economic power by 2020.
Internet spying techniques are way out in front and the areas most under attack are the automobile industry, renewable energy, chemicals, communications, optics, X-Ray technology, machinery, materials research and the arms industry. The information being gathered went beyond R & D results to management techniques and marketing strategies. The Germans see internet espionage as the biggest growth field, with what they refer to as the ‘thick fog of Trojan email attacks’ taking place against thousands of firms on a regular basis and adopting cover-up methods to disguise where the messages have come from.
Corporate Snooping the German Way: Lessons for All
Deutsche Bank is currently engaged in a complex and multi-layered investigation into the actions of some of its officers, even within its own corporate security department, to check whether crimes have been committed. The affair threatens to damage the bank’s standing, especially in Germany where anything vaguely smelling of corporate spying is frowned upon. A report on the case in The Financial Times on July 21 had the hallmarks of a best-selling novel, including a femme fatale. It’s the sort of nightmare that CEOs dread. Lesson one: if you engage in activity that might destroy your company’s reputation make sure you hire professionals with the forensic skill to do the job like a surgeon and not leave body parts on the floor.
Lesson two: preferably hire them from outside your firm. That way they’re not caught up in your internal promotional stakes and are more likely to be brutally frank with you when your own people can’t be. And hire them right from the start – not after the situation has evolved.
This is the latest in a series of so-called spy scandals at major German enterprises in recent times, which makes Deutsche’s problems flavour of the month. It’s everything the bank doesn’t want, especially while grappling with the impact of the global financial crisis. It is, after all, the country’s largest bank. The contracts of two employees have already been terminated, including that of its head of investor relations, as Deutsche continues its inquiry into possible unauthorised surveillance of board members and investors.
Corporate Espionage: Keeping an Eye on Your Staff
The conviction in California last week of a longstanding Chinese-American employee of Boeing on charges of spying for China throws the spotlight on the difficult question of what you can do to protect your corporate secrets. Whether in the form of R & D results or intellectual property, the loss of key assets can often cripple an organization. Privacy considerations in most countries today make the task a challenging one. The multicultural nature of many societies also adds extra layers of complexity. But there are a number of ways in which a professional forensic investigation team can bolster your position. Computer forensics are often vital to this.
Of course, pre-employment screening is by far the best way to start, but even with well-entrenched staff members it’s never too late. Professional investigators can pick up telltale signs in the activity of people you would never have suspected.
The Boeing case was the first big economic espionage trial in the US and involved a former engineer who was born in China, moved to Taiwan and then the US, where he was naturalised. He worked for four decades for Boeing and other companies closely related to it, and over three decades passed a vast array of trade secrets to the Chinese government. He was involved in sensitive aircraft and rocket developments as well as in the space shuttle project. Now aged 73, Greg Chung was arrested by FBI agents in 2006 after they identified a link between him and another engineer from a hi-tech surveillance equipment firm whom they were investigating. The latter, who served as Chung’s conduit to the Chinese, was convicted and jailed for 24 years. Chung will be sentenced in early November and could face more than 90 years in prison.
India’s Vanishing Companies – Is Your Forensic Search On?
For such a computer literate country as India, on which many businesses around the world rely for skilled services, it comes as a shock to read in a Financial Times front-page story (July 15) that 121 companies have vanished there after violating filing rules. With the state of financial crime in India – let alone everywhere else – this is a salutary warning to business to link up without delay with forensic professionals who can help you avoid losing all your assets when such a company disappears into thin air.
Investigations by the Ministry of Corporate Affairs in New Delhi have revealed the identity of the 121 companies involved, which listed on the country’s stock exchanges during the 1990s. But there could be more. Those already uncovered will be prosecuted. The Ministry has also announced that India’s stock market regulator – the Securities and Exchange Board – has banned 100 companies and 378 directors from using the capital markets for five years.
Business people around the world were shocked in early January this year to learn of the Satyam scandal in India. A leading IT outsourcing company, with clients like General Electric and General Motors, the $US823 million fraud was the biggest in the country’s corporate history, causing the company’s share price to drop by 78 per cent and sending India’s benchmark Sensex Index down by 7 per cent. It was quickly nicknamed India’s Enron scandal.
New Spy Chief Slip-Up Highlights Technology Dilemma
Virtually every household’s lexicon is replete these days with terms like Facebook, My Space, Twitter, MSN Chat, hi5 and Skype. As useful as social networking is to many people, we need to consider what happens when this private world meets – if not intrudes upon – the professional domain of business and government? In some cases the answer is disaster. The security, for example, that your firm’s operations depend upon can be obliterated in one innocent flash, and possibly without you even knowing. In this day and age it pays to have experts in forensic investigation on side who can warn you of where your danger spots are. Corporate intellectual property can be exposed by over zealous engineers posting their findings on the web or by marketing personnel giving `sneak’ previews of a new product launch to their Twitter group.
A lesson in how alert you have to be came in Britain a few days ago when the country’s new spy chief, Sir John Sawers, 53, found himself in hot water over his wife’s Facebook page. It was speedily removed by the government after its contents were published in a newspaper. To many, it looked innocent enough: shots of the Sawers and their three children at the beach and a selection of vacation photos. David Miliband, the Foreign Secretary – read Minister – who is responsible for the Secret Intelligence Service (commonly known as MI6), ducked and weaved by claiming that it was hardly a state secret that Sir John wore Speedos.
The problem was that the Facebook site also revealed the location of the family’s London home, transport details and shots of other senior officials with whom Sawers and his wife are friendly. Lady Sawers had imposed no privacy protection on her account and hence it was available to some 200 million users. Currently Britain’s ambassador to the United Nations, Sawers is due to take over MI6 in November. Even before he went to New York, the Facebook site should have been removed for simple security reasons. He was, after all, an MI6 spy himself before he moved on in his career to work in Yemen, Syria, Egypt and Iraq. He has also been closely involved at the policy level with Iran, Iraq and Afghanistan.
Forensic Investigation: Avoiding “Boiler Room Fraud”
Six Sky Capital executives surrendered to law enforcement officials in New York on July 8 2009 and were charged with a $140 million stock manipulation fraud. And all this in the shadow of the mind-boggling Bernard Madoff debacle. This shows yet again how careful you need to be. Clearly, none of the investors hoodwinked by the scheme availed themselves of the sophisticated skills in forensic accounting and computer forensics that can now protect you from such calamities. The Financial Times report on the case on July 9 provides a chilling account of just how happy-go-lucky some investors are. In this day and age, there’s simply no excuse for not taking appropriate precautions.
The manipulation strategy involved was allegedly devised in a way that led investors to buy shares in the belief that those shares were in demand. In reality, there was no such demand. The aim was simply to control the market and boost the price of the stock. Sky Capital’s boiler-room tactics and those of its brokers undercut the level of honesty and fair play that the US Securities and Exchange Commission was seeking to maintain.
According to the criminal indictment, the six executives, including Sky’s founder and chief executive, allegedly persuaded investors to buy shares through private placements in two related companies – Sky Capital Holdings and Sky Capital Enterprises, which traded on the Alternative Investment Market of the London Stock Exchange. As The Financial Times points out, not only were US investors drawn into this web, but British investors were too. The funds thus procured were supposedly used for private purposes as well as for commissions paid to brokers that were camouflaged as special bonuses or loans.
Foreign Government inspire Cyber Attacks on Corporate Targets: Forensic Protection
The corporate sector has been caught up in the latest phase of internet enabled cyber attacks by hacking groups inspired or controlled by foreign government espionage agencies. Corporations can be seen as an easy target with a repository of valuable information: few corporations have in-house computer forensics teams to track cyber attacks or data theft. Preventing and detecting hacking attempts is a fundamental aspect of computer forensics.
The British Government has announced a new Cyber Security Operations Centre at its top secret listening post, GCHQ, at Cheltenham. This comes amid claims that a new “cyber cold war” is under way, with Chinese and Russian hackers capable of crippling computer systems that control the nation’s water supply, power grid, air traffic and even its banking system. Americans have similar concerns, as do others. If you’re in business and read this, it’s likely you’ll shrug and move onto something more important. In reality, a state intelligence apparatus might at that moment be hacking into your most closely guarded corporate secrets while you’re blissfully unaware. Not knowing why and how this could happen is unforgivable, especially when computer forensic skills and other sophisticated investigative methods exist that can tell you what sort of target your firm is and how you can guard against attack.
If you do suffer serious loss from such a hit – and you actually find out – your board and probably the financial press as well will be scathing in its criticism of your old world attitude that allowed this to happen.
Madoff Scam Renews Interest in Whistleblower Bounties
David Kotz, the US Securities and Exchange Commission’s inspector-general, has called for regulators to pay whistleblowers for information on frauds (The Financial Times, “Whistleblower bounties urged if SEC is to stop another Madoff”, July 2, 2009). Bounty payments, he claims, could motivate individuals to reveal illegal activity. But keep your forensic hat on. It’s all been tried before. Nothing’s going to replace solid skills in computer forensics and forensic accounting any time soon. You either know how to uncover financial crimes or you don’t.
Ask Harry Markopolous, the former US money manager turned fraud investigator who tried for nine years to alert the SEC to Bernie Madoff’s $65 billion Ponzi scheme. Markopolous told a Congressional hearing into the case that, in effect, he “gift-wrapped” the case and delivered it to the regulatory authority on a silver platter. He claimed it was a combination of incompetence and an unwillingness to act that led the SEC to ignore his evidence and advice. As he pointed out, the SEC’s hierarchy was captive to the industry it was meant to be overseeing.
Bounties had nothing to do with Markopolous’s motivation, but even if they had, it’s hard to imagine that large rewards would have encouraged him do any better than he did. Most whistleblowers are affronted not just by the moral failure they are witnessing, but also by the fact that in doing their job they trip over – or are stymied by – a professional breakdown within the organization as a whole. It was a similar case with Britain’s bank scandals, which saw four former heads of the country’s two largest banking casualties apologising unreservedly to the House of Commons Treasury Committee for their “professional failure”.
