Corrections or additions?
These articles by Barbara Fox were prepared for the October 25,
2000
edition of U.S. 1 Newspaper. All rights reserved.
Cybersleuth Startup
International Business Research (IBR) opened a sister
company, Internet Crimes Group, earlier this year. Now the parent firm
has 10 employees and the new group has 12 people — cybersleuths who
investigate inappropriate E-mail, defamation and harassment on
message boards, and hostile websites. Both firms are located above
Hamilton Jewelers at 92 Nassau Street. Cameron Craig is the
president of the new company (609-683-1490; fax,
800-537-8793, www.internetcrimesgroup.com).
“We had taken in various assignments under the IBR umbrella,” says
Michael D. Allison, founder of IBR (www.ibrusa.com). “Our core
constituency is major law firms and Fortune 500 companies that have
been victimized by the anonymity of the internet.”
“We do a robust business in helping companies provide a fair and even
workplace,” says Allison. A frequent cause for investigation is young
and middle-aged women receiving inappropriate E-mail. “Very often it
is from former employees or co-workers. People do things behind a
keyboard they wouldn’t do face to face.”
When they find the bad guys, they investigate them and sometimes refer
them to the FBI. As a result of these cybersleuthing efforts, the
clients might press charges, require the culprits to get counseling or
even just do nothing. “Once their curiosity is satiated, they may
decide that prosecuting the 16-year-old isn’t worth the adverse
publicity,” says Allison.
Much of the work comes through the companies’ investor relations
department. Other work comes when firewalls get hacked, and the
cybersleuths are asked to trace that back to the individual hackers.
Sometimes, he says, the company actually has “invited the bad guys
through the main gate.”
“In the progenitor business we have a lot of competitors,” says
Allison. “Here, we have almost no competitors and the huge
marketplace.”
Allison has a degree in economics from the University of East Anglia
and came to the States in 1984 to work as a press officer with the
British government. That job put him in touch with his future
employer, Kroll Associates, one of the grandfathers of the corporate
intelligence business, and later with his future wife, Nancy, who was
working in the investment banking field. After a short stay with
another business research firm, Allison started his own company in
Princeton, where he has lived since 1987.
Craig, a 27-year veteran of the FBI, grew up on Jamestown, an island
of Rhode Island, and graduated in 1969 from Bridgewater College in
Virginia. In the late ’70s he helped solve the “Pizza Case,” the first
case to link organized crime in the United States (a heroin importing
ring from Sicily) with organized crime in Russia. Later he specialized
in white collar crime.
What happens when an unsuspecting person gets an obscene E-mail from
someone he doesn’t know and gets reprimanded — or even fired — for
having it in his mailbox? Such a case was reported recently, and the
individual involved, an attorney, had to fight to keep his job.
“You and I can be victimized on any given day,” says Craig, “and you
need to show that you do not encourage receiving such material.” If
your employer can prove you also have been the sender of such jokes,
as well as the recipient, you’re toast.
Craig has these tips for employers:
Have an employment policy, perhaps a banner on the screenthat your employees open every morning, with a cautionary statementabout “this computer is not your property, and you can — and may bemonitored.” The policy should include E-mail, Internet, and intranetuse. “If you don’t have a policy,” he says, “you leave yourself wideopen.”Pay special attention to your vendors, yoursubcontractors,and your consultants. “They are in your space and know your systemand your passwords but they do not have the loyalty to the company.””When we get involved,” says Craig, “we can analyze “cookies”(the digital bread crumb trail) for our client, an employer, andpinpoint which hardware a message came from,” Craig says. If themessage came from inside the company, Craig might take a less activerole. If from outside the company, a more active role.But he must always move with caution because the dissenting voicecould, after all, be an important stockholder. And he most take careto move with secrecy. Says Craig: “If our clients wanted publicitythey would go to law enforcement.”Top Of PageInternet SecurityThe banking industry, often excoriated for its supposed hesitancy tokeep up with the latest technology, is having an a technology andoperations planning conference and exposition on Friday, October 27,at 8 a.m. at Forsgate. Sponsored by the New Jersey BankersAssociation, it costs $250, and you don’t have be banker to attend.Call 609-924-5550.”Technology Planning — an Essential (but Often Overlooked)Requirement,” is the topic for Stephen K. Ryan of BISYS. Otherspeakers include “Internet Lending: Facts and Myths” by RayOswald of Fiserv and Peter Southway of Valley National Bank,and “Telecommunications, Combining Your Voice and Data Delivery,” byMary Anne Schafer of Schafer Management.A Research Park-based Internet security firm, Icons Inc.(609-924-2900, www.iconsinc.com) is providing speakers on Internetsecurity and Internet fraud. Terry Burge and recent hireAndrew Gray (he helped solve one of recent the headlining casesof Internet fraud) will address this topic. Their points:Legislative efforts such as the Grahm Leach-Bliley Act willimpact not only the banking industry, but also other industries andtheir customers in the near future. “Align yourself with professionalswho understand the implications of such legislation,” says Burge.Security is a constant cycle of testing, improving, securing andmonitoring. Security professionals (CISSPs, NSA certifiedprofessionals) understand this cycle, and will help their customers toembrace this approach. “Systems are dynamic, and so too, are potentialthreats to a system. By constantly monitoring and testing a system,one is most likely to prevent a system compromise,” she says.”Penetration tests are not a substitute for securityassessments,they are a component of a security assessment.””Current statistics suggest that 70 percent of all attacks orsystem breaches originate from within an organization — disgruntledemployees, employees who are `curious,’ and people with access to yoursystem through a link-up with a business partner — all representpotential sources of unauthorized use.””Take your system security seriously. Assuming that you don’thave anything that someone would want — so called `security throughobscurity’ is not an effective tactic.””Encourage your staff to respect the system and the securitysurrounding it. Your livelihood may depend on it.”Next StoryCorrections or additions?This page is published by PrincetonInfo.com— the web site for U.S. 1 Newspaper in Princeton, New Jersey.
