Tel: +44(0)1529 306284

Investigation, Projects & Case Studies

Investigation, Projects & Case Studies

Below are examples of a small number of case studies undertaken for clients, including details of the investigation.

IT Security Review – FTSE 100 company – UK

This project was conducted over an eight-month period for a FTSE 100 company and involved over 100 locations in the UK.

Background

At the time, several IT security related incidents had occurred in quick succession. As a result, company assets were being put at risk and current measures supposedly in place were not providing adequate security.

The project was to provide the security needed and this accomplished in three phases, which were to:

  1. Establish the true level of security that existed within the network, identify and report on issues and their associated risks.
  2. Make recommendations to either remove or minimise the risks to an acceptable level.
  3. Deploy accepted recommendations. This included, the development, testing and roll-out secure builds across the network.

The review comprised of:

  • External and internal penetration testing
  • System audit, covering:
    • Access control
    • Operating systems
    • Data
    • Auditing policy
    • Policy implementation
    • Physical server security.
  • The architecture included:
    • Remote access points
    • Firewalls/Routers
    • Mail servers
    • Servers, both UNIX and Windows based.
    • SAP applications, including, operating system and underlying databases
    • Telephone switches
    • Wi-Fi access point audit

Deployment

This resulted in the following being developed and rolled-out:

  • Secure builds for:
    • Servers, both UNIX and Windows based
    • Desktops
    • Laptop builds, which included Email and disk encryption for key members of staff
  • The provision of an IT Security Policy, that complied with ISO17799
  • Securing:
    • Telephone switches to prevent external unauthorised access and internal misuse.
    • SAP Servers.
    • Wi-Fi access points
  • Removal of unauthorised access points
  • Bespoke software being provided to the client that allowed authorised users to monitor company systems to ensure that the levels of security were maintained, with any modifications being reported for further investigation.

The unusual circumstances that had to the original incidents, caused the client to seek confirmation of the work we had undertaken from a direct competitor of ours and we were subsequently provided with a copy of their conclusions which were “that the work undertaken was methodical, using a systematic approach that had produced good results”.

Covert Fraud Investigation – Balkans, Finance Sector

A company’s head office had become suspicious after unexpectedly low quarterly figures had been provided by a regional office also, the reasons given were inconsistent.

A plan of action was agreed and acting as a company employee. We were to assist in delivery of a new payroll system that was being rolled out globally and conduct a covert investigation for possible causes at the same time.

As a result of this analysis, it was established that members of the regional management had started to set up a company in direct competition and had used client company funds to purchase equipment for the new company also, they had attempted to falsify accounts to cover this activity up.

Evidence was initially recovered from ‘file slack’ on a workstation and data recovered from ‘jump lists’ also indicated that other potentially compromising files had existed on the system but had been ‘forensically erased’.

In addition, off-site enquiries made regarding in relation to the new company also additional material that could be searched for. Furthermore,  evidence was found  implicating other members of staff. Finally, it was established that in the region of £4m of clients monies had been diverted and used to purchase assets for the new concern. The majority of assets were subsequently recovered and appropriate action taken in respect of those responsible.

Note:  The new payroll system was implemented and deployed successfully.

I.P. Theft – Americas/Middle East, Oil & Gas Sector

This investigation came about as a result of a periodical review of the client’s network. During which evidence was discovered that showed mail servers on the client network had been accessed via a third-party connection. Further investigations established that the email accounts targeted held significant amounts of client confidential information, including draft patent applications, relating to new processes relating to mineral extraction.

A covert electronic monitoring of the network confirmed the activity and that third party contractor credentials being used.

The third-party company were contacted at senior level and co-operated with the investigation, helping to identify the person responsible. They were also required to destroy all client material and not disclose or use it in any other way.

Industrial Espionage – North America, Consumer Sector

As part of an internal security audit undertaken by the client company. CCC were asked to review a sample of system logs for unusual activity in relation to a segment of the network containing business critical servers. One anomaly was identified that three times a week at around 3 am, a specific workstation would start to broadcast. It was also established that the activity was not automated and required human intervention. The workstation was physically located in one of the few areas that could be accessed without passing CCTV cameras located in common areas, such as hallways and main entrances and exits.

Covert electronic monitoring was set up, which established that the workstation, was in fact gaining access to client R&D systems. A decision was then taken to undertake a more traditional investigation including surveillance alongside the electronic monitoring.

As a consequence, it was established that, a research scientist posing as a cleaner had gained employment with the company responsible for the client’s premises. As a result, he was been able to obtain access to the premises and obtain valid user’s logon credentials that had allowed access to the network and the restricted sensitive research data.

When interviewed, he admitted his part and stated that, the information had come from a former employee the client company had recently dismissed and that a project he had been working on, was near completion, showing very positive results and to be worth a fortune. Being unemployed, he had decided to try and steal the information, with a view to selling it any interested parties.

Suspicious Death & Blackmail – Eastern Europe, Finance sector

CCC were asked to be part of a team, tasked with establishing the circumstances surrounding the death of a company finance director, who had been found dead in suspicious and unexplained circumstances.

On our arrival at the company’s premises, it became apparent that the local employees were not very forthcoming about about the deceased or his activities and they also sought to delay our gaining access to his workstation. His laptop and mobile phone having disappeared.

A decision was taken to make an out-of-hours visit and covertly obtain a forensic copy of the workstation hard disk drive for analysis, having acquired the alarm codes and a spare set of keys for the premises. The subsequent analysis showed that the victim had been creating false invoices to cover the misappropriation of cash.

Evidence found at the deceased’s home indicated that he was in fact being blackmailed and that the location of the death had been a previous meeting point.

It was subsequently established that, payments in the region of £750,000 had been made over a period of approximately nine months and that he had either refused or was unable to make further payments. As a result it appears that he was murdered to prevent him from possibly identifying those responsible for the extortion.

Note: No formal investigation appears to have ever taken place and the incident was not reported on by the media!

“Even a good lawyer may not be able to mount a case, for prosecution or defence. If they cannot rely on the evidence provided to them.”

We bring together a variety of expertise in a range of skills and have taken on some of the most difficult assignments known.
There is no substitute for a combination of quality and experience.

For more information on any of the services we are able to provide.
Tel: +44 (0) 1529 306284. or Email: contact@ccc-ltd.com

For examples of projects and cases undertaken: Click Here...