computer forensics

A manufacturing company was experiencing some suspicious activity on its network that finally culminated in a distributed denial of service (DDoS). Translation? They could not access their own computer network.

by ( - April 2012)


A manufacturing company was experiencing some suspicious activity on its network that finally culminated in a distributed denial of service (DDoS). Translation? They could not access their own computer network.
Another suspicious fact: a vice-president responsible for operations suddenly resigned from the manufacturing company just one month before. After 10 years, he wasn't getting along with management and left on bad terms.
And-surprise-this senior executive went to a competitor of the manufacturing company.
"In computer forensics, there are no coincidences. Just patterns you haven't noticed-yet," says Daniel Tobok, president of Digital Wyzdom.
Digital Wyzdom began an investigation. First, Digital Wyzdom noticed some so-called known vulnerabilities in the manufacturing company's computer network. Those vulnerabilities were quickly patched.
Second, Digital Wyzdom imaged the vice-president's computer. Imaging a hard drive is a forensic technique that needs special tools and software; it captures all information contained on a hard drive, including critical system information and metadata that is not visible or even deleted files.
"On the laptop computer that belonged to the vice-president who resigned, we found IP [internet protocol, a unique identifier] addresses and other information that matched the ports that mounted the intrusions on the manufacturing company's network," says Daniel Tobok, president of Digital Wyzdom.
"Further, we were able to correlate his home address to these IPs," adds Tobok.
In the end, the vice-president wasn't perpetrating these attacks himself because he didn't have the knowledge. Instead, the vice-president hired and paid a hacker. And this hacker mounted the attacks from the vice-president's own house.
As a vice-president, he was entitled to stock options that totalled about $250,000. After this incident, the manufacturing company informed the ex vice-president that he would no longer be eligible for those stock options.
The vice-president never disclosed the name of the hacker he hired. But the manufacturing company did obtain a signed affidavit that the hacker did not have any of its confidential information.
Further, the manufacturing company opted not to press criminal charges nor pursue a civil matter in court.
For more information, or for reporters on deadline, please contact Jana Schilder, partner at First Principles Communication, at: Jana@JanaSchilder.com, mobile (416) 831-9154
.