Industrial Espionage Investigators
Detecting Industrial Espionage in London Takes Precision
Industrial espionage covers a wide range of corporate activities which center around intellectual property (IP) theft. Often, a companies own employees are at the heart of the theft or attack, other times, it’s well resourced, patient, and technically skilled groups who are stealing your data.
No longer are system compromises the result of teenage ‘hackers’ having a poke around corporate networks. Data theft – whether by a nation state or an over zealous competitor, involves highly sophisticated technical means to steal your designs, plans and customer data.
This area more than any other we deal in, requires the focus and attention of dedicated incident response and forensic analysts who are current in the attack methodologies being employed.
A high-net-worth individual running a boutique financial service in Switzerland believed he was being targeted by an organised crime syndicate, using sophisticated technical attacks against his systems.
First Response were instructed to determine if any compromise had occurred, and if so what data had been ex-filtrated and who was responsible.
The preliminary examination of his systems uncovered a hardware key-logger, a hardware or software module which captures everything typed at the keyboard, including passwords. We then carried out a detailed analysis of the most at-risk computer systems. A time line analysis of system artefacts discovered, allowed us to pinpoint the date and time when the key-logger was installed – this in turn allowed us to cross reference with door access data and in-house CCTV to determine the identity of the attacker.
He was a long-time employee and PC support engineer who had simply been paid to install the device. Our report led to his arrest by Swiss Police and full cooperation with the investigation. Analysis of other systems, including firewalls and proxy servers uncovered a six month history of sustained attacks using malicious code and a series of direct assaults on network edge devices. Artefacts present showed that several of these attacks had been successful and that the email accounts of two Directors had been compromised.
All of these attacks originated from a small number of IP addresses allocated to a Russian ISP. Swiss authorities took over the investigation and in cooperation with their Russian counterparts, eventually arrested members of the criminal gang behind the attacks.