By: Kym Pasqualini, Feature Writer for Lauth Investigations
Have you ever found a $20 bill in your laundry and felt you just won the lottery? Most people would be ecstatic to realize they forgot to empty their pockets but what happens to money you don’t know exists? Hundreds, maybe thousands of dollars.
You may be surprised how many people in this country have unclaimed assets they may never know existed . . . unless they look for it.
Currently, it is estimated local, state and federal agencies collectively hold more than $58 billion in unclaimed assets, roughly $175 for every U.S. resident. However, experts estimate there may be as much as $100 billion languishing in unclaimed cash and benefits held in local, state and federal agencies. We do know, daily, the amount of unclaimed funds increases.
According to the National Association of Unclaimed Property Administrators, every state including the District of Columbia, Puerto Rico, and the U.S. Virgin Islands has lost assets, commonly referred to as unclaimed funds.
What are Lost Assets?
The unclaimed property law or escheatment was first enacted in 1954. The purpose of the act is to provide a central repository in each state, so citizens can seek lost assets belonging to them. Each state maintains a comprehensive list of the unclaimed assets.
Unclaimed funds are financial assets owed to an individual or business not claimed or have unknown ownership. Examples of unclaimed assets or funds are the following:
Uncashed payroll checks
Dormant bank accounts
Safe deposit boxes
Refunds
Customer overpayments
Security deposits
Insurance payments
Unclaimed dividends
Unclaimed securities
Traveler’s checks, money orders, cashier’s checks
Principal on debt
Escrow balances
Old stock certificates
Mining Certificates
Mineral royalty payments
Retirement
Property held by courts and other governmental agencies
All businesses must forward all unclaimed funds or property to their state in accordance with their state’s escheat laws. Ideally, the state holds unclaimed funds in a trust and attempts to locate the rightful owner – except it doesn’t always work in that way.
Unfortunately, since 2006, a mere 5% of lost assets has been returned to rightful owners.
The Escheatment Process
Unclaimed property is governed by state laws requiring all unclaimed assets be turned over to the state to be held in trust. For example, if a bank account is inactive for a lengthy period, commonly within one year, the state can claim the funds in the account through a process known as escheatment.
Escheatment accounts are defined as dormant, unclaimed or abandoned. For instance, banks are responsible for reporting unclaimed property to the state after a certain amount of dormancy. Each state has a different time frame before the state escheats the assets to safeguard them.
In Arizona, a financial institution must report securities property after a period of 3 years dormancy and bonds after two years.
The laws are strict. A company could be fined by the Arizona Department of Revenue a civil penalty of 25% of the value of the unclaimed asset or abandoned property or $100 per day up to $5,000.
The only tangible property covered is the contents of safe deposit boxes. However, for contents of safe deposit boxes, periodic auctions are conducted by most states and proceeds from the sale of items are held for a rightful owner.
While unclaimed, the policy for unclaimed funds is they should be used for the “greater good” of the public, until such time as it is returned to the rightful owner. Without affecting the state’s obligation to return unclaimed funds, collections are used to finance operations such as public schools and college scholarships.
In 1951, the U.S. Supreme Court stated in the Standard Oil Co. vs New Jersey case, “Property that escapes seizure by would-be possessors and is used for the general good rather than the chance enrichment of particular individuals or organizations.”
In 2015, $3.235 billion was returned by state government unclaimed property agencies to rightful owners or heirs.
What is an Heir?
An heir is the “rightful owner” of lost assets/funds or a person in ranking who is entitled to inherit property if the rightful owner is deceased, sometimes referred to as a logical heir.
An heir can be an individual or a company such as a business or corporation, church or charity, or hospital.
Defining the Source
A government database of centralized information does not exist; therefore, each federal agency maintains its own records. When looking for lost assets this can create confusion and, in reality, often makes the property hard to find.
United State Treasury reports an estimated 25,000 payments are returned as undeliverable.
US Bankruptcy Courts reports approximately $200 million dollars is waiting to be claimed.
Class Action Lawsuits have generally 95% of the funds as unclaimed.
Savings Bonds show an estimated 40 million savings bonds have gone unredeemed, equaling an estimated $16.5 billion dollars.
Life Insurance reveals there is approximately $1 billion dollars unclaimed due to lost or unknown policies.
Lost assets can be found in the most unlikely places.
In an Oklahoma News 4 report, the Oklahoma Corporation Commission spokesperson Matt Skinner said, “You were someone who had an ancestor who owned minerals in 1910, [and] that’s still the name on the minerals, then if you can prove those minerals were part of an estate that came to you, you would get the money that is in the fund.”
For any given property, there might be dozens, sometimes hundreds, of oil and mineral owners. Much of the time, people are second and third generation and the original rights are still in the parents or grandparents names who have passed away.
While each state maintains their own database, the resources to find the owners of the property are minimal, even nonexistent. Some states advertise on their websites and others in the local newspapers. Clearly, with only 5% return on total lost assets, these methods are not effective.
With the lack of a national database, finding lost assets can be difficult for most individuals and makes it necessary to find help.
Finding Heirs
Prior to turning over unclaimed property to the state as required by law, businesses or holders of lost funds may conduct due diligence and often hire companies, referred to as heir finders, to assist in finding the rightful owner of unclaimed assets.
Most states require heir finders to be licensed private investigators to protect consumers.
One may think they don’t need a private investigation firm to represent them; however, there are many benefits to hiring a private investigator to locate lost assets. Experts say it is beneficial to work with professionals who are familiar with specific state laws where the property is located and the ability to obtain procurement of documents and certificates while working efficiently for the client.
Rain Lauth of Lauth Investigations International Lost Assets Division, specializes in finding lost assets and works closely with local, state and federal agencies to provide assistance to consumers, stresses the importance of working with licensed private investigators when searching for lost assets and filing claims for ownership.
“They will be familiar with all the forms that will be filed, the proper identification, probate laws, court properties, co-claimants, death certificates and other required information,” says Lauth.
Lauth Investigations has returned over $15 million to rightful owners since 2013 with an overall success rate of 98% on all claims.
“We take great pride in working with our clients in a caring and professional manner,” said Lauth. “Often the process of locating and claiming lost assets can be an overwhelming experience, but with our extensive resources and a highly skilled team, we diligently seek to make the process of documentation of ownership a painless experience for our clients,” added Lauth.
From Latin, it means “buyer beware.” It’s a phrase that conjures scenes from the famous tale of “Jack and the Beanstalk.” Young Jack’s mother, filled with shame and frustration, regrets sending her son to market after finding out he’d sold their most valuable possession—their cow—for a handful of beans. Jack’s mother feared her son had been a victim of consumer fraud, and unfortunately, it is far from fiction.
In many ways, capitalist America is the perfect hunting ground for the man with the magic beans. America is one of the largest consumer nations on the globe. Securing an excellent deal on goods and services means bragging to your friends about how you got the new lawnmower for a song. The consumer feels intelligent and capable, as if they managed to somehow trick the store or salesperson into giving it to them at an attractive price. American consumers chase this feeling by attending special sales, racking up credit card debt, and turning coupon-clipping into an Olympic sport—all in the interest of outsmarting the man with the magic beans.
Luckily for American consumers, there are institutions that help protect them from consumer fraud, such as the Better Business Bureau, which identifies problematic businesses that might swindle American consumers out of their hard-earned money. There’s the Federal Trade Commission, a government agency policing business practices and policies to protect American consumers and regulate competition within industries to maintain a healthy, well-balanced economy. In the long century since both of these institutions were established, the man with the magic beans has also changed and evolved, just like any predator.
One of the most common types of consumer fraud in America is mortgage fraud. Owning one’s home is still very much a part of the American dream. Americans shop for homes for months, searching for the certainty they will not overpay for their homes. Those who have morbidly derelict credit are afraid to answer the phone, desperate to evade bill collectors, petrified of losing their home. They are perfect targets for criminals running foreclosure-rescue schemes. The Federal Bureau of Investigation defines it as “perpetrators profit by selling the property to an investor or straw borrower, creating equity using a fraudulent appraisal, and stealing the seller proceeds or fees paid by the homeowners.” Perpetrators convince the debtor they can transfer their poor credit into the name of a third-party investor (i.e. the perpetrator), renting their property until such a time their credit is once again in sufficient standing. The perpetrator fails to make the mortgage payments on behalf of the victim and pockets the profit.
As technology advances, there are more convenient ways to pay for goods and services with the rise of electronic pay, using applications and online services to pay bills. It might be the best way to avoid another common type of consumer fraud: debit-card fraud. Many Americans are familiar with credit card fraud but might believe their debit cards are safe. Ken Stalcup, a certified fraud examiner working with Somerset in Indianapolis, identifies these types of fraud for a living, but even he is not immune to consumer fraud. He was just paying the bill at a restaurant. The waitress disappeared out of sight with his debit card to clear his bill, and when she returned, nothing was amiss. However, Stalcup’s bank was alerted when it appeared his debit card was used to purchase computer equipment almost halfway around the world. The waitress had sold his card information, enabling other criminals to steal from him. His advice to other vulnerable consumers is to “avoid letting their debit cards out of sight and check their accounts daily.”
One of the most devious forms of consumer fraud is charity frauds. Fake charities are set up with the intention of exploiting humanity’s capacity for the desire to help those less fortunate than oneself using the same system that real charities use to collect legal donations. According to a 2011 statement by the FTC, they received more than 30,000 reports of people making donations to fraudulent charities. Just as easily as Americans are vulnerable to a good deal, they are also vulnerable to putting their money towards a charitable cause, whether out of actual benevolence or the appearance of such. These predators are especially fond of slithering out of the woodwork in the wake of natural disasters such as hurricanes like Katrina and Maria that devastated both New Orleans and Puerto Rico respectively. These tactics add a brand-new level of sleaze to consumer fraud, taking advantage of the American need to help their fellow man.
In addition to remaining an informed and skeptical consumer, there are other ways you can protect yourself from consumer fraud. Enlisting the help of a private investigator or a similar inquisitive entity can help you protect yourself from scams like those mentioned above and resolving these frauds after they are perpetrated. A private investigator’s job is to serve the specific needs of their client, diligently capturing the entire picture of how severely the consumer might have been affected by a particular fraud. Of course, they can be a perfect tool for exposing the agencies that claim to want your money and knowing exactly where the money is going. Local authorities are often overwhelmed by crime statistics that force them to practice triage when dealing with different types of cases. Private investigators have an invaluable list of tools at their disposal, which they can often use without the restraints legislation places on law enforcement. Whether you’re outsourcing to a third party or taking your personal consumer protection into your own hands, never let your guard down when it comes to the man with the magic beans.
By: Kym Pasqualini, Feature Crime Writer for Lauth Investigations
Open-source intelligence (OSINT) is the collection of data from publicly available sources to be used in the context of intelligence. Within the intelligence world, the term “open” refers to overt, meaning sources available publicly, opposed to clandestine or covert sources.
OSINT is not a new concept. It has been in use for decades. However, with the arrival of instant communication and fast information transmission, a significant amount of predictive and actionable intelligence can now be obtained from unclassified public sources.
OSINT should not be confused with public intelligence or open-source software.
The U.S. Director of National Intelligence and the U.S. Department of Defense (DOD) define OSINT as information produced from publicly available information collected, exploited, and disseminated in a timely manner to an appropriate audience for the purpose of addressing a specific intelligence requirement.
In short, open source acquisition involves procuring written, verbal or electronically transmitted material that can be obtained legally without any type of clandestine collection techniques.
Background of OSINT
OSINT’s originates with the pre-Central Intelligence Agency (CIA). The formation of the 1941 Foreign Broadcast Monitoring Service (FBMS) was born during World War II and evolved into the 1967 Foreign Broadcast Intelligence Service (FBIS), the predecessor of the Open Source Center of today.
Acquired by the CIA in 1947, FBIS emerged as the only recognized service organization trained and equipped to monitor and process foreign broadcasts for the benefit of all government agencies needing the service.
Coverage worldwide, to the extent it exists today, was beyond the dreams of those who lived in that era.
In 2005, following the 9/11 attacks, the Director of National Intelligence Agency, Porter J. Goss, announced the creation of the DNI Open Source Center. The Center is designed to collect information available from databases, radio, television, video, geospatial data, photographs and commercial imagery.
OSINT Information Flow Categories
Media to include newspapers, obituaries, magazines, television, and radio worldwide.
Internet includes, but not limited to, online publications, discussion groups, blogs, citizen video (user created content and video), Facebook, YouTube, Twitter and other social media websites.
Commercial Data includes commercial imagery, industrial and financial assessments and databases.
Grey Literature: patents, working papers, business and corporate documents, newsletters, technical papers, and unpublished works.
Professional and Academic publications obtained through journals, symposia, academic papers, journals, theses, and dissertations.
Public Government Data: telephone directories, press conferences, websites, speeches, budgets, hearings and other public government reports.
There are various disciplines of OSINT and the methods and applications are almost endless.
The New OSINT
Ten years ago, open source information was scarce; however, in recent years OSINT has taken on an entirely new meaning.
Back in the day, people were primarily found by searching a phone book. Today, people are increasingly comfortable with sharing their personal information and a treasure trove of information for those who want it.
According to Statistica, it is estimated there will be 2.77 billion social network users around the globe in 2019. Social media has become an excellent and consistent source of information.
While, decades ago the problem was shortage of open source information, the biggest difficulty now, is filtering through an overabundance of information.
Some examples of OSINT resources are:
Internet directories containing personal information, residences, relatives, demographics, employment, contact information.
Social networkingsites provide personal information, friends, family members, interests, photographs, videos, and activities.
Online reviews provide interests, purchases, activities and lifestyle.
User contributed information could be a blog, hobbies, opinions, and expertise.
Academic sites provide information related to education, business conferences, associations, and academic papers.
Company websites have personnel listings, backgrounds, location, duties, services, and contact information.
News sources provide topical information, reports, events, personal history, obituaries, and contact information.
Government sources provide personal information, criminal background, court activity, minutes, locations, demographics, tax records and other financial data.
Social Media Monitoring and Geofencing
Companies like Echosec, based in Victoria B.C., offers a web platform to draw what is called a “Geofence” allowing users to pinpoint a location of interest on a map and obtain information within selected parameters, then filter searches by keyword, hashtag, or username within the geofence.
Echosec’s real-time social media mapping connects virtual communities to real-world locations and gives new meaning to Geographic Information System Mapping (GIS). A powerful research tool combining GIS and OSINT.
This is becoming a popular method of analysis for retail, branding, journalism, private investigation, and finance, collecting what Echosec calls “hyperlocal insights” for better business and breaking news stories.
Google, Yahoo, Bing and other traditional link-crawling search engines do not typically access the information professionals using OSINT research techniques and resources can provide.
Embracing Geolocation
Geolocation is one of the most valuable resources used today. For example, videos and photographs shared publicly often contain information where the photographs originated.
Most of us post pictures of ourselves and our friends, tagging each other during a vacation at the beach or out on the town. A geotagged picture is a post that attaches a “geotag” which is the physical location to the post. It allows users insight to their followers, where they are, and what they are doing.
Social media and Geo-location monitoring of open-source information has been more frequently used by law enforcement and private investigators to conduct investigations. Whether a missing person investigation or background check, basic and even critical investigations can benefit from OSINT.
For example, a person is reported missing and frequently posts photographs on Snapchat, Instagram and Facebook. Investigators can access the geotags and see where the person was last and often see who they were with, allowing the investigating agency the ability to immediately expand their investigation.
Open Source Private Investigations
Many private investigators are now specializing in open-source intelligence and social media investigations, referred to as Social Media Intelligence (SOCMINT). While much of the information is available publicly, there are many reasons why an individual would choose to hire a private investigator.
Private investigators have become experts in the field of open-source intelligence investigations.
Simply, private investigators know how to search, where to search and what to search for, making hiring a private investigator a more efficient choice. Private investigators know if the information is online, in a state repository, library or the courthouse.
Information that can be obtained includes but is not limited to the following:
Voter registration
Bankruptcy records
Corporate records
Property records
Probate records
Divorce records
Marriage records
Court records
Criminal records
Due diligence
Business information
Financial information
Whether a private individual or a business, obtaining the right information often leads the investigation in a specific direction. Private investigators of today are the next-generation of private intelligence providing services such as:
Fraud Investigations
Competitive Intelligence
Counterintelligence
Intelligence Collection
Internet Investigations
Email Tracing
IP Investigations
Financial Investigations
Asset Investigations
Pre-investment Investigations
Difficult to locate
Missing Persons
Background Investigations
Knowing when to use a private investigation firm can help hasten an investigation. The service of these firms can make life easier because it requires more than just knowing how to use the Internet. And when all resources are exhausted, a good old “gum shoe” detective can investigate – boots on the ground.
Protecting Your Business with OSINT
Thomas Lauth of Lauth Investigations International uses his nearly 20 years experience working with both private and business sectors. “Open-souce Intelligence or OSINT isn’t a common term used in the business world; however, I can assure you it is a dynamic method of information gathering for businesses in this day and age,” said Lauth.
(Open-source intelligence is being used more frequently to protect company’s information.)
The importance of OSINT is business can’t be exaggerated. It is a matter of gathering intelligence from publicly available sources and analyzing that information for connections and actionable intelligence that would not be normally publicized. In fact, there may be information about your own company available publicly that can make it easier for someone who is considered an “insider threat” or conducting a social engineering campaign to obtain proprietary or damaging information.
“Conducting periodic OSINT for your business, assessing the risks, and addressing vulnerabilities can save a company from failure,” add Lauth. “It is a recommended and necessary action item for all successful businesses.”
OSINT is contained in company websites, reviews, Google searches, along with newspapers, geo-location data within images, company reports and other publicly available data. Often overlooked is social media. Companies and employees often provide more information to hackers or “insider threats” than realized.
Criminals can exploit easily obtained information to conduct scams or a social engineering campaign against a business. In fact, criminals use OSINT too – only for their own devious purposes.
To exploit weak links, criminals or “black hats” can spend weeks, even months researching employee email addresses, current projects, employees that manage money and monitor their social media. They will even study the way employees communicate with each other, gathering the information to create convincing phishing scams and social engineering attacks.
The information collected to conduct these criminal activities is not obtained by hacking into the company, it is obtained by gathering publicly available information.
“The trick is to stay one step ahead of the criminals,” said Lauth. “When working with clients, we ensure we identify vulnerabilities and the process is conducted effectively, efficiently and confidentially.”
The bottom line, by exercising due diligence, using OSINT, and reviewing your own publicly available information, you can protect yourself and your company.
Written By: Kym Pasqualini, Feature Crime Writer for Lauth Investigations
Penetration testing, intrusion testing and red teaming are some of the terms used for ethical hacking.
The word “hacking” almost always has negative connotations. It seems the mention of Chinese hacking, Russian hacking, or DNC hacking receives constant mention in our 24-hour news cycle.
Ethical hacking is also referred to as penetration testing, intrusion testing and red teaming, coined by the government during the 1970’s when they first hired ethical hackers to break into the United States government’s computer systems to test for vulnerabilities.
It is estimated “hackers” cost the United States more than $445 billion annually.
In a Fortune article “Data Breaches Now Cost $4 Million on Average,” according to IBM’s security division, the cost of a breach per incident has risen to $4 million, up 29% since 2013. “We’re now in a mode where these attacks are going to happen even to people that are well prepared,” said Caleb Barlow, a vice president at IBM Security.
Hackers cost the US government and corporations billions annually.
According to Fortune, hackers and cybercriminals cause most breaches, and more than half of data exposures are caused by malicious attacks; the rest are caused by mistakes or glitches.
Ethical hacking is a growing profession utilized by the United States government, technology companies and other institutions.
In the field, experts refer to three major types of hackers:
White Hats: Security professionals or “ethical hackers” who use their expertise to strengthen a network and secure it from criminals.
Black Hats: Malicious hackers or “crackers” who use their skills for malevolent purposes. White hats work to protect computer structures from the Black Hats.
Gray Hats:Iindividuals who become white or black hats depending upon the circumstances and generally proclaim being an ethical hacker.
Many large corporations, such as IBM, employ teams of ethical hackers to keep their IT systems secure.
Why Ethical Hacking is Important
With every breach reported in the media, the need for more effective information security is becoming increasingly evident.
New technologies such as cloud computing, IT outsourcing, and enterprises must adjust their security practices and policies to combat the threat of malicious hacking. To combat threats, ethical hacking is rapidly gaining attention as an essential security practice to be performed on a regular basis.
“The increased sophistication and success rate for recent cyber-attacks is directly related to the shift in the attacker profile, indicating that nation-states and large criminal organizations are funding well organized, highly motivated, and well-trained teams of programmers,” said Chris Rodriguez, Analyst for Frost and Sullivan. “The elevated threat landscape therefor, urgently dictates the need for a comprehensive, real-world assessment of an organization’s security posture,” said Rodriguez.
Ethical hacking provides objective analysis of an organization’s security stance for organizations of any size. Ethical hacking has become a mainstream service, as companies of all sizes pursue expert, objective, third -party analysis.
What is an Ethical Hacker?
Ethical hacking is an ambiguous term used to describe hacking performed by an individual or organization to help penetrate or gain access to identifying potential threats on a computer or a network infrastructure. In short, ethical hackers are simply computer programmers who use their skills in a constructive manner.
Ethical hackers can attempt to bypass security systems to isolate weak points malicious hackers could exploit. In the effort to eliminate or reduce potential criminal hacks, the information gained by the ethical hacker is then used by the company to make improvements to security.
Some may say there is no such thing as an “ethical” hacker. Simply “hacking is hacking” but the most notable hackers are known publicly as cybercriminals or computer criminals because of the damage they inflict on companies and individuals nationwide.
A highly publicized hacking incident where personal information is compromised can damage a company or organization for years.
A cybersecurity professional can have a range of expertise, anywhere from maintenance, administration, architecture, forensic investigation of secure networked systems that are increasingly necessary for the sake of operation of businesses, nonprofits, governments and medical, and educational institutions.
Even training is offered by the International Council for E-Commerce Consultants (EC-Council). The Certified Ethical Hacker (CEH) exam is made up of approximately 125 multiple choice questions and costs about $500 with additional IT certifications available. Training is entirely voluntary.
Ethics
For hacking to be ethical, a hacker must abide by the following informal rules:
Permission to access the network to identify potential security threats.
Respect individual’s right to privacy.
Treat all data, material, and findings as confidential.
Ethics play a vital role in hacking and differentiating innocent activities from computer crimes. Hacking is ethical if the skills are used to enhance a network system. But the issue of ethics can be very risky when one does not know a person’s motivations. With no formal code of ethics or code of honor, this void creates external forces to determine how to respond when ethical predicaments arise.
An ethical hacker will ensure the client’s IT system is properly evaluated for security issues and vulnerabilities, while protecting sensitive, personal and confidential or proprietary information. While accessing an organization’s system, the respected ethical hacker’s integrity will guide the actions of the ethical hacker.
Security Risks
While ethical hacking presents advantages to increase security to protect IT systems and assets, any organization implementing ethical hacking must consider any negative impacts that may arise from the practice.
An ethical hacker is typically contracted to hack the organization’s system. Hiring outside is usually preferred to start from scratch and simulate potential external hacks.
While there is an advantage of ethical hacking because it supports the organization’s efforts to gain more knowledge about the IT Security by identifying vulnerabilities, the main disadvantage is it presents risks of information disclosure. An outsider could intentionally or unintentionally disclose a company’s proprietary information to outside parties.
A dark side always is present where dishonest people will attempt to exploit others. Some risks of working with ethical hackers include:
The ethical hacker using their skills to conduct malicious hacking activities.
Massive security breaches.
Potential the ethical hacker will place malicious code, malware, viruses or other potentially damaging things on a computer system.
Allowing company’s financial, banking, or other proprietary information will be accessed.
Working with an Ethical Hacker
The benefits of working with an ethical hacker are obvious; however, many are overlooked, ranging from simply preventing malicious hacking to preventing national security breaches.
Before implementing any ethical hacking, an organization must ensure the ethical hacker understands the nature of the client’s business, computer or network system. This will help guide the ethical hacker in handling any sensitive confidential or proprietary information they may encounter.
The leadership in a company or organization must determine the sensitivity or confidentiality of the information involved. This will help ensure the ethical hacker does not violate laws, rules or regulations in handling sensitive personal, financial or proprietary information.
There are several guidelines to use when working with an ethical hacker:
An ethical hacker should create a plan including: identifying all networks and components they will test; detail testing intervals; detail testing process.
Require transparency while working with an ethical hacker, requiring all relevant information be reported while the system or network is being accessed. Transparency ensures the client to make immediate decisions and take necessary actions to maintain the security of the system or network.
Establish target areas with written work agreements requiring the ethical hacker not to work beyond those parameters to minimize exposure of sensitive information. The ethical hacker should not access other areas on the computer or networks not specified in the agreement.
Developing a non-disclosure agreement may be in order prior to contracting with an ethical hacker.
Legal Risks
There are legal risks to include lawsuits involving disclosure of personal and confidential information possibly leading to a legal battle involving the organization and the hacker if the work is not done properly. Also, if the hacker makes errors compromising the IT network or company security, it is possible to negatively impact the organization’s general operations and profitability.
With cyberspace growing exponentially over the last decade, complex legal issues have led to the birth of a highly specialized branch of law. Cyber Law or Internet Law pertains to Internet and computer technology related offenses, especially copyright infringement and fraud that involve computers, software, hardware, and information systems (IS).
The Information and Technology Act, 2000 (IT Act) covers all types of cyber-crime, including hacking as provided under sections 43 and 66 which covers negligence and computer-related offenses.
Cyber Law prevents or reduces large-scale damage from cybercriminal activities by protecting information access, communications, privacy and intellectual property.
Ethical hacking is rapidly gaining attention as an essential business practice. Regardless of risks, companies large and small benefit from the work of ethical hackers by protecting a company’s most valuable data and protecting their bottom line.
Written By: Kym Pasqualini, Feature Crime Writer for Lauth Investigations
When we think of a spy, given the national news cycle, it may conjure up thoughts of Russians or the Chinese who have been long known for hacking and espionage. However, even more common, but much less talked about, is the business mole, and almost every business in America is susceptible.
Every business sector is vulnerable to Corporate Espionage costing businesses billions of dollars per year.
April 10, 2011, Joseph Muto was hired to work for the top-rated “O’Reilly Factor” but within 3 days, he was discovered by Fox employees to be anonymously writing for Gawker. In the span of 72 hours, Muto wrote a series of articles detailing the internal workings of the network, along with stealing and selling raw video clips. In 2013, he pled guilty to two misdemeanor charges and was dubbed the “Fox Mole.” He was fined $1000 and sentenced to over 200 hours community service. At sentencing, he said he wished he had never betrayed his former employer.
United States industries spend more on research and development of unique products and processes than any other country in the world. The key to success is having an “edge” in the business world. Whether a media company, software developing company or bakery, keeping an edge is key.
When someone steals those “trade secrets”, it is called economic espionage and costs American businesses billions annually. Damages can severely destabilize the victim company to include lost revenue, lost employment, lost investments, interruption in production, damaged reputation, and can even result in a company going out of business.
Corporate espionage conducted by spies or moles believe computers are irrelevant. It is about what data they want, what form they take, and how they can steal it.
The Company Man
The Federal Bureau of Investigation (FBI) states no business, large or small, is immune to the threat of moles and/or spies. Any proprietary process, product, or idea can be a target.
To raise awareness, the FBI in collaboration with the National Counterintelligence and Security Center has launched a nationwide campaign and released a short film called “The Company Man: Protecting America’s Secrets,” based on a true story. Mr. Moore is both unappreciated and unhappy with his career as an engineer at a glass insulation and fire-retardant firm. He is targeted on LinkedIn by a competitor who offers him a position in a rival firm. At first, Moore declines because he signed a non-compete. He is then offered $200,000 to obtain plans for equipment and formula for the glass insulation produced at his firm, RIS.
The FBI states many things drive a person to betray the company where they work.
Moore makes the decision to go to his current boss who then contacts the FBI who initiates a sting. A true story, there was an arrest in the case. However, this may not be the decision every employee would make – which makes every employee a liability in a 400 billion, in the dark. underbelly of America’s global economy.
Spotting Insider Threats
What drives a mole? The FBI states company moles are often “overwhelmed by life-crisis or career disappointment” driving them to leak information.
With email, cell phones, and jump drives, stealing information is far easier than in the past. Greed and financial need, unhappiness at work, the promise of a better job, drug or alcohol abuse, and/or vulnerability to blackmail, can all be contributors, says the FBI.
The FBI says employees who leak trade secrets, such as plans, customer databases, etc. will exhibit behaviors other employees can often identify to help prevent breaches.
Your employees may be the first line of protection when combatting the insider threat.
Potential Indicators:
Drastic changes in behavior, demeanor, or work habits.
Unexplained affluence.
Financial hardship.
Substance abuse.
Attempts to circumvent security procedures.
Long hours at the office without authorization.
Taking home proprietary information.
Unnecessarily copying materials.
Using an unauthorized USB drive.
Unusual use of cell phone during business hours.
Asking inappropriate questions.
Suspicious relationships with competitors.
Leaving traps to detect searches of their office.
Based on FBI’s studies, additionally, there are more subtle things to look for:
Someone hired to steal company information will be experienced in the operation of a business and will be able to identify the value of your company’s trade secrets.
Corporate spies are everyone’s friend. To gain access to a company in order to steal information, a mole will be socially adept with the ability to manipulate people to gain their trust.
Individuals who are frequently wandering or talking in locations they do not need to be to complete their job. Someone who reflects a pattern will always have a reasonable excuse as to why they are not in the correct area or talking to specific employees.
Employees who keep trying to re-open decisions already settled and question advisability of decisions.
They act envious.
Vulnerabilities – Getting Access
Once inside, a mole has a lot of ways to access sensitive information. Spies can even work in pairs, possibly one as a consultant and the other an employee. When you have valuable information, never underestimate the methods others will use to gain access to it.
Spying can be as easy as photocopying papers found on unattended desks or at printers. Walking into an empty meeting room with a laptop and pulling data off the network.
A common ploy is pretending to be an employee. Another ploy often used, posing as IT personnel because it enables the individual to look legitimate while accessing network access points and sitting at someone’s computer. In other cases, spies have posed as cleaning staff, gaining access after-hours.
Criminals capitalize on the common assumption if you are in the building, you must be okay. Investing in your company’s staff to raise awareness is the best investment a company can make.
According to InfoWorld, Peter Wood, Chief of Operations at First Base Technologies, a U.K. based consultant firm performing ethical hacking services, “Spies are interested in anything from financial data to intellectual property and customer data. They might steal information for blackmail purposes, but the most common motive for physical intrusion is industrial espionage.”
Wood says the most common way to intrude upon a company is posing as an employee or a visitor, even creating convincing costumes to pose as a legitimate visitor such as telephone, electrical or maintenance person, a burglar alarm inspector, even someone from the fire department.
Protecting Your Trade Secrets
The FBI lists several ways to protect your workplace from insider threats.
Recognize the threat.
Identify and value trade secrets.
Implement a definable plan for safeguarding trade secrets.
Secure physical trade secrets and limit access to trade secrets.
Provide ongoing security training to employees.
Use protective tools such as screensavers with password controls.
Classify information and store accordingly.
Secure the workplace so visitors do not have access without security screening.
Encrypt data and require strong passwords for employees with liberal access rights.
Develop an insider threat program.
Proactively report suspicious incidents to the FBI before your proprietary information is irreversibly compromised.
Ask the FBI or other security professionals for additional awareness training.
At times, companies are hesitant to report such activity for fear they will risk their trade secrets being disclosed in court or compromised in any way. The FBI will do all it can to minimize business disruption, safeguard data and privacy, and will seek protective orders to preserve business confidentiality and sensitive information. The Department of Justice also has a variety of protections in place to ensure information is protected during a criminal prosecution.