A federal investigation into the hacking of a Houston Astros database is ongoing and points to foul play by staff at the St. Louis Cardinals. Forensic work has already been performed on Astros servers in an attempt to identify information about who logged into the Astros database and whether any IP addresses lead to a connection the St. Louis Cardinals.
Chairman of the Cardinals Bill DeWitt Jr. believes the hack was perpetrated by a handful of people; St. Louis Scouting Director Chris Correa was fired last week and it unknown if Correa was allegedly involved.
If true, the hacking of the Astros database by a rival team would be a rare example of corporate espionage in sports.
Investigators are currently reviewing emails, text messages and other communications between employees at the Cardinals organization to identify clues and help guide interviews with suspects.
The last new cyber law that we will cover is the Cybersecurity Workforce Assessment Act (CWWA). CWWA is part of the continued push by U.S. lawmakers to increase the cyber security of critical infrastructure in both the public and private sectors. The CWWA requires the Secretary of Homeland Security to assess the cyber security of the Department of Homeland Security and create a plan to ensure the DHS has an effective workforce.
Overall, the CWWA requires the Secretary of Homeland Security to conduct an “assessment of the readiness and capacity of the workforce of the Department to meet its cybersecurity mission.”
In addition, the Secretary of Homeland Security is required to develop a “workforce strategy to enhance the readiness, capacity, training, recruitment, and retention of the cybersecurity workforce of the Department.”
Finally, the end goal is to have any gaps in the existing cyber security workforce at the Department of Homeland Security identified and filled.
The next new cyber law that we will be discussing is the Federal Information System Modernization Act of 2014. This law amends the Federal Information Security Management Act (FISMA) of 2002, which was the initial framework the Federal government used to create information security guidelines.
The Federal Information Security Modernization Act of 2014 amends FISMA for the purpose of “reestablishing the oversight authority of the Director of the Office of Management and Budget (OMB) with respect to agency information security policies and practices, and (2) set forth authority for the Secretary of Homeland Security (DHS) to administer the implementation of such policies and practices for information systems.”
The new changes will result in less tedious report and focus on reporting issues such as security incidents. Overall, this law is beneficial because it will lead to an increase in network monitoring.
We continue our series on new Federal laws that pertain to Cybersecurity by reviewing the Cybersecurity Enhancement Act of 2014 (CEA).
The Cybersecurity Enhancement Act of 2014 allows the National Institute of Standards and Technology (NIST) to assist and aid the development of voluntary cyber standards and best practices to protect critical infrastructure. This bill codifies the NIST Cybersecurity Framework and places the Federal government in a position to raise public awareness of cyber security risks and advance the U.S.’s cybersecurity.
Interestingly, NIST does not have any regulatory authority and acts more as a “best practices” framework. The goal of the CEA is for public and private adoption of the NIST standards as a way of improving the U.S.’s overall cyber security and awareness.
Today we will begin a series which will look at the new Federal laws pertaining to Cyber space that went into effect in 2015. As technology’s grip on finance and information grows, there will be more and more cyber laws passed in the coming years. Today we will begin by discussing the National Cybersecurity Protection Act (NCPA).
The NCPA is an amendment to the Homeland Security Act of 2002 (HSA). The HSA requires the Secretary of Homeland Security “to conduct cybersecurity activities, including the provision of shared situational awareness among federal entities to enable real-time, integrated, and operational actions to protect from, prevent, mitigate, respond to, and recover from cyber incidents.”
The goal of the law is to identify critical infrastructure sectors that should be aware of cyber threats and taking active measures to protect critical information.
The law designates the following infrastructure sectors as “critical”:
Defense industrial base;
Food and agriculture;
Health care and public health;
Nuclear reactors, materials, and waste;
Transportation systems; and
Water and wastewater systems.
In today’s post, we will discuss an important process in digital evidence collection: the Chain of Custody.
A Chain of Custody is exactly what it sounds like: traceable, chronological documentation of evidence showing the seizure, custody, transfer, analysis and disposition of evidence, whether it is electronic evidence or physical evidence.
Having a verifiable Chain of Custody is of the utmost importance: Your criminal or civil case can literally hinge on whether the opposition can demonstrate that your evidence was tampered with or contaminated. When your opposition can argue that Spoliation of evidence has occurred, your bullet-proof evidence becomes a liability rather than an asset.
Let’s imagine an instance where an employee uses a company-owned computer to download and steal important client information. A forensic examination of the computer will be necessary to identify and gather evidence of the wrongdoing. In order for the gathered evidence to carry any weight, the court will need proof that the evidence was handled correctly by examining the Chain of Custody. The Chain of Custody documentation should demonstrate clearly the identity of all persons who handled the evidence, the duration of their custody, the purpose of their custody, and how and to whom the evidence was next transferred when a transfer occurs.
If you have any questions about the Chain of Custody process, contact us.
Many employers have come to us frantic, “A rogue employee has embezzled from us!” Once we initiate our investigation and interview suspects, we identify the exact dollar amount and determine which controls failed and were exploited by the thief. In almost every instance, the theft has been going on for months, if not years. The perpetrator often attempts to minimize their guilt by only admitting to a fraction of the actual theft. In most cases, clients are still making new discoveries of additional theft months or years after we finish working on their case. This is because a savvy thief will obfuscate their wrongdoing by burying it in a series of transactions, by utilizing shell companies and many other elaborate tactics. One of the most expensive parts of our investigation can be a full forensic audit of our client’s books to identify exactly how and when the theft occurred, especially in cases where we have less than full cooperation from the perpetrator(s).
One recommendation we often make to employers that go through this difficult and traumatic experience is that they install monitoring software on the computers of employees that have a high degree of financial access. Monitoring software is very sophisticated nowadays. Not only will it capture every single word (and password) typed into a computer, it is also capable of taking screenshots every few seconds, allowing you to review exactly what an employee was doing. For example, we have utilized monitoring software in cases where the thief didn’t know that we were on to them. We were able to see them log into their employer’s bank, initiate transfers, and then log into their personal bank accounts to retrieve and move the funds. This allowed us to identify passwords, account numbers and the existence of fraudulent accounts. We have also seen international wire transfers, e-mail and messenger communications between co-conspirators and many other valuable transactions which were later used as evidence by law enforcement. Another benefit is employers can see (in almost real time) where weaknesses exist in their controls and figure out a way to plug the gap. If you feel your business could benefit from the pro-active use of monitoring software, contact us now.
California legislators are weighing whether or not pass a new law that aims to deter vengeful ex-lovers from posting “revenge porn” on the internet.
Under SB-255, posting photos or videos on the Internet that are sexually explicit for the purpose of revenge or humiliating the depicted person would be a crime.
The new law would consider the posting of such materials an invasion of privacy that carries a misdemeanor charge.
Computer Forensics is a dynamic and growing field that is composed of dedicated professionals.
Yet most people aren’t aware that forensic work can cover a variety of topics and disciplines. Whether involved in E-Discovery, Cyber security or Law Enforcement, Computer Forensics has many faces.
A U.S. court has charged 5 men for stealing over 160 million credit card numbers, in what is being considered one of the largest data breaches ever.
Prosecutors in Newark, New Jersey believe the men responsible for the theft and sale of the stolen card information include four Russian nationals and a Ukrainian. The stolen data has led to incredible losses for many major corporations across the globe; prosecutors are claiming hundreds of millions in losses.