MG Rover boss destroyed files as investigators sent
Computer forensics came to the fore once again during an investigation into four top British executives with allegations that one of them had used special software to destroy critical financial documents shortly after the investigation was launched. Digital forensic investigators seized and forensically imaged multiple computer, laptop & server hard drives as part of the government agency investigation in the U.K.
MG Rover Group Limited was best known for manufacturing the MG spitfire sports car as well as the Rover sedans after it emerged from the nationalised British Leyland Car Company in 1986. In 1994, Rover was sold to BMW which made heavy investments into the company to revive the brands’ appeal. However, by 2000 BMW decided to sever links and Rover was sold for £10 [US$16] to Phoenix Venture Holdings, headed by John Towers. [Land Rover was sold off separately to Ford whilst BMW kept an interest in the production of the Mini].
Though Phoenix Venture Holdings had bought Rover for just £10 [US$16], there was a side transaction whereby Phoenix and it’s four directors bought the Rover cars finance and lease loan book from BMW for £313 Million [US$515 Million] in 2001.
Despite high hopes for the new incarnation of the company, by 2005 the company had collapsed with the loss of 6,500 jobs and owing creditors nearly £1.3 Billion [US$2.1 Billion]. The British government launched an investigation into the collapse whilst the four directors of Phoenix Venture Holdings were able to award themselves pay and pensions worth £42 Million [US$69 Million].
The U.K. government investigation cost £16 Million [US$26 Million] and took four years to complete. Investigators relied heavily on computer generated evidence during the investigation. Forensic investigators took images of hard disks from the group’s servers and over one hundred laptops & computers used by Phoenix directors and staff.
However, it was revealed that one of the senior directors of MG Rover and Phoenix, Peter Beale, had purchased an off-the-shelf computer software program to destroy critical financial documents. This purchase of the software was made on the day after the government appointed inspectors to investigate Rover’s collapse.
Peter Beale, it was shown, used file deletion software to deep clean the hard disk of his computer which he used to conduct company business. Beale bought a copy of software known as `Evidence Eliminator’ to delete ten documents in a folder he had named “MG Rover”. Though investigators could not recover the contents of the files, they were able to determine that the documents had contained information of the income and benefits received by the MG Rover Chairman and the net assets belonging to other MG Rover directors.
The type of software bought by Beale is used to `shred’ unwanted and deleted files so as to defeat the forensic analysis equipment used by law enforcement and government agencies. Beale’s actions made it impossible for forensic investigators to recover these sensitive documents which are thought to have been crucial to the investigation.
Though Beale’s stated reasons for buying and using such software were confusing and contradictory at best [the report concludes that Beale gave "untruthful evidence"] there has been no punitive action taken against him thus far.
This course of events underscores the need for stealth and urgency when choosing to seize computer or other electronic devices from suspects which are thought to contain germane information. Investigators should seek to obtain computers or devices at the earliest possible juncture and also seek to identify other locations where this information may be duplicated, such as back up tapes, USB drives or mapped server drives, so that they can also be copied.
