Industrial Espionage – Consumer Sector - North America

Background

As part of a bi-annual internal security audit undertaken by our client. We were asked to confirm the findings of a report which stated that no abnormal activity had been identified during a review of firewall and router logs.

During our review, one anomaly we felt warranted further investigation was that for the preceding month, on the same three days of the week at 3am, the same workstation came to life. The initial review attributing the activity to a poorly configured ‘at’ command that did not warrant further investigation.

Investigation

It transpired that the workstation in question was in one of the few areas it was possible to get to, without passing CCTV cameras at the main entrances, or main walkways and thoroughfares within the facility.

CCC was asked to monitor activity emanating from the workstation, as well as reviewing historical data. From an examination of the historical data, it was possible to determine that the activity had not previously occurred, whilst electronic monitoring of the machine identified additional human activity.

Further monitoring showed that the user was targeting systems specifically used in relation to the research and development of new products. It was also possible to determine that an authorised user’s of those systems credentials was being used to gain access to the restricted part of the network.

Following a combination of electronic monitoring and traditional surveillance, the person identified as being responsible for accessing the computer was a cleaner employed by a contracted third party providing the services. It further transpired that ‘the cleaner’ was in fact an out of work research scientist, having been dismissed from his former employment for what was described as ‘inappropriate activity.’ Now looking for work, he thought it might be possible to either sell or use the information as a bargaining chip or tool with which to get a job with a competitor of the client’s. His knowledge of computer systems, and also allowed him to increase his user privileges to administrative levels by identifying and exploiting a vulnerability within the system. Giving him unrestricted access to the data found within research network.

Surveillance of the subject also found him visiting one of the client’s competitors. Before any harm could be done and agreement between the two companies was reached preventing litigation, whilst ensuring the client’s information would remain proprietary for a significant period.

Leaving the ‘cleaner’ looking for another job.

For more information regarding any of the services associated with this assignment, please email contact@ccc-ltd.com

Scroll to Top