Trade Secret theft = loss in revenue. Use your spider sense when someone from your team departs the company. They can unsuspectedly upload electronic data to the Cloud for later use that will drain your company of future revenue and present an immediate loss! Be aware-hire an expert to forensically image the departed employees hard drive. It will save you money and headaches!
Every company will have an employee leave but how do you protect the company’s trade secrets from leaving with them?
It is more common that you know for employees to leave for a competitor. On their way out the door, they will take with them proprietary data that can result in great harm to an organization including; loss of employees, customers, and important revenue streams. If someone on your team recently left your company and is suspected of having joined a competitor, it is vitally important to take immediate steps to protect your organization’s electronic assets.
What types of data do departed employees take?
Enigma Forensics has seen it all! 1. Client Lists 2. Blueprints 3. Historical quotations 4. Programming files 5. Source Code 6. Rebate levels offered from various vendors 7. Supply Chain information 8. Business protocols that competition can replicate
Hire an Expert!
When investigating departed employees the first step is to create a forensic image of the past employee’s hard drive. We recommend NOT to ask an internal employee to perform this task but most importantly hire a qualified computer expert from outside your company. This avoids any underlying loyalty current employees may have for the departed team member. An expert is trained to ensure the chain of custody is preserved so that it can be presented during a trial. Many have learned that hiring an expert is worth every dime!
What are the benefits?
Enigma Forensics computer experts will look for all types of activity that took place, including websites visited, files accessed, files transferred to external media, files uploaded to DropBox or other cloud accounts, concealment activities; encryption, and deletion of electronic evidence.
If your company is on the other side of a trade secret misappropriation litigation, we encourage you to hire an expert that will perform an initial assessment of the new employee’s activities. This will provide you with the benefit of knowing if the employee did something that could prove harmful to your company. It’s not uncommon that misappropriated trade secrets are done without the new employer’s knowledge. Yet, the new employer can be named in litigation as a co-defendant! Ouch!
Enigma Forensics has worked for both the plaintiff and defendant in trade secret litigation. Our experts are CISSP certified, what is CISSP? Certified Information Systems Security Professional. This advanced level of certification is considered the gold standard in the field of information security. It is a globally recognized certification offered by (ISC)2. (ISC)2 is known to be the world’s leading organization specializing in certifications and training for professionals in the cybersecurity domain. Click here to learn more about ICS2. https://www.isc2.org/
Call Enigma Forensics at 312-668-0333 for a complimentary consultation.
FBI deputy director David Bowdich said “The sale and scope of the hacking activities sponsored by [Chinese] intelligence services against the US and our international partners is unlike any other threat we’re facing today.”
On July 7th, the United States Department of Justice (DOJ) filed a criminal indictment against Chinese cyber-criminals who acted as both self-employed criminals and employees of the Chinese Ministry of State Security (MSS).
Their names are Li Xiaoyu and Dong Jiazhi both are former classmates and chums. They attended an electrical engineering college in Chengdu, China. Li and Dong worked as a tag team to combine their technical training to hack the computer networks of a wide variety of victims. They included companies engaged in high tech manufacturing; civil, industrial, and medical device engineering. The theft didn’t stop there! They stole and replicated intellectual property and important trade secrets from businesses in the educational, and gaming software development; solar energy; and pharmaceutical sectors. Their stolen booty included information about military satellites and ship to helicopter integration systems, wireless networks, communications systems, high powered microwave systems, laser system technology, counter chemical intelligence, and finally, COVID-19 vaccine bio-development information. They left no stone unturned and literally left their criminal digital fingerprints everywhere.
The United States Department of Justice (DOJ) indictment includes 27 pages of a long laundry list of cyber-criminal attacks starting from 2015. Li and Dong were elevated to the top of the list when they were recently discovered looking for vulnerabilities of certain biotech and pharmaceutical companies who are researching and developing Coronavirus / COVID-19 vaccines.
Basically, China is using their students as cybercriminals to steal, and copy their way to technological advancement instead of developing their own. How did they gain such vital and important information?
Li and Dong used web shells, particularly one called “China Chopper.” This widely available and easy to use hacking tool provided the attackers with remote access to targeted business networks. They would also run credential-stealing software to grab user names and passwords. By creating easy access into a victim’s systems, they would copy the data they wanted to steal into an encrypted Roshal Archive Compressed file (RAR). Like other archives, the RAR file is a data container storing one or several files in compressed form. Windows Operating Systems has a default setting that allows a folder to be created and stored where the “Recycle Bin” is located, making it almost invisible to system administrators. Li and Dong operated within the “Recycle Bin” and create extensions such as “.jpg” to make those files appear as images. Thus, disguising the stolen data. The Ministry of State Security (MSS) allegedly provided the two with Zero Day hacking tools that could be used to penetrate corporate networks.
Once they stole the data they would bring it back to China and either sell it to the highest bidder or as directed and allegedly provide it to the MSS. After they breached a company they would go back and re-victimize the same company or organization they attacked in the first place. In addition to hacking and extorting U.S. technology companies, the two allegedly attacked messaging platform tools favored by Hong Kong protestors. The attackers appear to have motivations other than pure financial extortion strengthening the DOJ’s position that the attackers are connected to the MSS.