Our client, a large financial services company, became aware of certain claims made by an IT contractor in their employment on a notorious 'hackers' Internet bulletin board.
A security company brought a number of messages on the site to our client’s attention. In them a hacker was claiming that he was using our client’s site to scan and attack other companies, using their high-bandwidth Internet connections. He further claimed he was using our client's systems to download and store copyright media such as games software, films and TV programmes. An investigation by our client’s own security team traced the hacker’s alias to an IT contractor currently working in the company.
To confirm our client’s identification of the hacker, and to discover the truth of the hackers claims.
• Deloitte took the suspect’s computer into possession and performed a forensic analysis. Deloitte retrieved logs and other system files from a number of systems to which the suspect had access.
• Deloitte recovered conclusive proof that the individual identified by our client was, in fact, the 'hacker'.
• Our analysis of the individual’s computer and of the system to which he had logical access showed a little downloading activity, but no attempts to hack other systems. It appeared that the individual’s claims were mostly empty bravado.
• A few of the systems analysed were found to be insufficiently 'hardened', and somewhat vulnerable to inappropriate access.
• The individual in question was dismissed.
• Our client’s server systems were hardened to a satisfactory standard.
This case reflects a growing issue in many Irish companies. The subject of the investigation was the employee of a contractor, but it was our client themselves who suffered the damage to their system. In this case the contractor agreed to permit our client to investigate their employee, but we have worked on other cases where such permission was refused. In such circumstances the process of fully investigating and incident can be greatly complicated. Deloitte strongly recommends that in engaging contractors, particularly those given access to your own computer systems, that the contract include provisions reserving the right to investigate contractors in case of suspected misconduct or malfeasance.
Page Last Updated