Feeds

Forensic computing uncloaks industrial espionage

Damning evidence wins case

  • alert
  • submit to reddit

SANS - Survey on application security programs

Forensic computing techniques proved decisive in winning a recent High Court action involving underhand dealings and industrial espionage in Britain's automotive tools industry.

Computer forensics firm Vogon International was called in to help investigate the alleged theft of electronic copies of vital engineering drawings by a former director and members of staff who had left British Midland Tools, in Tamworth near Birmingham, to join Midland International Tooling Ltd (MIT). British Midland Tools' suspicions were aroused when MIT set up shop almost on its doorstep, offering identical services only weeks after its staff had left their former company.

It was alleged the suspects had taken the electronic blueprints to their new company and had begun to attract business from customers of British Midland Tools valued at £3m. British Midland Tools began a legal action and obtained a search order authorising a raid on MIT.

Vogon assisted British Midland Tools’ solicitors, Cripps and Shone, in the search and seize order at the site of Midland International Tooling. Vogon’s investigators took a complete image of the entire contents of Midland International Tooling’s AutoCAD (engineering drawing software) system, providing an exact replica of the system at the time the forensic process took place. AutoCAD files record information on data that is deleted - much like the metadata recorded by Microsoft Word.

Tooling up

Vogon investigated drawings from both companies at its laboratories in Bicester, Oxfordshire. The initial investigation revealed no real problems, but a different picture was revealed when the drawings were converted into common formats. Vogon’s investigators discovered that drawings found at Midland International Tooling contained one of British Midland Tool’s address blocks, the original of which had been overwritten and replaced with the address of the new company. Further investigation revealed two pages of British Midland Tools’ quality manual in the slack space of Midland International Tooling’s computer, which should not have been there.

How was MIT going to defend itself against such damning evidence? At the eleventh hour, the defence presented Vogon’s investigators with floppy disks, purporting to be Midland International Tooling’s original drawings on their original disks. Midland International Tooling claimed that these drawings were made in 2000; but checks with Sony revealed that the floppy disks had not been manufactured until two years later, in 2002.

In court, Justice Hart concluded that the drawings had been deliberately copied from British Midland Tools’ computer to the Midland International Tooling’s computer, as part of its plans to set up a rival business. The Judge found in favour of British Midland Tools and made an award for substantial undisclosed damages and all costs. The original judgement was made in January 2003, but an appeal in the case against former MIT directors was only exhausted in January this year. Both Midland International Tooling and British Midland Tools were wound up last year following the failure of their respective businesses.

Tony Dearsley, senior computer investigation manager at Vogon International, said its computer forensics expertise is split evenly between criminal and civil cases where the "same principles and attention to detail apply".

"Company loyalty is a thing of the past and this has led to an increase in people taking vital company information with them when they leave. We're often called in cases where sales and contact databases going missing," he said. ®

Related stories

Suspected paedophile cleared by computer forensics
Child porn case highlights browser hijack risks
Court slams Vogon for overbilling Serious Fraud Office
EU develops cyber crime forensics standards
Traces of Guilt: computer crime from the front line
WestJet disputes industrial espionage charge
Lucent trade secret suspect goes on the run

Combat fraud and increase customer satisfaction

More from The Register

next story
Parent gabfest Mumsnet hit by SSL bug: My heart bleeds, grins hacker
Natter-board tells middle-class Britain to purée its passwords
Obama allows NSA to exploit 0-days: report
If the spooks say they need it, they get it
Web data BLEEDOUT: Users to feel the pain as Heartbleed bug revealed
Vendors and ISPs have work to do updating firmware - if it's possible to fix this
Samsung Galaxy S5 fingerprint scanner hacked in just 4 DAYS
Sammy's newbie cooked slower than iPhone, also costs more to build
Mounties always get their man: Heartbleed 'hacker', 19, CUFFED
Canadian teen accused of raiding tax computers using OpenSSL bug
Snowden-inspired crypto-email service Lavaboom launches
German service pays tribute to Lavabit
One year on: diplomatic fail as Chinese APT gangs get back to work
Mandiant says past 12 months shows Beijing won't call off its hackers
prev story

Whitepapers

Designing a defence for mobile apps
In this whitepaper learn the various considerations for defending mobile applications; from the mobile application architecture itself to the myriad testing technologies needed to properly assess mobile applications risk.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.
Five 3D headsets to be won!
We were so impressed by the Durovis Dive headset we’ve asked the company to give some away to Reg readers.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Securing web applications made simple and scalable
In this whitepaper learn how automated security testing can provide a simple and scalable way to protect your web applications.