You are here: Home / Archives for theft

5 tips to catch an intellectual property thief – Security – News – ZDNet Australia

August 25, 2011 By Leave a Comment

Physical crimes leave behind a trail of evidence that forensic teams can analyse and bring to court, but what about cybercrime, such as the theft of intellectual property? Computer forensics expert and director of Klein & Co Nick Klein said that when companies conduct a digital forensic investigation themselves, there are five things they should do.

(Image by Mad House Photography, CC BY 2.0)

Speaking at the Security 2011 Exhibition and Conference event in Sydney yesterday, Klein said businesses that had suspected that a digital crime had been committed on their systems often took a “Bunnings” approach to forensic analysis, and suggested a four-step structure for undertaking an investigation.

Prepare the business:

Prior to a breach occurring, businesses could do some preparation, which would help them later on in an investigation, Klein said.

He said that typically, businesses had a lack of policies and procedures to secure data, with in-house legal counsel often not working together with a business’ IT department in developing policy. He said that policies, such as making a full backup of an ex-employee’s machine prior to their departure, are often overlooked, when they could provide critical information to assist a case months later.

He also said that despite most operating systems allowing businesses to enable logging on sensitive information, most businesses tended to only use minimal logging of access.

Another area that Klein suggested businesses look at was where backups and critical databases were stored, and whether policies should be implemented to require employees to store information on the company’s file server, where the business would have greater control over it.

“We have a lot of cases where people say, ‘We had an employee who deleted their email. The only copy of it was a PST archive [which contains Outlook emails] on their computer. Can you get it back?’ A simple policy change to force that person to store that PST on the network could have overcome that.”

Lastly, Klein said that businesses often didn’t do enough to protect themselves in their employment contracts.

“Does it talk about confidentiality of information? Does it talk about monitoring of their user activity? Does it include things like USB devices? Can you have something in your employment contracts that says, ‘When you leave, we may ask you for your USB devices’? — It’s something to think about.”

continued @ 5 tips to catch an intellectual property thief – Security – News – ZDNet Australia.

Filed Under: Tech Bytes Tagged With: , , , , , , , , ,

Digital Forensics and the Law | DigitalForensics-Conference.org

August 16, 2011 By Leave a Comment

Download (PDF, 350.21KB)

DIGITAL CRIME TRENDS
• Identity theft
• Internet fraud
• Financial crime
• Money laundering, gambling
• Hacking, network intrusion
• Theft of intellectual property and piracy
• Robbery
• Child porn
• Homicide, harassment and stalking
• Terrorism

Digital Forensics – The New CSI
• “Just when a scientific principle or
discovery crosses the line between the
experimental and demonstrable stages
is difficult to define. Somewhere in this
twilight zone the evidential force of the
principle must be recognized, and while
courts will go a long way in admitting
expert testimony deduced from a wellrecognized
scientific principle or
discovery, the thing from which the
deduction is made must be sufficiently
established to have gained general
acceptance in the particular field in
which it belongs.” Frye v United States
293 F. 1013 (D.C. Cir. 1923)..

continued at http://www.digitalforensics-conference.org/adfsl2011-presentations/Digital%20Forensics%20and%20the%20Law.pdf

Filed Under: From The News Tagged With: , , , , , , , , ,

LulzSec’s latest exploit underscores danger of reusing passwords – FierceCIO:TechWatch

June 17, 2011 By Leave a Comment

Internet hacking group LulzSec continued its streak this week with the theft of 62,000 email addresses and passwords from Writerspace.com. Writerspace is a discussion forum for readers of mystery and romance novels, and it’s still trying to work out the details of the digital break-in and alert the victims. LulzSec promptly posted the pilfered data online, challenging criticisms with the assertion that hackers who keep “silent” are more dangerous.

As part of a press release celebrating the group’s thousandth tweet, LulzSec wrote: “We’re damn sure others are playing the silent game. Do you feel safe with your Facebook accounts, your Google Mail accounts, your Skype accounts? What makes you think a hacker isn’t silently sitting inside all of these right now…perhaps selling them off?”

via LulzSec’s latest exploit underscores danger of reusing passwords – FierceCIO:TechWatch.

Filed Under: Tech Bytes Tagged With: , , , , , , , , ,

Digital Forensics: What Footprints Do You Leave Online? | Forensic Science

February 10, 2011 By Leave a Comment

Because computers have become such an important aspect of our daily lives, almost every crime will likely have some electronic evidence. It is important for law enforcers to understand the benefits of electronic evidence, and to ensure that they handle digital evidence as carefully as physical evidence. Investigators may use digital forensics to show intent, cross-reference alibis or statements, or attribute data to a specific person. More difficult to follow than a “paper trail,” electronic records can still provide crucial information in criminal cases.

Past judicial interpretations of the Fourth Amendment have consistently sided with law enforcement in cases of warrantless searches of electronic information. The amendment states that, “the right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no warrants shall issue, but upon probable cause…”. However, because of the high incidence of electronic crime, searching electronic information is not considered unreasonable, and searching for information that would have required a warrant in past years has become legally obtainable in the electronic age. Law enforcement is pursuing more aggressive tactics to protect citizens from online crime.

This may come as bad news for digital criminals, and maybe even to radical proponents of civil liberties, but ultimately, the safety of private information is very important to most Americans. The law enforcement community is making good use of digital forensics as a revolutionary means in crime prevention and prosecution, and is beginning to catch up to the rapidly evolving cyber-criminals. Electronic evidence has become more important than physical evidence and has altered the very principles of crime scene investigation. Similarly, everyday citizens should become more careful with their sensitive information, and regularly check bank statements, credit card statements, or other activity in order to prevent identity theft and digital theft.

via Digital Forensics: What Footprints Do You Leave Online? | Forensic Science.

Filed Under: Tech Bytes Tagged With: , , , , , , , , ,

10 Data Security Trends for SMBs in 2011

January 4, 2011 By Leave a Comment

10 Data Security Trends

  1. More small scale breaches. Heathcare entities are required to report breaches affecting 500 or more people, so Kroll says there will be an increase in reports of small scale breaches. As more companies implement data security measures, audits will likely bring to light older, overlooked breaches from the past.
  2. “Low-tech,” non-electronic data theft. Pen and paper strike back.
  3. Lost devices lead to data theft. As people rely more and more on mobile devices, the chances for loss and theft of data from these devices increases. According to the U.S. Department of Health and Human Services, 24% of reported data breaches were due to laptop theft – more than any other cause.
  4. Data minimization. Kroll suggests that companies will reverse course, having spent years amassing consumer information to now starting to see this data as a liability.
  5. Openness and collaboration increases organizational vulnerability. “By nature, data in transit is data at risk,” and sharing data, says Kroll, increases vulnerabilities.
  6. More social networking policies Kroll says employers will need to develop policies for social networking use as they relate to data security.
  7. Thinking encryption is the silver bullet. Kroll says that “encryption is often incorrectly positioned as a complete solution to data security.”
  8. More notifications required for third-party breaches. As companies rely on more third-party data collection, they may be start obligating those companies to protect company data.
  9. Privacy awareness training. Rather than relying solely on technology fixes for security issues, Kroll says companies should also train employees on how to recognize issues and obligations.
  10. Possibility of a federal breach notificiation law

via 10 Data Security Trends for SMBs in 2011.

Filed Under: From The News Tagged With: , , , , , , , , ,

Is Email Snooping a Crime? – Law Blog – WSJ

December 27, 2010 By Leave a Comment

Michigan resident Leon Walker faces a peculiar predicament: he’s been charged with a felony for secretly checking out his wife’s email account.

Using his wife’s password, Walker accessed her Gmail account and learned she allegedly was having an affair, according to this article in the Detroit Free Press.

State prosecutors in Michigan have charged Walker under a statute used typically to prosecute identity theft or theft of trade secrets, the Free Press Reports. (Hat tip: JonathanTurley.org)

Walker, who divorced his wife this month, faces a criminal trial in February and up to 5 years in prison.

A few weeks back, we noted that the Sixth Circuit had ruled that people have a reasonable expectation that their emails will remain private and further that the government needs a search warrant to snoop through emails stored by Internet Service Providers.

But criminal charges for surreptitiously checking out a spouse’s emails?

It’s a legal gray area, the Free Press reports, and Walker could be helped by the fact that he was still living with his wife and had routine access to her computer. “It was a family computer,” Walker told the Free Press.

Oakland County, Michigan prosecutor Jessica Cooper told the Free Press that she was justified in charging Walker.  “The guy is a hacker,” she said. The email account “was password protected.”

via Is Email Snooping a Crime? – Law Blog – WSJ.

Filed Under: From The News Tagged With: , , , , , , , , ,

SAP asks for gag order in legal battle with Oracle | Reuters

October 24, 2010 By Leave a Comment

Attorneys for SAP AG have asked a federal judge for a gag order during the upcoming trial in an intellectual property theft case stemming from a lawsuit by software company Oracle.

The move followed a column by New York Times columnist Joe Nocera in which he suggested that former SAP chief Leo Apotheker had known about the theft at a subsidiary called TomorrowNow and had initially done nothing about it.

Oracle has accused SAP — through the now-defunct TomorrowNow — of gaining unauthorized access to its customer support website, allowing SAP to copy thousands of software products and other confidential material.

SAP has accepted liability for copyright infringement in the lawsuit, which is set to go to trial in November and will determine how much SAP should pay in damages.

via SAP asks for gag order in legal battle with Oracle | Reuters.

Filed Under: From The News Tagged With: , , , , , , , , ,

Kroll Global Fraud Report – North America Overview

October 18, 2010 By Leave a Comment

Fraud levels remain low in North America compared to other regions in all areas except one: information theft or attack. According to this year’s results, fraud in this area rose to 32% from a more modest 22% last year. The significantly high levels of information theft reported exceed the survey average of 27%. Notably, North American respondents cited phishing (26%) and the increased use of technology (19%) as the primary tactics used in this type of fraud. When probed further, 26% of those surveyed cited the complexity of IT infrastructure as the leading cause of increased fraud exposure.

The growing threat to information security, however, may not be getting the attention that it deserves. Only 34% of respondents considered themselves moderately to highly vulnerable to information theft. Moreover, investment in IT security measures declined this year versus last.

Overall, companies in the region believe they are less vulnerable to fraud. They also report low exposure in areas such as corruption (7%) and market collusion (4%). In spite of this, the challenge still remains for businesses to recognize the potential risks of violating the US Foreign Corrupt Practices Act (FCPA). Only 42% of respondents were certain that the FCPA applied to them while 44% were unsure and 14% believed it does not.

via Kroll Global Fraud Report – North America Overview.

Filed Under: From The News Tagged With: , , , , , , , , ,

Large Corporations Still Behind on Data Governance | Information Management

October 14, 2010 By Leave a Comment

Less than one-fourth of corporations in the Global 1000 can fulfill their data retention and disposal objectives, leading to wasteful spending, legal risks and possible theft, according to findings in a new survey.

The Compliance, Governance and Oversight Council, in collaboration with the Electronic Discovery Reference Model, queried legal, IT and records maintenance leaders at companies in a wide range of industries on their information governance practices. The report stated that 98 percent of companies rated defensible disposal and retention of data as a key governance objective, though currently only 22 percent of those companies can fully handle that task.

Primary obstacles cited in the survey were disconnects between agencies or departments dealing with data, and a massive and expensive legacy systems drag on content management costs.

ADVERTISEMENT

While 85 percent of companies agree that consistent collaboration is critical in data governance, leaders in IT, litigation and records largely pointed the blame for data governance on each other, the survey found. And, of organizations with information oversight committees in place, less than 17 percent surveyed stated they felt that all of the correct stakeholders are involved.

Organizational miscommunication or misdirection on data governance leads to other problems as well, the survey conductors reported. Nearly all companies in the survey had quotas linked to information governance, which they stated more easily leads to theft or misuse. Gaps in data retention schedule development can make the entire governance schedule obsolete, with the survey noting that 77 percent of companies’ schedules were not electronically usable or still relegated to paper documents.

via Large Corporations Still Behind on Data Governance.

Filed Under: From The News Tagged With: , , , , , , , , ,

Starwood may pursue Hilton trade secret theft case | Reuters

June 17, 2010 By Leave a Comment

Hilton Worldwide lost its bid to dismiss a lawsuit by rival hotel operator Starwood Hotels & Resorts Worldwide Inc (HOT.N) that accused it and two former Starwood executives of stealing trade secrets.

U.S. District Judge Stephen Robinson on Wednesday ruled that Starwood had presented sufficient evidence to allow the case against Hilton, which is owned by private equity firm Blackstone Group LP (BX.N), to go forward.

Starwood said the executives, Ross Klein and Amar Lalvani, who were in charge of developing its luxury hotels before jumping to Hilton in 2008, accessed its computer systems and files without authorization, and stole hundreds of thousands of documents with confidential information.

“The amended complaint alleges specific facts to demonstrate that both Klein and Lalvani’s access of Starwood’s computer systems and transmission of electronic files to home addresses (and ultimately to Hilton) continued after they had accepted employment by Hilton for Hilton’s benefit,” Robinson wrote in a 19-page opinion.

The Robinson, whose courtroom is in White Plains, New York,allowed one Starwood claim “false representations” to go to arbitration.

Hilton had sought to dismiss the case on jurisdictional grounds. It sought to have all of Starwood’s claims be settled through arbitration. But the judge retained jurisdiction on two of the claims.

via UPDATE 1-Starwood may pursue Hilton trade secret theft case | Reuters.

Filed Under: From The News Tagged With: , , , , , , , , ,
« Older Posts