Blog Layout

Theft of Corporate Records

Mar 11, 2019

As a successful sales executive, Mary Marsha was on top of the world. She routinely received job offers from some of her company’s largest competitors. Mary, however, was extremely loyal to her employer and enjoyed both financial freedom and office independence. After all, she was the top booker in the entire organization.


Mary never shared her personal life with anyone in the office. In fact, no one really even knew if Mary was married or not. So when Mary told everyone she was pregnant with her first child, everyone felt it was a bit odd. Her baby wasn’t due for another 7 months, but she wanted to quit working now to prepare – and prepare was exactly what she did.

A few months later, her ex-boss learned that instead of being in her third trimester, Mary was in her third meeting with her ex-company’s best client. Mary seemed to know the “ins and outs” of the account, even though she never worked on it. Her boss became concerned that Mary was not the little lamb he thought she was.


Enter Digital4nx Group . After interviewing several office members, we learned that Mary’s PC was now being used by another employee. We immediately secured the computer and made an image of the hard drive for preservation purposes. As luck would have it, the IT department reformatted the hard drive shortly after Mary’s departure and installed new versions of Windows, Word, Excel, and Outlook.


After applying detailed forensic principles, we were able to reconstruct the drive and retrieve much of Mary’s information. We discovered that the PC at one time had a USB drive connected to it capable of storing 32GB of files without a trace. After a bit of forensic work, we discovered that Mary had created two large Zip files and copied those files to the USB device. A few procedures later, and we were able to restore the two Zip files. One contained a complete listing of all of the company’s accounts. The other contained all proposals written by her previous employer.


Mary was tracked down by conventional methods at her new employer and now awaits trial. It looks like she will go through the pains of her labor after all.


** After solving this matter, the company retained Digital4nx Group to implement a comprehensive Early Case Assessment Strategy to preserve data in the event of another incident.

By Rob Kleeger 14 Mar, 2024
Cyber Security Review has informed Digital4nx Group, Ltd., after their extensive evaluation by their team, that Digital4nx Group is featured as one of the “Top 10 Security Advisory Service Companies 2023”. In addition to the award, Enterprise Security featured Digital4nx Group and their founder Rob Kleeger in their publication online .
02 Apr, 2022
Rob Kleeger speaks to Small business leaders.
01 Apr, 2022
Digital4nx was recently retained in a post-incident response investigation of a highly targeted spear phishing email attack. Based upon the available evidence and confirming with LifeScienceCo (“LSC”), the attack began on or around January 25, 2022. The victims targeted were between the LSC’s Assistant Controller and the accounting supervisor of their Client.  The attack succeeded in having Client divert an approximate $730,000 payment of legitimate invoices to a fraudulent bank account. The attacker appeared to have used a common BEC – Business Email Compromise techniques possibly executing a carefully planned man-in-the-middle (MITM) attack. The attackers use of the lookalike domains technique, present a severe threat. Not only to the originally attacked organization but also to the third-parties with whom they communicated using the lookalike domain. Typically, the attack scheme works by sending phishing emails to high profile individuals in the target organization to gain control of the account and carry out extensive reconnaissance to understand the nature of business and the key roles inside the company.
30 Mar, 2022
Enterprise Security has informed Digital4nx Group, Ltd., after their extensive evaluation by their team, that Digital4nx Group was going to be featured as one of the “Top 10 Digital Forensics Service Companies 2022”. In addition to the award, Enterprise Security featured Digital4nx Group and their founder Rob Kleeger in their publication in print and online .
11 Mar, 2019
I am sure that most people today are simply tired with the consistent news about hacking the election, a financial services firm who has been compromised, or worse your PII (Personally Identifiable Information) and PHI (Protected Health information) is being sold on the Dark Web.  A majority of computer users suffer from “security fatigue” — a weariness of or reluctance to engage with Cyber Security — that leads them into risky behavior online, according to a new study by scientists from NIST (The National Institute for Standards and Technology). In short, they found that users’ weariness led to feelings of “resignation, loss of control, fatalism, risk minimization, and decision avoidance, all characteristics of security fatigue.” In turn, that made them prone to “avoiding decisions, choosing the easiest option among alternatives, making decisions influenced by immediate motivations, behaving impulsively, and failing to follow security rules” both at work and in their personal online activities including banking and shopping. The report’s authors write, “Users are tired of being overwhelmed by the need to be constantly on alert, tired of all the measures they are asked to adopt to keep themselves safe, and tired of trying to understand the ins and outs of online security. All of this leads to security fatigue, which causes a sense of resignation and a loss of control.” These findings have direct implications for businesses that are legally required to protect personal and financial data, including retailers, financial and healthcare businesses, law and other professional marketing services. Cybercrime activities like phishing, spear phishing, business email compromise and social engineering all rely on innocent but unwary employees being led to do the cyber criminal’s dirty work. IF THE US GOVERNMENT, FORTUNE 500 COMPANIES, HIGH TECH FIRMS, FINANCIAL INSTITUTIONS, HEALTH CARE ORGANIZATIONS AND UNIVERSITIES WITH ALL OF THEIR RESOURCES WERE UNABLE TO STOP THE ATTACKS… WHAT POSSIBLE CHANCE CAN A SMALL/MEDIUM BUSINESS HAVE? The answer is: more than you would think. Digital4nx Group, Ltd. recognizes that the greatest vulnerability in most organizations comes from their own people. We have been providing fixed fee “ethical hacking” Security assessments, which we define as, a service where we attack your network and computer systems using real-world tools and techniques in order to find security weaknesses. The goal of an ethical hack security exercise is not to reveal deficiencies in the performance of your IT team, but rather to support them. We often find that IT teams are pressured to make things easy-to-use and functional, maintain software updates and patches, and keep the users up and running. Our ethical hacking assessment aids the IT team, giving them a road-map for making their networks much more secure, identify the sensitive information which the organization maintains, and improve the best reasonable security measures for that organization. Having an independent team of experts audit your security is a valuable tool that is guaranteed to uncover vulnerabilities and greatly increase your level of security. Even small businesses can interrupt this chain of events at several points, making it much more difficult for a cybercriminals to gain a foothold. We commonly find that we gain some of the initial access to a companies systems by tricking users into providing their passwords. Once we have those passwords, we can leverage them to gain additional access to other systems. The below techniques are simple and inexpensive: Make sure everyone in your company understands phishing schemes and how to recognize them. A phishing scam is an attempt to trick someone into providing username and password information to a hacker. Spearphishing is a phishing attack customized to a particular individual. Do not allow people to have administrative privileges on their computers. This prevents them (or viruses acting under their credentials) from installing hacking tools on a computer. Change passwords regularly and use different passwords for different accounts. In other words, the password to your work computer should be different from the one you use on, say, your Yahoo account. Password manager software (such as LastPass, KeePass, Dashlane,…) makes it easy to track and change passwords. Ensure your computers install security updates from Microsoft, Apple, and Adobe automatically. Install antivirus software on your computers Install a firewall if you don’t have one, and review your firewall to tighten it up as much as possible. A firewall is a device that stands between your network and the rest of the world, blocking unauthorized access. Configure spam filters to be as restrictive as possible and use Sender Policy Framework (SPF) records to reduce the likelihood of phishing messages. Confirm backups run regularly and periodically test those backups.
11 Mar, 2019
THE PROBLEM: Advanced IT is a small information technology services company based in the New York metro area. They have an impressive annual revenue of $25 million, and over 75% of the company’s income comes from re-occurring managed services revenue. For ten years, Advanced IT has been servicing established businesses, including start-up small to mid-sized entrepreneurial businesses.  When Advanced IT’s sales started to dramatically decline, the company’s owner, Jack Crowe, called a few clients to understand where they were moving their valued business. Jack was shocked to learn his former Sales Manager, Mark Doyle, had started Super Hero IT Company (“SH IT Co.”), a competitive IT firm. Crowe also learned his former employee was portraying Advanced IT as price-gougers to encourage them to buy from SH IT Co. at a drastically reduced price. Jack Crowe took action and hired The Goe Gettem P.C. law firm, determined to figure out what legal leverage he had against Doyle’s deceitful client poaching. THE SOLUTION: Digital4nx Group was soon engaged by the Goe Gettem legal team, and together they agreed on a plan. Goe Gettem would send Mark Doyle a cease and desist letter advising him to stop poaching Advanced IT’s clients, stop speaking poorly about Jack’s pricing practices, and immediately retain all potential evidence from his unreturned Advanced IT laptop. Once Doyle returned his laptop, Digital4nx would then preserve and analyze any digital evidence to support Advanced IT’s case showing Mark intentionally used proprietary data to steal clients and directly compete with SH IT Co. Within a week of receiving the cease and desist, Mark Doyle returned his laptop. Digital4nx quickly discovered that software named Crap Cleaner (“CCleaner”) was installed, run, and uninstalled after deleting thousands of files and emails. Goe Gettem counsel questioned Doyle on the timing of running the CCleaner, since the deletions occurred after the cease and desist was sent. Doyle insisted he hadn’t yet seen the letter, and the CCleaner was a program normally used at Advanced IT for the general cleanup of laptops. Doyle further insisted he had permission from Jack Crowe to clean the laptop before giving it back; a conversation Jack doesn’t remember. Because of the CCleaner utility, files were renamed and became unrecoverable even with forensic tools. However, Digital4nx was able to clearly see that thousands of files were recently saved to multiple thumb drives; and Doyle confirmed he had no thumb drives available to return. THE FINAL OUTCOME: Mark Doyle never agreed to an out of court settlement, so Advanced IT’s legal counsel used the Digital4nx evidence report to support formal legal action against SH IT Co. The Court papers alleged Breach of Duty of Loyalty and Unfair Competition for poaching client lists and proprietary data files while Mark still worked as an Advanced IT employee. Goe Gettem lawyers also alleged Disparagement over Doyle’s unfortunate choice to speak badly about his former employer to win business. The forensic analysis further revealed the SuperHeroIT.com domain name was purchased several months before Doyle resigning, clearly showing the intention to compete directly. While Digital4nx was unable to recover the deleted laptop files and emails, their digital investigation report proved beyond a doubt Advanced IT’s case: Doyle had used the Crap Cleaner to intentionally delete files causing spoliation of key digital evidence. While Doyle claimed he had Advanced IT’s permission to run the program, and that the program was commonly run on Advanced IT’s laptops to optimize performance, and remove temp junk files and login information, the Court still ruled against him. The timing of Doyle’s mass file deletions after the cease and desist letter was sent was deemed suspicious, and Mark was cited by the Court for intentionally using Crap Cleaner to destroy all potentially incriminating electronic evidence. The judge ultimately ruled in Advanced IT’s favor, instructing jury members to consider Doyle’s actions as an attempt to hide unfavorable evidence that could be used against him.
Share by: