This site uses cookies to provide you with a more responsive and personalized service. By using this site you agree to our use of cookies. Please read our cookie notice for more information on the cookies we use and how to delete or block them.

Bookmark Email Print page

System misuse

Computer Forensics

Background:
Our client, a large financial services company, became aware of certain claims made by an IT contractor in their employment on a notorious 'hackers' Internet bulletin board.
A security company brought a number of messages on the site to our client’s attention. In them a hacker was claiming that he was using our client’s site to scan and attack other companies, using their high-bandwidth Internet connections. He further claimed he was using our client's systems to download and store copyright media such as games software, films and TV programmes. An investigation by our client’s own security team traced the hacker’s alias to an IT contractor currently working in the company.

Concern:
To confirm our client’s identification of the hacker, and to discover the truth of the hackers claims.

Deloitte’s Actions:
• Deloitte took the suspect’s computer into possession and performed a forensic analysis. Deloitte retrieved logs and other system files from a number of systems to which the suspect had access.

Deloitte’s Findings:
• Deloitte recovered conclusive proof that the individual identified by our client was, in fact, the 'hacker'.
• Our analysis of the individual’s computer and of the system to which he had logical access showed a little downloading activity, but no attempts to hack other systems. It appeared that the individual’s claims were mostly empty bravado.
• A few of the systems analysed were found to be insufficiently 'hardened', and somewhat vulnerable to inappropriate access.

Results:
• The individual in question was dismissed.
• Our client’s server systems were hardened to a satisfactory standard.

Comments:
This case reflects a growing issue in many Irish companies. The subject of the investigation was the employee of a contractor, but it was our client themselves who suffered the damage to their system. In this case the contractor agreed to permit our client to investigate their employee, but we have worked on other cases where such permission was refused. In such circumstances the process of fully investigating and incident can be greatly complicated. Deloitte strongly recommends that in engaging contractors, particularly those given access to your own computer systems, that the contract include provisions reserving the right to investigate contractors in case of suspected misconduct or malfeasance.

Page Last Updated

Material on this website is © 2013 Deloitte Global Services Limited, or a member firm of Deloitte Touche Tohmatsu Limited, or one of their affiliates. See Legal for copyright and other legal information.

Deloitte refers to one or more of Deloitte Touche Tohmatsu Limited, a private company limited by guarantee, and its network of member firms, each of which is a legally separate and independent entity. Please see www.deloitte.com/ie/about for a detailed description of the legal structure of Deloitte Touche Tohmatsu Limited and its member firms.

Get connected
Share your comments
More on Deloitte
Learn about our site