[ISN] Forensic computing uncloaks industrial espionage

From: InfoSec News (isn@private)
Date: Fri Jul 16 2004 - 00:28:20 PDT


By John Leyden
15th July 2004 

Forensic computing techniques proved decisive in winning a recent High
Court action involving underhand dealings and industrial espionage in
Britain's automotive tools industry.

Computer forensics firm Vogon International was called in to help
investigate the alleged theft of electronic copies of vital
engineering drawings by a former director and members of staff who had
left British Midland Tools, in Tamworth near Birmingham, to join
Midland International Tooling Ltd (MIT). British Midland Tools'
suspicions were aroused when MIT set up shop almost on its doorstep,
offering identical services only weeks after its staff had left their
former company.

It was alleged the suspects had taken the electronic blueprints to
their new company and had begun to attract business from customers of
British Midland Tools valued at £3m. British Midland Tools began a
legal action and obtained a search order authorising a raid on MIT.

Vogon assisted British Midland Tools' solicitors, Cripps and Shone, in
the search and seize order at the site of Midland International
Tooling. Vogon's investigators took a complete image of the entire
contents of Midland International Tooling's AutoCAD (engineering
drawing software) system, providing an exact replica of the system at
the time the forensic process took place. AutoCAD files record
information on data that is deleted - much like the metadata recorded
by Microsoft Word.

Tooling up

Vogon investigated drawings from both companies at its laboratories in
Bicester, Oxfordshire. The initial investigation revealed no real
problems, but a different picture was revealed when the drawings were
converted into common formats. Vogon’s investigators discovered that
drawings found at Midland International Tooling contained one of
British Midland Tool’s address blocks, the original of which had been
overwritten and replaced with the address of the new company. Further
investigation revealed two pages of British Midland Tools’ quality
manual in the slack space of Midland International Tooling’s computer,
which should not have been there.

How was MIT going to defend itself against such damning evidence? At
the eleventh hour, the defence presented Vogon’s investigators with
floppy disks, purporting to be Midland International Tooling’s
original drawings on their original disks. Midland International
Tooling claimed that these drawings were made in 2000; but checks with
Sony revealed that the floppy disks had not been manufactured until
two years later, in 2002.

In court, Justice Hart concluded that the drawings had been
deliberately copied from British Midland Tools’ computer to the
Midland International Tooling’s computer, as part of its plans to set
up a rival business. The Judge found in favour of British Midland
Tools and made an award for substantial undisclosed damages and all
costs. The original judgement was made in January 2003, but an appeal
in the case against former MIT directors was only exhausted in January
this year. Both Midland International Tooling and British Midland
Tools were wound up last year following the failure of their
respective businesses.

Tony Dearsley, senior computer investigation manager at Vogon
International, said its computer forensics expertise is split evenly
between criminal and civil cases where the "same principles and
attention to detail apply".

"Company loyalty is a thing of the past and this has led to an
increase in people taking vital company information with them when
they leave. We're often called in cases where sales and contact
databases going missing," he said.

Help InfoSec News with a donation: http://www.c4i.org/donation.html

This archive was generated by hypermail 2.1.3 : Fri Jul 16 2004 - 02:39:32 PDT