Internet Security

Corrections or additions?

These articles by Barbara Fox were prepared for the October 25,


edition of U.S. 1 Newspaper. All rights reserved.

Cybersleuth Startup

International Business Research (IBR) opened a sister

company, Internet Crimes Group, earlier this year. Now the parent firm

has 10 employees and the new group has 12 people — cybersleuths who

investigate inappropriate E-mail, defamation and harassment on

message boards, and hostile websites. Both firms are located above

Hamilton Jewelers at 92 Nassau Street. Cameron Craig is the

president of the new company (609-683-1490; fax,


"We had taken in various assignments under the IBR umbrella," says

Michael D. Allison, founder of IBR ( "Our core

constituency is major law firms and Fortune 500 companies that have

been victimized by the anonymity of the internet."

"We do a robust business in helping companies provide a fair and even

workplace," says Allison. A frequent cause for investigation is young

and middle-aged women receiving inappropriate E-mail. "Very often it

is from former employees or co-workers. People do things behind a

keyboard they wouldn’t do face to face."

When they find the bad guys, they investigate them and sometimes refer

them to the FBI. As a result of these cybersleuthing efforts, the

clients might press charges, require the culprits to get counseling or

even just do nothing. "Once their curiosity is satiated, they may

decide that prosecuting the 16-year-old isn’t worth the adverse

publicity," says Allison.

Much of the work comes through the companies’ investor relations

department. Other work comes when firewalls get hacked, and the

cybersleuths are asked to trace that back to the individual hackers.

Sometimes, he says, the company actually has "invited the bad guys

through the main gate."

"In the progenitor business we have a lot of competitors," says

Allison. "Here, we have almost no competitors and the huge


Allison has a degree in economics from the University of East Anglia

and came to the States in 1984 to work as a press officer with the

British government. That job put him in touch with his future

employer, Kroll Associates, one of the grandfathers of the corporate

intelligence business, and later with his future wife, Nancy, who was

working in the investment banking field. After a short stay with

another business research firm, Allison started his own company in

Princeton, where he has lived since 1987.

Craig, a 27-year veteran of the FBI, grew up on Jamestown, an island

of Rhode Island, and graduated in 1969 from Bridgewater College in

Virginia. In the late ’70s he helped solve the "Pizza Case," the first

case to link organized crime in the United States (a heroin importing

ring from Sicily) with organized crime in Russia. Later he specialized

in white collar crime.

What happens when an unsuspecting person gets an obscene E-mail from

someone he doesn’t know and gets reprimanded — or even fired — for

having it in his mailbox? Such a case was reported recently, and the

individual involved, an attorney, had to fight to keep his job.

"You and I can be victimized on any given day," says Craig, "and you

need to show that you do not encourage receiving such material." If

your employer can prove you also have been the sender of such jokes,

as well as the recipient, you’re toast.

Craig has these tips for employers:

Have an employment policy, perhaps a banner on the screen

that your employees open every morning, with a cautionary statement

about "this computer is not your property, and you can — and may be

monitored." The policy should include E-mail, Internet, and intranet

use. "If you don’t have a policy," he says, "you leave yourself wide


Pay special attention to your vendors, your


and your consultants. "They are in your space and know your system

and your passwords but they do not have the loyalty to the company."

"When we get involved," says Craig, "we can analyze "cookies"

(the digital bread crumb trail) for our client, an employer, and

pinpoint which hardware a message came from," Craig says. If the

message came from inside the company, Craig might take a less active

role. If from outside the company, a more active role.

But he must always move with caution because the dissenting voice

could, after all, be an important stockholder. And he most take care

to move with secrecy. Says Craig: "If our clients wanted publicity

they would go to law enforcement."

Top Of Page
Internet Security

The banking industry, often excoriated for its supposed hesitancy to

keep up with the latest technology, is having an a technology and

operations planning conference and exposition on Friday, October 27,

at 8 a.m. at Forsgate. Sponsored by the New Jersey Bankers

Association, it costs $250, and you don’t have be banker to attend.

Call 609-924-5550.

"Technology Planning — an Essential (but Often Overlooked)

Requirement," is the topic for Stephen K. Ryan of BISYS. Other

speakers include "Internet Lending: Facts and Myths" by Ray

Oswald of Fiserv and Peter Southway of Valley National Bank,

and "Telecommunications, Combining Your Voice and Data Delivery," by

Mary Anne Schafer of Schafer Management.

A Research Park-based Internet security firm, Icons Inc.

(609-924-2900, is providing speakers on Internet

security and Internet fraud. Terry Burge and recent hire

Andrew Gray (he helped solve one of recent the headlining cases

of Internet fraud) will address this topic. Their points:

Legislative efforts such as the Grahm Leach-Bliley Act will

impact not only the banking industry, but also other industries and

their customers in the near future. "Align yourself with professionals

who understand the implications of such legislation," says Burge.

Security is a constant cycle of testing, improving, securing and

monitoring. Security professionals (CISSPs, NSA certified

professionals) understand this cycle, and will help their customers to

embrace this approach. "Systems are dynamic, and so too, are potential

threats to a system. By constantly monitoring and testing a system,

one is most likely to prevent a system compromise," she says.

"Penetration tests are not a substitute for security


they are a component of a security assessment."

"Current statistics suggest that 70 percent of all attacks or

system breaches originate from within an organization — disgruntled

employees, employees who are `curious,’ and people with access to your

system through a link-up with a business partner — all represent

potential sources of unauthorized use."

"Take your system security seriously. Assuming that you don’t

have anything that someone would want — so called `security through

obscurity’ is not an effective tactic."

"Encourage your staff to respect the system and the security

surrounding it. Your livelihood may depend on it."

Next Story

Corrections or additions?

This page is published by

— the web site for U.S. 1 Newspaper in Princeton, New Jersey.

Facebook Comments