Written By: Kym Pasqualini, Feature Crime Writer for Lauth Investigations
Penetration testing, intrusion testing and red teaming are some of the terms used for ethical hacking.
The word “hacking” almost always has negative connotations. It seems the mention of Chinese hacking, Russian hacking, or DNC hacking receives constant mention in our 24-hour news cycle.
Ethical hacking is also referred to as penetration testing, intrusion testing and red teaming, coined by the government during the 1970’s when they first hired ethical hackers to break into the United States government’s computer systems to test for vulnerabilities.
It is estimated “hackers” cost the United States more than $445 billion annually.
In a Fortune article “Data Breaches Now Cost $4 Million on Average,” according to IBM’s security division, the cost of a breach per incident has risen to $4 million, up 29% since 2013. “We’re now in a mode where these attacks are going to happen even to people that are well prepared,” said Caleb Barlow, a vice president at IBM Security.
Hackers cost the US government and corporations billions annually.
According to Fortune, hackers and cybercriminals cause most breaches, and more than half of data exposures are caused by malicious attacks; the rest are caused by mistakes or glitches.
Ethical hacking is a growing profession utilized by the United States government, technology companies and other institutions.
In the field, experts refer to three major types of hackers:
- White Hats: Security professionals or “ethical hackers” who use their expertise to strengthen a network and secure it from criminals.
- Black Hats: Malicious hackers or “crackers” who use their skills for malevolent purposes. White hats work to protect computer structures from the Black Hats.
- Gray Hats:Iindividuals who become white or black hats depending upon the circumstances and generally proclaim being an ethical hacker.
Many large corporations, such as IBM, employ teams of ethical hackers to keep their IT systems secure.
Why Ethical Hacking is Important
With every breach reported in the media, the need for more effective information security is becoming increasingly evident.
New technologies such as cloud computing, IT outsourcing, and enterprises must adjust their security practices and policies to combat the threat of malicious hacking. To combat threats, ethical hacking is rapidly gaining attention as an essential security practice to be performed on a regular basis.
In a public white paper entitled, “The Importance of Ethical Hacking: Emerging Threats Emphasize the Need for Holistic Treatment,” by Frost & Sullivan, it discusses top technical concerns and the role of ethical hacking in an enterprise architecture.
“The increased sophistication and success rate for recent cyber-attacks is directly related to the shift in the attacker profile, indicating that nation-states and large criminal organizations are funding well organized, highly motivated, and well-trained teams of programmers,” said Chris Rodriguez, Analyst for Frost and Sullivan. “The elevated threat landscape therefor, urgently dictates the need for a comprehensive, real-world assessment of an organization’s security posture,” said Rodriguez.
Ethical hacking provides objective analysis of an organization’s security stance for organizations of any size. Ethical hacking has become a mainstream service, as companies of all sizes pursue expert, objective, third -party analysis.
What is an Ethical Hacker?
Ethical hacking is an ambiguous term used to describe hacking performed by an individual or organization to help penetrate or gain access to identifying potential threats on a computer or a network infrastructure. In short, ethical hackers are simply computer programmers who use their skills in a constructive manner.
Ethical hackers can attempt to bypass security systems to isolate weak points malicious hackers could exploit. In the effort to eliminate or reduce potential criminal hacks, the information gained by the ethical hacker is then used by the company to make improvements to security.
Some may say there is no such thing as an “ethical” hacker. Simply “hacking is hacking” but the most notable hackers are known publicly as cybercriminals or computer criminals because of the damage they inflict on companies and individuals nationwide.
A highly publicized hacking incident where personal information is compromised can damage a company or organization for years.
A cybersecurity professional can have a range of expertise, anywhere from maintenance, administration, architecture, forensic investigation of secure networked systems that are increasingly necessary for the sake of operation of businesses, nonprofits, governments and medical, and educational institutions.
Even training is offered by the International Council for E-Commerce Consultants (EC-Council). The Certified Ethical Hacker (CEH) exam is made up of approximately 125 multiple choice questions and costs about $500 with additional IT certifications available. Training is entirely voluntary.
For hacking to be ethical, a hacker must abide by the following informal rules:
- Permission to access the network to identify potential security threats.
- Respect individual’s right to privacy.
- Treat all data, material, and findings as confidential.
Ethics play a vital role in hacking and differentiating innocent activities from computer crimes. Hacking is ethical if the skills are used to enhance a network system. But the issue of ethics can be very risky when one does not know a person’s motivations. With no formal code of ethics or code of honor, this void creates external forces to determine how to respond when ethical predicaments arise.
An ethical hacker will ensure the client’s IT system is properly evaluated for security issues and vulnerabilities, while protecting sensitive, personal and confidential or proprietary information. While accessing an organization’s system, the respected ethical hacker’s integrity will guide the actions of the ethical hacker.
While ethical hacking presents advantages to increase security to protect IT systems and assets, any organization implementing ethical hacking must consider any negative impacts that may arise from the practice.
An ethical hacker is typically contracted to hack the organization’s system. Hiring outside is usually preferred to start from scratch and simulate potential external hacks.
While there is an advantage of ethical hacking because it supports the organization’s efforts to gain more knowledge about the IT Security by identifying vulnerabilities, the main disadvantage is it presents risks of information disclosure. An outsider could intentionally or unintentionally disclose a company’s proprietary information to outside parties.
A dark side always is present where dishonest people will attempt to exploit others. Some risks of working with ethical hackers include:
- The ethical hacker using their skills to conduct malicious hacking activities.
- Massive security breaches.
- Potential the ethical hacker will place malicious code, malware, viruses or other potentially damaging things on a computer system.
- Allowing company’s financial, banking, or other proprietary information will be accessed.
Working with an Ethical Hacker
The benefits of working with an ethical hacker are obvious; however, many are overlooked, ranging from simply preventing malicious hacking to preventing national security breaches.
Before implementing any ethical hacking, an organization must ensure the ethical hacker understands the nature of the client’s business, computer or network system. This will help guide the ethical hacker in handling any sensitive confidential or proprietary information they may encounter.
The leadership in a company or organization must determine the sensitivity or confidentiality of the information involved. This will help ensure the ethical hacker does not violate laws, rules or regulations in handling sensitive personal, financial or proprietary information.
There are several guidelines to use when working with an ethical hacker:
- An ethical hacker should create a plan including: identifying all networks and components they will test; detail testing intervals; detail testing process.
- Require transparency while working with an ethical hacker, requiring all relevant information be reported while the system or network is being accessed. Transparency ensures the client to make immediate decisions and take necessary actions to maintain the security of the system or network.
- Establish target areas with written work agreements requiring the ethical hacker not to work beyond those parameters to minimize exposure of sensitive information. The ethical hacker should not access other areas on the computer or networks not specified in the agreement.
- Developing a non-disclosure agreement may be in order prior to contracting with an ethical hacker.
There are legal risks to include lawsuits involving disclosure of personal and confidential information possibly leading to a legal battle involving the organization and the hacker if the work is not done properly. Also, if the hacker makes errors compromising the IT network or company security, it is possible to negatively impact the organization’s general operations and profitability.
With cyberspace growing exponentially over the last decade, complex legal issues have led to the birth of a highly specialized branch of law. Cyber Law or Internet Law pertains to Internet and computer technology related offenses, especially copyright infringement and fraud that involve computers, software, hardware, and information systems (IS).
The Information and Technology Act, 2000 (IT Act) covers all types of cyber-crime, including hacking as provided under sections 43 and 66 which covers negligence and computer-related offenses.
Cyber Law prevents or reduces large-scale damage from cybercriminal activities by protecting information access, communications, privacy and intellectual property.
Ethical hacking is rapidly gaining attention as an essential business practice. Regardless of risks, companies large and small benefit from the work of ethical hackers by protecting a company’s most valuable data and protecting their bottom line.
Written By: Kym Pasqualini, Feature Crime Writer for Lauth Investigations
When we think of a spy, given the national news cycle, it may conjure up thoughts of Russians or the Chinese who have been long known for hacking and espionage. However, even more common, but much less talked about, is the business mole, and almost every business in America is susceptible.
Every business sector is vulnerable to Corporate Espionage costing businesses billions of dollars per year.
April 10, 2011, Joseph Muto was hired to work for the top-rated “O’Reilly Factor” but within 3 days, he was discovered by Fox employees to be anonymously writing for Gawker. In the span of 72 hours, Muto wrote a series of articles detailing the internal workings of the network, along with stealing and selling raw video clips. In 2013, he pled guilty to two misdemeanor charges and was dubbed the “Fox Mole.” He was fined $1000 and sentenced to over 200 hours community service. At sentencing, he said he wished he had never betrayed his former employer.
United States industries spend more on research and development of unique products and processes than any other country in the world. The key to success is having an “edge” in the business world. Whether a media company, software developing company or bakery, keeping an edge is key.
When someone steals those “trade secrets”, it is called economic espionage and costs American businesses billions annually. Damages can severely destabilize the victim company to include lost revenue, lost employment, lost investments, interruption in production, damaged reputation, and can even result in a company going out of business.
Corporate espionage conducted by spies or moles believe computers are irrelevant. It is about what data they want, what form they take, and how they can steal it.
The Company Man
The Federal Bureau of Investigation (FBI) states no business, large or small, is immune to the threat of moles and/or spies. Any proprietary process, product, or idea can be a target.
To raise awareness, the FBI in collaboration with the National Counterintelligence and Security Center has launched a nationwide campaign and released a short film called “The Company Man: Protecting America’s Secrets,” based on a true story. Mr. Moore is both unappreciated and unhappy with his career as an engineer at a glass insulation and fire-retardant firm. He is targeted on LinkedIn by a competitor who offers him a position in a rival firm. At first, Moore declines because he signed a non-compete. He is then offered $200,000 to obtain plans for equipment and formula for the glass insulation produced at his firm, RIS.
The FBI states many things drive a person to betray the company where they work.
Moore makes the decision to go to his current boss who then contacts the FBI who initiates a sting. A true story, there was an arrest in the case. However, this may not be the decision every employee would make – which makes every employee a liability in a 400 billion, in the dark. underbelly of America’s global economy.
Spotting Insider Threats
What drives a mole? The FBI states company moles are often “overwhelmed by life-crisis or career disappointment” driving them to leak information.
With email, cell phones, and jump drives, stealing information is far easier than in the past. Greed and financial need, unhappiness at work, the promise of a better job, drug or alcohol abuse, and/or vulnerability to blackmail, can all be contributors, says the FBI.
The FBI says employees who leak trade secrets, such as plans, customer databases, etc. will exhibit behaviors other employees can often identify to help prevent breaches.
Your employees may be the first line of protection when combatting the insider threat.
- Drastic changes in behavior, demeanor, or work habits.
- Unexplained affluence.
- Financial hardship.
- Substance abuse.
- Attempts to circumvent security procedures.
- Long hours at the office without authorization.
- Taking home proprietary information.
- Unnecessarily copying materials.
- Using an unauthorized USB drive.
- Unusual use of cell phone during business hours.
- Asking inappropriate questions.
- Suspicious relationships with competitors.
- Leaving traps to detect searches of their office.
Based on FBI’s studies, additionally, there are more subtle things to look for:
- Someone hired to steal company information will be experienced in the operation of a business and will be able to identify the value of your company’s trade secrets.
- Corporate spies are everyone’s friend. To gain access to a company in order to steal information, a mole will be socially adept with the ability to manipulate people to gain their trust.
- Individuals who are frequently wandering or talking in locations they do not need to be to complete their job. Someone who reflects a pattern will always have a reasonable excuse as to why they are not in the correct area or talking to specific employees.
- Employees who keep trying to re-open decisions already settled and question advisability of decisions.
- They act envious.
Vulnerabilities – Getting Access
Once inside, a mole has a lot of ways to access sensitive information. Spies can even work in pairs, possibly one as a consultant and the other an employee. When you have valuable information, never underestimate the methods others will use to gain access to it.
Spying can be as easy as photocopying papers found on unattended desks or at printers. Walking into an empty meeting room with a laptop and pulling data off the network.
A common ploy is pretending to be an employee. Another ploy often used, posing as IT personnel because it enables the individual to look legitimate while accessing network access points and sitting at someone’s computer. In other cases, spies have posed as cleaning staff, gaining access after-hours.
Criminals capitalize on the common assumption if you are in the building, you must be okay. Investing in your company’s staff to raise awareness is the best investment a company can make.
According to InfoWorld, Peter Wood, Chief of Operations at First Base Technologies, a U.K. based consultant firm performing ethical hacking services, “Spies are interested in anything from financial data to intellectual property and customer data. They might steal information for blackmail purposes, but the most common motive for physical intrusion is industrial espionage.”
Wood says the most common way to intrude upon a company is posing as an employee or a visitor, even creating convincing costumes to pose as a legitimate visitor such as telephone, electrical or maintenance person, a burglar alarm inspector, even someone from the fire department.
Protecting Your Trade Secrets
The FBI lists several ways to protect your workplace from insider threats.
- Recognize the threat.
- Identify and value trade secrets.
- Implement a definable plan for safeguarding trade secrets.
- Secure physical trade secrets and limit access to trade secrets.
- Provide ongoing security training to employees.
- Use protective tools such as screensavers with password controls.
- Classify information and store accordingly.
- Secure the workplace so visitors do not have access without security screening.
- Encrypt data and require strong passwords for employees with liberal access rights.
- Develop an insider threat program.
- Proactively report suspicious incidents to the FBI before your proprietary information is irreversibly compromised.
- Ask the FBI or other security professionals for additional awareness training.
At times, companies are hesitant to report such activity for fear they will risk their trade secrets being disclosed in court or compromised in any way. The FBI will do all it can to minimize business disruption, safeguard data and privacy, and will seek protective orders to preserve business confidentiality and sensitive information. The Department of Justice also has a variety of protections in place to ensure information is protected during a criminal prosecution.
By: Kym Pasqualini, Feature Crime Writer for Lauth Investigations
The days of red and blue handkerchiefs, baggy pants, graffiti, rap-music, and drive-by shootings are no longer such a popular sub-culture. Believe it or not, the new kind of gangsters hold college degrees, work and hold jobs in offices, warehouses, even government positions and police departments. They are a more sophisticated criminal and have infiltrated corporate America.
No more baggy pants. Today, you are more apt to find a gang member wearing black patent leather shoes.
If you think this is not a possibility in your own company, think again. No industry or company is exempt. A University of Chicago study found gangs have increasingly adopted a clean-cut appearance while replicating techniques used by organized crime.
Described as “very sophisticated and well organized” by the Federal Bureau of Investigation (FBI), they estimate there are 33,000 violent street gangs with 1.4 million members nationwide. You can safely double that number if you count affiliates and wannabes. The number has risen steeply, up from 1996 where an estimated 400,000 gang members were accounted for in the University of Chicago study.If you think this is not a possibility in your own company, think again. No industry or company is exempt. A University of Chicago study found gangs have increasingly adopted a clean-cut appearance while replicating techniques used by organized crime.
Well-known companies, Chicago Police Department, the United States Post Office, major pharmaceutical companies, and even the Social Security Administration have found gang members within their ranks carrying out complex illegal operations netting millions annually.
According to the FBI 2015, National Gang Report (NGR), gangs have gained employment in the U.S. Military, law enforcement, corrections, and even judiciary.
From the Streets to a Global Crime Empire
Typically, gangs are known for drug trafficking, robbery, gun trafficking, intimidation rackets, prostitution, human trafficking, fraud and other crimes you may think would not infiltrate a common company. Now, they are. However gangs are concentrating their efforts on white-collar crime due to weaker sentencing guidelines and ease of making money.
The term “gang activity” involves identity theft, credit card fraud, prescription drug fraud, trafficking stolen goods, money laundering, mortgage fraud, Social Security Administration fraud, tax fraud, counterfeiting, and securities marketing manipulation. Where there is access, there will be individuals willing to participate in capitalizing and even selling their access to those interested in exploiting the system.
In New Jersey, the 111 Neighborhood Crips used a machine to make gift cards they distributed to grocery stores, pharmacies and other stores. Grand larceny accounts for 40% of all crime in the United States during 2014.
In 2015, the Outlaw Gangsta Crips in NYC made approximately $500,000 in a paycheck fraud scheme by obtaining a legitimate paycheck from an employee and using the information to create and cash counterfeit checks.
From 2004 through 2009, fraud investigations alone increased 33%, bringing losses associated with those schemes into the billions of dollars.
According to Fox Business, Gangs such as the Bloods, Crips and La Nuestra Familia are undertaking white-collar crime. They are recruiting members that possess the necessary skill-sets, according to the FBI.
When you think gangster, images of Joe Pesci and Robert De Niro, maybe even Snoop Dog, may come to mind, not the impeccably dressed executive working in a high finance position. Or, the nicely dressed woman at the bank who knows how much you deposit weekly or the amount of your company’s payroll.
In a Workforce Magazine article, “Have Gangs Invaded Your Workplace,” during 1995, California, Silicon Valley firms alone were hit with more than 50 armed robberies of microchips and electronic components with the average heist netting the robbers $400,000. “There’s a growing level of sophistication and opportunism,” says Keith Lowry, a detective in the High-Tech Crime Unit of the San Jose Police Department.
Gang members are becoming harder to weed out in the hiring process, much of the time because we commonly think of “gang members” as looking like street thugs, and these old stereotypes are costing companies billions annually.
Weeding out white-collar gang members has become increasingly difficult.
Any company can become a target or an opportunity to engage in illegal activities, like dealing drugs, theft of property or personal information, extortion. Gangs have learned they can make a lot more money by being well-dressed, educated, and articulate.
For instance, electronics firms are easy targets. A microchip or computer processor weighing less than an ounce can score several hundred dollars on the street. The sentence for being charged with a stolen microchip much less than selling an ounce of drugs.
Some gangs plant members within a company in specific department such as infiltrating dispatching, shipping or the financial departments. They can also pose as temporary workers or work for outside vendors to gain access to numerous companies.
In addition, the growing trend toward outsourcing can often lead to less control over merchandise, files, and information.
According to a Fox Business article “From the Streets to Cyberspace: U.S. Gangs Turn to White Collar Crime,” the FBI says, “Gangs are more adaptable, organized, sophisticated, and opportunistic, exploiting new and advanced technology as a means to recruit, communicate discreetly, target their rivals and perpetuate their criminal activity.”
Facebook has become the preferred method for gang members to communicate according to the FBI. “The proliferation of social networking websites has made gang activity more prevalent and lethal – moving gangs from the streets to cyberspace,” says the FBI.
Arming Your Human Resources Department
Much of the solution lies in ensuring Human Resources procedures are effective. Of course, background checks and screening procedures are vital but is there more to be done to detect a potential criminal trying to infiltrate your workforce? The first thing to keep in mind – you get what you pay for and being lax can cost you.
Local criminal checks are almost worthless; however, a full criminal screening can pay off. In addition, many applicants may have earned their GED in prison, with some digging, their history can be discovered.
Many companies cut corners and haphazardly follow procedures when screening applicants not realizing dealing with the aftermath can result in costing more when you compare it to properly vetting applicants the first time around.
Additionally, letting your applicants know you will be conducting a thorough background, previous employment, driving records, verifying degrees, criminal record check, and reference checks can also discourage many applicants from pursuing the position in the first place, which ultimately saves your company time and costs associated with the screening process.
What is important to consider is applying an effective screening procedure to contractors, consultants and temporary employees depending upon how much access they may be granted, as well as, the time they will be spending at your company.
Trusting a “temp agency” is conducting the appropriate background checks is a potential liability for your company.
Educating your employees on how to spot gang activity and how to handle it is crucial. Some companies have found having training sessions and employee meetings add to their success combatting gangs in the workplace.
Experts agree loyalty to gangs overrides loyalty to an employer. Even though they may try hard to blend in they may still slip occasionally and there are some recommendations or even subtle things to monitor.
- Does your employee reside in a known gang area?
- Is your employee responsible? Too much time on the phone or arrive late?
- Does your employee go by a nickname and have nicknames for friends?
- Do the clothes, colors or insignias stay consistent?
- Does your employee have visitors at work, friend or family?
- Have you noticed any graffiti in or around your workplace?
- Does your employee use verbal, hand or walking mannerisms that could be associated with gang activity?
- Is your employee on parole or probation?
Being a girlfriend of a gang member or being a current or former gang member is not against the law, but it could be a sign of other activity that could be detected if your HR department is cognizant of the many issues that face companies if infiltrated.
Using Private Investigators to Combat Gang Intrusion in the Workplace
Private investigators are a commonly used tool in the arsenal to combat “gang intrusion” along with malingering, theft or fraud in the workplace.
Along with surveillance and providing evidence, they can also evaluate your HR department’s policy and procedures through undercover placement or working along with the HR department to tighten up the reigns to reduce incidents of crime.
Many times, it is recommended to have a private investigator apply for employment without informing anyone in your company to best determine where weaknesses exist in the hiring process. Were all the references called? What questions were asked? Were the proper background checks completed?
It may be necessary to start at the beginning of the hiring process. In addition, private investigators can be placed in certain departments where there have been discrepancies identified to collect evidence admissible in a Court of law. It is an extra layer of protection when investigating activities at your company without violating privacy laws.
When a company suspects criminal activity, it is advantageous to hire a professional who will work with police if the legitimate criminal activity is, in fact, detected. Abuse of sick leave or malingering costs companies billions of dollars a year. This is enough to warrant the hiring of a private detective to legally document the behavior.
From filming a guy talking about starting his new business and hinting at using the employer’s database, to a meat manufacturing plant taking a cut of the supplier’s delivery, to the employee watching porn on the company computers, a private investigator can take the care needed to conduct an internal investigation legally, ultimately protecting your company and saving you a lot of money.
Is Your Employee a Drug Trafficker? Opiates in the Workplace
According to the Centers for Disease Control and Prevention (CDC), sales of prescription opioids quadrupled during 1999 to 2014. Referred to as an opioid crisis in America, it seems we all know someone battling an addiction to prescription medications.
Opioids include prescription pills (including Vicodin, Oxycontin, and Percocet), as well as Heroin and Fentanyl, a drug that can be injected, taken as a lozenge or through a skin patch.
Nationwide 1 in 4 people who are prescribed opioids will struggle with addiction. The depth of the problem is highlighted in a disturbing CDC post stating, “Almost all prescription drugs involved in overdoses come from prescriptions originally; very few come from pharmacy theft. However, once they are prescribed and dispensed, prescription drugs are frequently diverted to people using them without prescriptions. More than 3 out of 4 people who misuse prescription painkillers use drugs prescribed to someone else.
In addition to the personal toll to the addicts and the American family touched by opioid abuse, the CDC also estimates the total “economic burden” of prescription opioid misuse alone in the United States is $78.5 billion a year, including the cost of healthcare, loss of productivity, absenteeism, increased injuries, addiction treatment, theft, criminal justice involvement, and legal liabilities.
The Substance Abuse and Mental Health Services Administration (SAMHSA) estimates 68.9% of all drug users are employed.
The Drug Enforcement Agency estimates employed persons who misuse opioids account for 64.5% of medically related absenteeism and 90.1% of disability costs.
The use of opioids in the workplace is a growing battle for American business. According to a National Safety Council (NCS) survey, 57% of employers perform drug tests. However, more than 40% do not test for synthetic opioids like oxycodone, one of the most abused narcotics on the market, making accurate national statistics unreliable.
An NCS survey also found 29% of employers reported impaired job performance due to use of painkillers, with 15% citing injuries due to drug use. Up to 70% of employers said their workforce has been negatively affected in one way or another.
The Impact of Drugs in the Workplace
Use of drugs impairs decision making and causes physical impairment, a deadly condition when at work. It causes an overall decline in employee morale, an unsafe working environment and increases employer liability.
It is estimated at least 1 of 6 employees use drugs at work and the toll on the workplace is costly in the following ways:
- Addicts are 1/3 less productive than their counterparts
- Five more times likely to cause accidents
- Are absent up to 20 times more often
- Five times more likely to request workers compensation
- Contribute to 40% of all industrial work fatalities
- Health care costs for addicts is three times higher than other employees
- Admitted to selling drugs to coworkers
- Admitted to stealing from employers and coworkers
It is estimated 70% of 14.8 million Americans who use illegal drugs are employed. It is safe to assume if you have drug abusers on the job, you probably also have drug dealers operating within your company.
As drug dependency increases, it is common for addicts to buy drugs from friends or coworkers and even steal from their company, co-workers and clients.
Experts have also found the number of heroin addicts have increased as it is common for an opioid user to transition to using heroin when they begin running out of pills and money. Heroin is significantly cheaper than opiates and easier to obtain. Heroin laced with Fentanyl is becoming increasingly popular because it can be 50 times stronger than heroin.
The drug dealer of today is no longer the shady guy driving a decked-out Cadillac, meeting his clients in a dark alley or an unlit street corner. Dealing drugs to coworkers is preferred over standing on the corner selling to strangers and for a drug trafficker, less risky.
At work, a dealer has an employed clientele able to afford the drugs, and someone they can establish trust with while selling under the radar of management in the restroom, parking lot, lunch-room or cubicle.
Oftentimes workplace dealers will sell drugs on credit or a “front” according to the book Undercover Investigations in the Workplace by Eugene Ferraro. Drugs are sold to an employee with the agreement of paying later, usually on payday. Co-workers make the perfect client for a drug dealer and quite a lucrative business, with one Oxycontin pill demanding up to $50-$80 each on the street according to a CNN Money article Prescription Drugs Worth Millions to Dealers.
According to Ferraro, “We have caught employees-dealers (earning less than $10 an hour from their employer) who never carried less than $10,000 cash to work.”
Paydays are usually the biggest days for drug trafficking activity. However, to pay for drugs, addicts often turn to their employers to fund their habits.
With addicts in the workplace, there is a higher incidence of theft of equipment, tools, products and part inventories where drug trafficking and abuse is occurring. Aside from being at increased risk, both abusers and drug dealers are more likely to become involved in additional criminal behavior, stealing from their employers and fellow employees.
What are the signs of drug trafficking and abuse in the workplace?
Are certain employees driving an expensive car far beyond the means of what they make working? Flaunting money? Are your employees leaving without notice to meet clients? High turnover and absenteeism and/or meeting in the bathroom or parking lot? What may appear on the surface to look like comradery, could be a sign of something more.
Robert Avery, 41, worked as the Parental Involvement Director at a Head Start program in Gadsen, Alabama. Instead of offering educational and health services to low-income children, Avery was arrested for selling the prescription drug “Roxycontin” to undercover agents from the program facility.
Even police departments are not immune. November 20, 2017, Jellico Police Department Dispatcher and Fireman Robert Rookard, was arrested in “Operation Thanksgiving Harvest” for selling drugs at work.
In August 2017, more than a dozen Atlanta USPS workers were rounded up for running an illegal drug distribution operation. Sixteen employees working at post offices across Metro Atlanta were arrested for accepting bribes in exchange for delivering kilogram packages of cocaine.
When the FBI received a tip that drug dealers were running packages of drugs through the mail system, they began an 18-month sting putting a fake drug dealer on the street to see how many postal workers they could get to sign up. In a bribery agreement, workers agreed to provide special addresses to the drug trafficker, intercepting and delivering the packages to the dealer, who just happened to be working with law enforcement. The number of postal workers who agreed to participate astounding.
While some companies may assume there is no liability for the actions of an employee, one company is feeling the devastating effects. According to the October 13, 2017, Chicago Tribune article, “Oak Park appeals board upholds pantry’s closure after employee accused of selling heroin,” it was reported The Village of Oak Park in Chicago closed the Austin Food Pantry after 55-year old store manager Edgar Lucas was arrested on 17 counts of heroin sales and possession at the establishment. Charges include 5 counts of unlawful delivery of a controlled substance determined to be heroin. In the aftermath, the city revoked their business license.
In an appeal, the store owners stated they had no knowledge of the employee’s drug activities; however, Village of Oak Park trustees upheld the decision to permanently close the business. In a written ruling, trustee Cara Pavlick said Austin Pantry owners were “negligent, reckless and careless at a minimum in allowing their business to be operated as a place for the sale of illegal narcotics on numerous dates.”
Drug use and trafficking are often difficult to spot and many times even harder to prove. However, every employer and Human Resources department has a responsibility to ensure a safe environment for all employees, immediately addressing any infraction or suspicion to reduce liability within the workplace and protect your company.
Private Investigators – A Weapon in Battle to Reduce Illegal Drug Use
An internal investigation sometimes involves drug-testing, some use dogs, and some use undercover operatives. Wall Street and other large corporations began using private investigations long ago with the demand ever increasing.
General Motors (GM) reported substance abuse by some of its 472,000 employees and their dependents cost the company $600 million in 1987. To combat the problem, GM instituted undercover operations at 10 mid-western plants and said it would not hesitate to use such investigations in the future. That was then, and drug use in the workplace has only increased.
While employers are encouraged to practice a covenant of good faith and dealing with all employees, protecting the workplace should be the primary goal, and often requires professional private investigators to work alongside law enforcement to ferret out drug use and other illegal activity.
Conducting a private investigation not only reflects your company as being proactive, careful documentation can help achieve a conviction and reduce liability.
Thomas Lauth, owner of Lauth Investigations International, specializes in undercover investigations for both blue-collar and white-collar companies. Having spent over 20 years in the field as a private detective, he believes diligence is key to combating workplace crime. “One can never be too careful or diligent when protecting their company. When working with clients, we tailor our investigation to the needs of each individual client.”
When hired by a client, Lauth’s investigative team provides an assessment and tailors the investigation to the needs of the specific case. Working with Human Resources, the business is profiled to determine the best course of action.
The most effective way to detect drug trafficking and abuse in the workplace is to conduct a covert investigation planting an investigator within the company. Typically, the investigator goes through the hiring process like any other employee, informing minimal staff, allowing the undercover private investigator to protect their identity and integrity of the investigation.
From there, the investigator fits in with employees, developing friendships to gain information about drug activity. In Lauth’s experience, “Many times, our investigators uncover additional illegal activities, resulting from the initial investigation,”
Periodic background checks can also assist companies in identifying employees who are high risk for illegal activity. “At Lauth Investigations, we recommend conducting background checks of all employees, newer employees as well as those who have worked for the company for several years. A lot can change after the hiring of an individual,” Lauth says.
For those who may be concerned office morale may be damaged, Lauth points out a background check can be conducted legally without the employee’s knowledge. “Background checks can reveal drug offenses, fraud, theft and other criminal activity on record with a police department or court and one of the most important steps a company can take to protect their company.”
For more information contact Thomas Lauth, Lauth Investigations 317-951-1100.
Written by Lauth Investigations Feature Writer Kym Pasqualini.
Spies, Espionage, and Intellectual Property Theft
Government and military entities are not the only ones spying and conducting espionage investigations to protect our national security. More and more corporations and even small businesses are now hiring expert private investigators to conduct espionage investigations and counter-surveillance to protect “trade secrets” and other classified information.
Cases of economic espionage, industrial espionage, corporate spying and corporate espionage are commonly conducted for commercial purposes but can also include personal information that can later be used to blackmail, discredit and control enemies and competitors.
Espionage or “Insider theft” can cause significant personal and financial harm and described as an individual obtaining secret information without the explicit permission of the owner. For example, a corporation or company spying on another company’s activities, collecting data and information for gain or cause damage, most commonly through the doorway of employment.
Espionage involves clandestine activities. Though methods and motives of spying have changed over time, the desire to uncover competitor’s secrets has not. There is a war going on, and spying the primary weapon.
Federal Effort to Combat Economic Espionage
According to a 2015, CNN Politics Report “FBI Sees Chinese involvement amid a sharp rise in economic espionage,” the FBI announced the bureau has seen a 53% increase in economic espionage and intellectual property theft cases leading to the loss of billions of dollars.
The FBI concludes “insider threats” or employees familiar with the inner workings of a company who obtain sensitive industry secrets in exchange for large amounts of cash are becoming more common and pose a significant threat to companies worldwide.
To combat this ever-increasing menace to American businesses, the FBI produced a video “ ” to raise awareness.
Private investigator Thomas Lauth, CEO of Lauth Investigations International, says, “Global trade of fake goods is damaging U.S. markets, along with theft by U.S. retail workers.”
Pirated and imports of counterfeit goods are worth nearly half trillion dollars annually with much of the proceeds going to organized crime, according to the OECD and the EU’s Intellectual Property Office.
“Trade in Counterfeit and Pirated Goods: Mapping the Economic Impact,” reports fake products like footwear, handbags, even strawberries, are commonly presented to the U.S market. While there is significant financial damage occurring, products like pharmaceuticals, toys that are harmful to children, baby formula, and failing auto parts are endangering lives.
According to former Attorney General Loretta Lynch in a 2015 Department of Justice press release, “The digital age has revolutionized how we share information, store data, make purchases and develop products, requiring law enforcement to strengthen our defenses against cyber crime – one of my top priorities as Attorney General, “said Lynch. “Companies like Sony and Target – have demonstrated the seriousness of the threat all business face and have underscored the potential for sophisticated adversaries to inflict real and lasting harm.”
While the Attorney General’s Office, FBI, Homeland Security and law enforcement are allocating more resources to combating intellectual property theft from dangerous outside adversaries, companies throughout the world are encouraged to take the necessary steps to protect their own intellectual property from outside and insider threats.
Insider Theft of Intellectual Property
Experts maintain upwards to 70% of a corporation’s value is found in Intellectual Property (IP). Insider threats come from the inside because the “thieves” are given access to their day-to-day employment.
The value of an organization’s secrets, product plans, customer data, and price lists cannot be underestimated. It becomes necessary to find a balance between productivity and protocol that allows a watchful eye to protect sensitive data and detect insider threat activity. Operational staff should be prepared with information to help them better understand how insiders can damage their agency, and in the various methods used by insiders. They are the front line to help battle IP theft crimes.
Insider thieves commit crimes for varying reasons, to include gaining a competitive business edge, to start a competing business, or personal financial gain.
It is not uncommon for thieves to use networks to send internal server data outside of an organization. The most common method of stealing data is the use of external media such as a writable CD or USB mass storage device. Using corporate email accounts to send information off-site to personal emails and competitors is also common and requires monitoring to prevent such abuse.
It is necessary for organizations to identify risks and develop standards of best practices and policies that address the many ways IP can be exploited. These should include but are not limited to IT Security, removable media policy, controls and inventory, physical security, logs, and indexing tools to identify patterns in behavior. It is especially important to implement heightened security measures during reorganization, acquisition, downsizing, mergers or other organizational events.
Non-Compete Agreements Protects the bottom-line
Employee departures resulting in the scheming of trade secrets and clients has increased significantly in recent years. Many employees leave their employment to begin a similar start-up or pursue freelance work. As a result, it has become common for former employees to approach old clients, steal data, marketing materials and even share negative information to damage their former employer’s credibility.
According to a Wall Street Journal report, with the help of investigators, over the past decade, there has been an increase in the number of departing employees being successfully sued by former employers for breaching Non-compete Agreements (CNC).
Considered one of the most effective ways to prevent the theft of a company’s secrets, having a Non-compete in place and requiring every employee to sign it, can prevent damages that could otherwise last years.
Private investigation firms are playing a significant role in the effort to safeguard information, the detection of costly breaches and providing an evidentuary solution presenting facts when litigation is necessary.
Lauth Investigations International is working to prevent intellectual property breaches, global piracy, counterfeiting and insider threats with data mining experts and field investigators who focus on safeguarding IP and detecting violations utilizing sources that are not commonplace to HR and Operations Supervisors. “It is vital to be able to detect violations to prevent violators from reaping profits and expanding their worldwide market, where damage can extend for years,” says Lauth.
Brand Protection areas include:
Music and Apps
Tools and Hardware
Cosmetics and other Products
Logos and Authentic Branding
Content and SEO Detection and Protection
Plagiarism, Marketing Materials and Website Protection
“Our investigators conduct trademark infringement for brands, large and small, trekking through some of the most complicated cases and vast markets such as Hollywood celebrities, apparel, and electronic clients,” says Lauth. “Our team provides intellectual property and litigation support for small business and corporations working with corporate executives, HR, and those in Operations Supervision to provide research and investigations, crisis intervention, employee screening, vendor and supplier screening, electronic discovery, surveillance, loss analysis, and expert testimony if needed.
Working to protecting your brand
“Our private investigation firm will not only work with key staff and operations supervisors to identify current and potential breaches, we work with companies that operate throughout the world to implement the right policies and safety protocol to help protect their IP into the future,” says Lauth.
Lauth Investigations offers free consultations and guidance to help protect your brand. Following are a few tips to help you better protect your IP.
- Protect web content and marketing materials by utilizing a DMCA account and protection badge.
- Think globally. Obtain trademark protection for worldwide protection.
- Set up a Google Alert to police your brand.
- Obtain IP Protection for Copyrights, Trademarks, and Patents.
- Register trademarks with the US Patent Office.
- Develop a Policies and Procedure Handbook and have each employee review and sign.
- Utilize Marketing Analytics software such as TrackMaven and Travel IQ for online tracking.
- Monitor unregistered infringements.
- Create various divisions for a more controlled environment.
- Create a distinctive mark.
- Develop and implement a Non-Compete Agreement.
For more information about how you can protect your IP, please visit www.lauthinvestigations.com or call 317.644.2788.
Kym Pasqualini, Lauth Investigations Feature Writer