Shawn BakerCyber Crime ProjectsM57.biz Lab

White Hat H4ck3rzSecurity Consulting Firm

Executive Summary

White Hat H4ck3rz was contracted by M57.biz to investigate a suspected case of Corporate Espionage. An image of the client’s hard drive was loaded into FTK Imager. After reviewing relevant company E-mails and the spreadsheet in question, we have come to the conclusion that an originating e-mail coming from Alison, (The President of M57.Biz) to Jean, (the CFO of M57.Biz) requesting sensitive company information such as Name, SSN, Position, and Salary of current employees and intended new hires.

User “Jean” has shown evidence of receiving numerous spam emails, which in turn started sending spam to “Alison.” This is a classic example of what is known as a computer that is infected with Adware. Consequently, opening one of these e-mails and clicking on the link will infect any computers that were targeted during the forwarding process.

We believe that Alison opened one of these emails and was infected, before asking Jean for the company data.

This is an e-mail originating from Alison July 20th, asking Jean for the company data. Jean replied with a confirmation of the data included in a MS Excel document.

The excel document was actually created by Alison on 06/12/2008, and then updated and saved by Jean on 07/20/2008.

In Alison’s final reply you can see that there is a separate e-mail address of “tuckgorge@gmail.com” following her company e-mail. This is evidence of what is known as “e-mail spoofing”. A malicious 3rd party disguised as Alison, intercepted these transmissions after recognizing the opportunity to sell this confidential data to one of M57.biz’s competitors.

Company employees “Bob” and “Carol” were involved in attempting to uncover the incident, but we believe they had no involvement in any illegal activity. Although they did not intentionally nor willingly participate in the commission of this crime, the fault lies with Jean and Alison for improper storage and transmission of sensitive company data.