Intellectual Property Theft Data Breaches from within

“Intellectual Property Theft & Data Breaches from within the Workplace” Presented by: GIOVANNI MASUCCI, 132 -CI, BCE, MPCE, CCITP, CCPE To: North Carolina Paralegal Association Wrightsville Beach North Carolina March 21, 2014 Proprietary. Copyright Pending. Unauthorized use without the written consent of National Digital Forensics, Inc. is prohibited. 2014 All Rights Reserved.

Instructor Introduction • Giovanni Masucci, CEO/President of NATLDF • Sr. Digital Forensic Examiner –over 12 yrs exp. • State of North Carolina Licensed Counterintelligence since 2003 • Digital Forensic CLE Instructor since 2003 • Attended Federal Law Enforcement Training Center (FLETC) • Attended WISE & SLATT Trained • Member US Secret Service Electronic Crimes Task Force (ECTF) • Former President Carolinas HTCIA (High Technology Crime Investigative Association) National Digital Forensics, Inc.

National Digital Forensics, Inc. • 2008 Incorporated State of NC • Roots: Capitol City Consulting which was started in 2002 a NC Corporation • Providing Digital Forensic Services – Government, Law Enforcement, Corporations, Financial Institutions, Law Firms & Academia • Computer, Mobile, Cloud, GPS Forensics • Audio & Video Forensics • Consultation National Digital Forensics, Inc.

National Digital Forensics, Inc. • Data Breaches & Forensic Incident Response – Identifying evidence that is critical to determining your legal and regulatory obligations • Data Collection and Preservation – Identification and Preservation of Digital Evidence • Cyber Investigation & Forensic Analysis – Internal & External Threats • Expert Testimony – Affidavits, Depositions & Court • Consulting, Production & Review, Training & Instruction National Digital Forensics, Inc.

National Digital Forensics, Inc. Our Partners Barefoot Investigations National Digital Forensics, Inc.

Program Overview • Gain an understanding of Intellectual Property Theft and Insider Data Breaches • The Impact to Companies • Steps to take when the Employer engages Attorney. • Questions that must be asked of your Client to help guide you and add to overall scope for your case. National Digital Forensics, Inc.

What is Intellectual Property? • Patents, Trademarks, Names, Symbols, Images, Creations, Inventions, Designs, Specific Works, Rights to Copyrights, Literary Works, Photographs, Artistic Works, Research & Development Formula’s. National Digital Forensics, Inc.

Overview of Intellectual Property Theft National Digital Forensics, Inc.

An Employee removing Company Client Contacts, Company Program Designs, Company Bid Information and utilizing this information for their own benefit, competitors benefit or to sabotage a Company financially. National Digital Forensics, Inc.

What is a Data Breach? National Digital Forensics, Inc.

A data breach is an incident in which sensitive, protected or confidential data has potentially been viewed, stolen or used by an individual unauthorized to do so. Data breaches may involve personal health information (PHI), personally identifiable information (PII), trade secrets or intellectual property. National Digital Forensics, Inc.

Statistics of Data Breaches 2012 2, 644 incidents • Insiders accounted for 19. 5% of incidents and 66. 7% of exposed records: • Insider wrong-doing accounted for 7. 1% of reported incidents and 56. 8% of exposed records. • Nearly 90% of all incidents involved electronic data and nearly 100% of exposed records were in electronic form. National Digital Forensics, Inc.

Statistics of Data Breaches 2013 Based on CERT (Cyber Emergency Response Team) Reported Incidents Insider theft of Intellectual Property occurred most frequently in the Information Technology (35% of cases), Banking and Finance (13%), and Chemical (12%) industry sectors. 2013 Report by Verizon Investigations based on Worldwide. 14% was by Insiders. National Digital Forensics, Inc.

Data Breach Impact to an Organization • • Financial Impact Unwanted Exposure Government Reporting Government Fines Civilian Law Suits/Class Action Suits Identity Theft Embezzlement/Fraud National Digital Forensics, Inc.

Employees Access Roles of Employees and their access to an Organizations Intellectual Property • Understanding what employees should have access to Company Data. • IT Administrator • HR • Executive Level • R&D National Digital Forensics, Inc.

How Intellectual Property Theft becomes a Data Breach Employee Copies or accesses Client Folders stored on a Server. Client Folders may contain Sensitive Information; • Personal Identifiers • Social Security Numbers • Credit Card Information • Account Numbers • Drivers License Information • Heath Record Information • Tax ID Information National Digital Forensics, Inc.

How Intellectual Property Theft becomes a Data Breach • Potential for Identity Theft • Regulatory issues may now come into play! • HIPPA • Information Privacy Law National Digital Forensics, Inc.

Summary of Digital Forensic Process to Identify Employee Intellectual Property Theft/Data Breach • Video! • http: //www. youtube. com/watch? v=kfgw. HO b 5 n. Yk National Digital Forensics, Inc.

Preservation, Collection • • Identifying what occurred from your Client Important questions to pose to your Client Understanding next steps Determining if Breach occurred or Intellectual Property was removed. • Regulatory Compliance-Time frame to complete Forensic Analysis to make determination. National Digital Forensics, Inc.

Preservation, Collection See attached Questions! Questions will help determine with next steps and where & what Forensic Examiners need to prioritize first for evidence collection. • Preserving the potential evidence • Forensic Imaging of Devices; Computers, Laptops, Smart Phones, Servers. Whatever may be applicable to your case. • Forensic Collection & Analysis of Devices National Digital Forensics, Inc.

Implications: Legal, Laws, Multijurisdictions, Regulations • HIPPA: The Health Insurance Portability and Accountability Act • NC Gen. Stat. Sec. 115 C-321: Unlawful access to an Employees Personnel File (Misdemeanor) • NC Gen. Stat. Sec. 14 -113. 20: Identity Theft (Felony) • www. ncga. state. nc. us: Chapter 66, article 24: Trade Secrets • NC Computer Related Laws: Article 60, 14 -453 thru 14458. 2. (9) law references (Misdemeanor to Felony) National Digital Forensics, Inc.

Implications: Legal, Laws, Multijurisdictions, Regulations • Federal Educational Rights and Privacy Act (FERPA) • Health Information Technology for Economic and Clinical Health (HITECH) Act • State Security Breach/Notification Laws • Payment Card Industry Data Security Standard (PCI DSS) • Sarbanes Oxley Act (SOX) Accounting auditability National Digital Forensics, Inc.

Identifying Potential Evidence Instagram National Digital Forensics, Inc.

Examples of uncovered Digital Evidence and where Evidence was located • Deleted files/Deleted E-mails • Scanned Documents (data contained in copier/printer hard drive) • IP Addresses, Passwords, Encrypted files, Hidden Files • Instant Messages/Chat (Skype), G-Mail, Blackberry Messenger, Facebook, Instagram • Graphics/Videos (. jpg, . gif, . png, /. avi, . mpeg, . dvr) • Malware-Keyloggers: Spyware, Eraser Programs • User History/Internet History/ Deleted History National Digital Forensics, Inc.

Examples of uncovered Digital Evidence and where Evidence was located • Computers, Cell Phones, Smart Phones, Tablets • Firewalls, Wireless Devices, Network Servers • XBOX, Wii Video Gaming Systems, Toys! • MP 3 Players-IPODS, Security Video Systems • Digital Recorders, Digital Cameras, Digital Photo Frames • Back-up Tapes, Data Storage, E-mail Servers • Fax Machines, Printers, CD/DVD’s, USB External Drives • USB Flash/Thumb Drives • Digital TV’s, Cable Company Boxes, GPS Units National Digital Forensics, Inc.

Forensic Tools utilized to recover Digital Evidence • • Encase™ by Guidance Software Inc. FTK ™ by Access Data (IEF) Internet Evidence Finder™ F-Response™ Lantern™ Software Logicube™ Forensic Tools Celle. Brite™ Forensic Hardware & Software Tools • Wet. Stone™ Forensic Software National Digital Forensics, Inc.

Forensic Tools utilized to recover Digital Evidence • Celle. Brite™ Touch Ultimate National Digital Forensics, Inc.

Forensic Tools utilized to recover Digital Evidence • Lantern™ Forensic Software Designed for IOS & Android Operating Systems. • Smart Phones • Tablets • I-Pads National Digital Forensics, Inc.

PEARL National Digital Forensics, Inc. Heritage Softail Classic

Case Impact Examples National Digital Forensics, Inc.

Case Example #1 • Employee Leaves Company and starts working for Competitor Company. • How did employee gain access to Intellectual Property? • Company Employee went to work for was he 3 rd Party Vendor for his Former Company handle all IT. • Vendor gave access to former employee before he left to remove confidential and proprietary information. • How was it discovered? Former Employee bragging to another employee before he left his former employer. • Employee alerted Company President after former employee resigned. • Forensic Analysis revealed access given as IT Administrator to former Employee National Digital Forensics, Inc.

Case Example #2 Intellectual Property Theft • Company Network Software Program flags excessive employee use of Internet • Employee Time Usage on Internet reviewed • Employee accused of viewing Pornography engaged in Sexual Content Instant Messaging • Forensic Analysis revealed additional info: Company IP Information exchanged via Facebook Messaging to Competitor (data recovered was deleted by employee) National Digital Forensics, Inc.

REFERENCES • • http: //www. ncpc. org/topics/intellectual-property-theft http: //en. wikipedia. org/ http: //www. hhs. gov/ocr/privacy/ RSA Conference 2013: www. youtube. com/watch? v=kfgw. HOb 5 n. Yk • https: //www. riskbasedsecurity. com/reports/2012 Data. Breach. Quick. View. pdf • http: //www. cert. org/blogs/insiderthreat/post. cfm? Entry. ID=189 • http: //www. verizonenterprise. com/DBIR/2013/ National Digital Forensics, Inc.

Questions? National Digital Forensics, Inc.

Thank You! Giovanni Masucci, President Sr. Digital Forensic ExaminerAnalyst National Digital Forensics Inc. Raleigh, North Carolina (919)754 -8644 (Office) (919)961 -8007 (Mobile) E-Mail: gmasucci@natldf. com Web-Site: www. natldf. com National Digital Forensics, Inc.