| As is often the case with security compromises, it’s not a matter of if your company will be compromised, but when.
If I had known the employee I hired was going to resign, break into my offi ce, and damage my computers in the span of three days, hindsight being 20/20, I would have sent notifi cation to the security guards at the front door placing them on high alert and made sure he was not granted access to the building after he resigned. Of course, I in hindsight, I should have done a better job of hiring critical personnel .He was hired as a computer security analyst and security hacker instructor; and was (or should have been) the best example of ethical conduct.
Clearly, we see only what we want to see when hiring staff and you won’t know whether an employee is ethical until a compromise occurs. Even if my blinders had been off, I would have never seen this compromise coming. It boggles the mind to think that anyone would ruin or jeopardize his career in computer security for so little. But he did break into the building and he did damage our computers, and therefore he will be held accountable for his actions, as detailed in the following forensic information. Pay attention when the legal issues are reviewed. You will learn bits and pieces regarding how to make your life easier by knowing what you really need to know “when” your computer security compromise occurs.
Computer forensics is the preservation, identifi cation, extraction, interpretation, and documentation of computer evidence. In Chapter 9 of Cyber Crime Investigations, digital forensics is referred to as “the scientifi c acquisition, analysis, and preservation of data contained in electronic media whose information can be used as evidence in a court of law.”1.
In the case involving the Hewlett-Packard board of directors, seasoned investigators within HP and the primary subcontracting company sought clarity on an investigative method they were implementing for an investigation. The investigators asked legal counsel to determine whether the technique being used was legal or illegal. Legal counsel determined that the technique fell within a gray area, and did not constitute an illegal act. As a result, the investigators used it and were later arrested. This situation could befall any cyber crimes investigator.
In the Hewlett-Packard case, legal counsel did not fully understand the laws relating to such methodologies and technological issues. The lesson for investigators here is not to assume that an action you’ve taken is legal just because corporate counsel told you it was. This is especially true within the corporate arena. In the HP case, several investigators were arrested, including legal counsel, for their actions.
|