Blog

Welcome to the BD Consulting & Investigations Inc. site!

Hello and welcome to our site. As part of our website revision and at the request of our clients, we have added this Blog section to provide information from our staff or associates about issues we believe are relevant. We will be posting the information as it becomes available and will post selected responses to the information. The selected responses, either positive or negative, will be relevant to the topic being presented. Any posts off topic, inappropriate language or inappropriate comments will not be considered for posting. Now for our first Topic!

Market Entry Planning for IP and Intangibles.
Recently, my friend Michael Moberly hosted the ASIS Seminar, “Safeguarding Information Assets,” in Denver, Colorado and asked that I participate as a presenter on the topic of Market Entry Planning. When I asked specifically what he wanted, he told me that there was a lot of interest in how a company could protect their Intellectual Property (IP) and Intangibles when moving into a new market. I considered his request and realized that many companies don’t make plans to protect their IP and especially, their intangibles (knowledge, people, etc.) when moving into a new market.

At about the same time we were having our discussions, I had a new client wanting to move their Research & Development Center to the United States (US). I made a point to ask them why they wanted to move to the US and the answer was to protect their IP and any new developments. They saw the US as a new market and wanted to also be seen as a US Company. Their market entry plan took into consideration how they were going to protect their IP (US Laws and assistance from my company) and also their people by ensuring they were prepared, could speak English and wanted to live/work in the US.

In August, I was interviewed regarding outsourcing R&D to China and other countries for CIOZone. I gave my opinion that not enough companies are doing market entry planning with one of the goals being protection of their IP. Outsourcing R&D should be considered as a new market because of the risks involved. Outsourcing can provide a company with a competitive advantage as long as in the process of competing, the company doesn’t lose its IP or even worse, its intangibles (people or knowledge). If you have an opinion on this subject, please send me an email.

Thomas Quilty

Due Diligence for Solar Companies

Welcome Back!

Lately we have been involved in the sustainable energy sector assisting companies with finding viable solar sites in the state of California.   With the growing popularity of renewable energy, solar investors are scrambling to buy or lease land to install their solar installations.  However, solar investors need to take into account multiple due diligence factors when acquiring property.

Power purchasing agreements (PPAs) are a vital piece of the puzzle to ensure a steady income and customers.  PPAs are contracts with utilities, public entities or large corporations to purchase the energy from the solar site for their use or to distribute to their customers.  When considering a potential site, the potential energy demand needs to be researched in advance to guarantee a practical, profitable, market in a given location.  Questions, such as who will use the energy, i.e. commercial, industrial, or residential entities are factors which need to be considered.  In addition, location is an important factor in choosing a site.

Location issues such as the necessary infrastructure, price per KwH, and security all impact on decision of where to locate the site.  Will the solar company need to build infrastructure to transmit large amounts of energy to distant locations?  How much energy, time, and money will be used in the transmission of the energy?  Solar installations are subject to public vandalism and theft primarily due to their location.  Most sites require flat clear spaces to guarantee maximum sun exposure during the day.  As a result of these wide open spaces, security of the installation is a concern when choosing where to site the project.  As we all know, solar panels are rather expensive and with the need to be placed in open spaces, theft or vandalism is inevitable.  Protection of the installation is one of many factors to consider when choosing a site.

These are just a couple of due diligence bits and pieces to think about when locating a potential solar site.  Please feel free to submit personal experiences or other critical due diligence factors which you feel are important in selecting solar sites.  Until next time…

Kaitlin Keith, BD Consulting & Investigations, Inc.

Recovering from a Data Breach

BD Consulting & Investigations, Inc. conducted a presentation on Data Breaches and IP Thefts (The Insider Threat) at the 38th Annual San Francisco ASIS Seminar and Exhibits that was held in San Jose, California on May 12-13, 2010.  Research data indicates that companies/corporations (both private and public sector) should be thinking ahead by asking, not if, but when will a data breach occur. Every organization should take preventive steps by having policies and procedural safeguards in place.  In addition, conduct necessary training to all involved employees and corporate level members to help prevent a breach.  The best defense against any hacker or an individual inside your organization is, be prepared and think ahead. The news is full of stories everyday about data breach incidents: financial, medical or personally identifiable information being stolen from major corporations in both the public and private sectors.

After a breach occurs, companies find themselves asking, what do we do now and how do we recover from this breach? Professional organizations in major league sports have a plan and a playbook to use throughout their season.  The same holds true with disaster recovery for companies.  Companies need a plan or playbook to be ready and waiting for a data breach to occur.  If there is no plan or playbook the breach can and will turn into a panic mode situation.  If the data breach incident is published by the media the company could lose: credibility, trust, assets, financial exposure, customers, market share and consequently legal proceedings could be filed.

We highly recommend that companies contemplate and answer the following questions as well as conduct a complete risk assessment and analysis of the IT network system within their company.

1. Who is the person that is responsible for the network?
2. Does this person know what data is critical and must be protected more than other data?
3. Does the owner of the information know where the data is stored and who has authorized access to the information?
4. Are there any additional steps that are taken to protect these records?

Identifying the information which needs to be protected, where it is stored and who has access to it is part of the risk assessment process.  Risk assessments help in planning for disasters including breaches, losses or thefts.  IT managers and personnel should reflect on the following:

1. Does the company/corporation have a plan for a data breach, loss, or theft? 
2. Who is responsible for coordinating the investigative activities? 
3. Who will notify law enforcement if necessary? 
4. What information will be shared? 
5. What’s the game plan to handle the press, legal issues, public relations, law enforcement and other concerns that may arise during the breach – this could be the difference between your company/corporation surviving or not surviving a loss, theft, or breach. 

A person who has mentored me throughout the last thirty-four years has always reminded me over and over again: “Be prepared, be prepared for any situation that life may throw your way.  When that situation arises, stop and ask yourself: Am I doing the right thing, at the right time, in the right way, and for the right reason?

James R. Keith, BD Consulting & Investigations, Inc.

Law Enforcement and Industry Cooperation

Recently I was reminded of the importance of Law Enforcement and Industry cooperation to resolve complex criminal cases.   The most recent reminder was Apple and the REACT Task Force, where I worked for a number of years.  Before the Search Warrant Affidavit was released, REACT and Apple were blasted in the media for working together.  The fear or concern was that Apple had a special relationship with REACT which gave them priority over other crime victims.  Before addressing this relationship, it’s important to understand how and why the REACT Task Force came into existence.

The REACT Task Force was originally formed to address the specific and special criminal investigative needs of the Silicon Valley High Technology Companies.  In the mid 1990’s, High Tech Corporations were being targeted by the very technologies they helped develop.  Local and even Federal Law Enforcement was ill equipped to investigate these crimes.  These crimes included many crimes previously unheard of by Law Enforcement and included Trade Secret Thefts, Computer Intrusions (Hacking), Denial of Service attacks and many others.  They also included traditional crimes such as robbery, extortion, counterfeiting and copyright infringement except with a High Tech twist.  The companies involved were starting to lose jobs or in some cases had to close their business as a result of these crimes.

In an attempt to halt the theft or counterfeiting of their products, Silicon Valley companies began meeting informally with Law Enforcement to provide training on the new technologies being developed.  These meetings became more formalized and helped create the High Technology Crime Investigation Association (HTCIA).   In 1997, Rich Bernes, an FBI Supervisory Special Agent, Sheriff Charles Gillingham, Chief Craig Steckler and others developed a Memorandum of Understanding to create the REACT Task Force.  The goal of the REACT Task Force was to address the specific criminal investigative needs of Silicon Valley Companies and to identify, target and prosecute crimes which local Law Enforcement Agencies were not able to address.   When REACT was formed there were questions by the Steering Committee as to how REACT would operate.

From the beginning, it was understood that there had to be a relationship of trust between the REACT Task Force and Silicon Valley Companies, but there were limitations on what assistance and information could be shared by both parties.   Operational guidelines, mostly informal, were developed on what information could be shared by all.  These guidelines included the understanding that the companies would initiate their own investigation under their own policies and procedures, but when the case was turned over to the REACT Task Force, they had no control or direction of the investigation.   The company could continue their investigation in parallel and any additional information would be provided to REACT.  REACT though, was not allowed, except under limited circumstances, to share investigative information or results until the case was to be filed criminally.  The biggest decision for any company was whether to contact REACT, handle the case in house or just ignore that it occurred.

The decision to call the REACT Task Force and provide information relating to a criminal case involving a High Tech Company was and still is a difficult choice for any publicly owned company.  When a crime occurs in which the company is a victim, the company has the following choices:  Investigate and report the crime; Investigate the crime and not make a report; or just ignore that the crime occurred altogether.  The company has to decide if they want to be a victim.  The company may have been victimized by a criminal act and could be victimized again in the press or via stock price if it was reported that they had been a victim of a crime.  This was especially true if it was a theft of their Trade Secrets.

To counter this and to help a company make an informed decision, from the company’s viewpoint, as to whether a crime should be reported, informal meetings or telephone calls were initiated regarding, “What If,” questions.  These meetings or informal telephone calls would usually take the form of…I’m not reporting a crime, but if something like … occurred, would REACT be interested.  The response, at least from me, would be … If something like that occurred and there was evidence of … available which identified a particular person, then we would at least review whether it was an appropriate case.  As far as I know, this process continues.  REACT has changed over the years, with focus on other areas and victims.  This doesn’t apply to mandatory reporting of certain crimes.  That’s the short history of REACT and how it started and the reasoning behind its creation.  Now it’s time for my opinion as to why it should continue and if possible be expanded.

Silicon Valley and other Companies in the US must be protected.  This doesn’t mean a bailout or special favors, because any business which can’t stand on its own merit or products is not a good business.   High Tech businesses in Silicon Valley provide many of the jobs which drive the economy of the San Francisco Bay Area.  The loss of intellectual property through trade secret thefts, counterfeiting, copyright infringement, intrusions, component theft or other crime ultimately costs jobs in the Bay Area.    The REACT Task Force, and its sister Task Forces in California, through investigative activities helps protect Bay Area jobs and encourages other companies to consider moving to the Bay Area, because there is a knowledgeable  group able to understand and respond to their unique investigative needs.  The REACT Task Force is one of the last High Tech Crimes Task Forces in existence and like all Law Enforcement agencies is under pressure to justify what it does and what benefits it provides.   Though there are local and federal agencies available, none of them have the time or resources available for a lengthy High Tech crime investigation.

If you have a comment, please feel free to email me at info_AT_bdcon.net.

Thomas Quilty, BD Consulting & Investigations, Inc.

Risk Management and Renewable Energy

Hi All! Traditional methods of alternative renewable energy acquisition has become a staple in today’s marketplace.  Two sectors in particular include solar and wind energy.  Corporations are rapidly buying land to develop solar and wind farms throughout the world.  Thinking outside of the box will become necessary for future companies to acquire these resources while competing to stay in business.  Two upcoming companies, Magenn and Nolaris show their creativity and innovation through their renewable inventions.

Magenn is a wind power company which has developed a high altitude wind turbine, otherwise known as MARS.  The turbine resembles a blimp.  This concept is advantageous over the typical wind turbines because they are 1,000 feet above ground which allows MARS to be closer to the grid, mobile, easily deployed and deflated, and it is bird and bat friendly due to the height. See http://www.magenn.com/ for more information.

Nolaris has developed a solar island of panels that float above water and rotate to align with the sun to ensure maximum sun exposure.  The island is almost immune to waves and wind due to the outer ring height of up to 20 meters and the horizontal position of the panels.  For more information see http://www.nolaris.ch/.

Magenn and Nolaris are perfect examples of companies that should explore risk management protection options for their products.  Some questions to consider would be: What are potential location risks?  What security measures need to be taken to ensure that the products are not stolen, tampered with, and/or damaged, either by human or natural causes.  BD Consulting & Investigations, Inc. has dealt with these and many similar issues that have arisen from risk management issues.  Risk management is an important part of maintaining a company’s integrity, public image, and success.

Kaitlin Keith, Administrative and Marketing Officer

U.S. General Services Administration Conference 2010

BD Consulting & Investigations, Inc. recently attended the Sixth Annual U.S. General Services Administration Opening Doors  2010 Conference / Program that was held in Los Angeles, August 9-11.   Representing BD Consulting & Investigations, Inc. was, CEO Tom Quilty, Marketing and Administrator Officer, Kaitlin Keith and myself. In the past four to five months, BD Consulting & Investigations, Inc. has been talking with a number of potential customers and one of the first questions asked of Tom or I is, “Are you on Schedule”? Our reply has been, “No- we are not on Schedule”.  After further discussions, Tom and I decided to attend the GSA Conference to learn how to get “on schedule”.

The purpose of this conference was to assist and promote increased access to GSA’s nationwide contracts / procurement opportunities for small businesses including: small disadvantaged, veteran, service-disabled veteran owned, HUBZone, and women business owners.  GSA’s goal was to provide the information necessary for small business to learn Federal Government contracting, effectively bid, proactively market and ultimately win government contracts.

This event made it possible for the small business owners to meet key contracting experts (GSA Personnel and private industry contractors) and be counseled on the procurement process.  The program included numerous workshops, advisory sessions with GSA personnel, and business matchmaking appointments.  Over a hundred GSA vendors exhibited.  The vendors were a good source for real-world lessons learned and advise about the GSA schedule contracting.

The Government awards about 525 billion in contracts each year and 23% of that is supposed to be set-a-side for small business but each year Federal agencies come up short.  In 2009, GSA reported that only 21 % was achieved or used by small business.

GSA is out to give small business the tools needed to meet their goals at prices that meet their budget.  Two of the major steps that a small business has to take with the GSA is “Being on Schedule and Being Registered” with GSA.

The GSA Schedules program is a process where small and large businesses pre-negotiate a long term contract which is accessible by every Federal agency for ease of purchasing. These GSA Schedules are for a five year term with three five year option periods providing a potential 20 year contract with the Federal Government. Because of Federal Acquisition Regulation (FAR) 8.404, the contracting process for achieving awards is faster and more efficient for Schedule holders. This contracting vehicle can provide a dynamic potential for winning business and increasing revenue. GSA Federal Acquisition Service (FAS) administers these GSA Schedules but they are available to all agencies.

Per GSA there are approximately 26 million businesses in the United States. Of those, less than 500,000 are registered to do business with the Federal Government on the Central Contractor Registration (CCR) database. And of those, only about 18,000 have GSA Schedules. Having a GSA Schedule can significantly reduce a company’s competition.

Information Technology is the largest GSA Schedule with sales last year of almost $16 billion. But GSA Schedules are more than IT and cover most products and services that a business would offer from office supplies to law enforcement to engineering to consulting.

So at the present time, we are actively working on the process of “Getting On Schedule”. We have been advised that this process could take up to ten to twelve months.  So if anyone has any ideas that could improve the process or ideas that could assist us through the process, please contact Kaitlin, Tom or I.

Jimmy Keith, President

Brand Protection and Consumer Protection During the Holidays

The holidays are upon us and it’s one of the major seasons for counterfeiters to target unsuspecting consumers and corporations. Consumers looking for a good deal on the latest products may search the web to find the product at the lowest price. Unfortunately, many times they find what appear to be legitimate products being sold at a very low price. When the product finally arrives the consumer realizes that the product they purchased doesn’t work or quickly falls apart. Their first step is to call the legitimate company which manufactures the product to complain about the problem. When the company tells the consumer that they purchased a fake and there is nothing they can do – the consumer is angry, both at the legitimate company and the company that sold them the fake product. This affects a company’s Brand Image.

Legitimate companies use many strategies to protect their “Brand” from being associated with fake or counterfeit products. These efforts are increased before the holiday season to ensure that consumers have confidence in the legitimate products sold by a company. Generally, the more desirable the product, the more likely it will be counterfeited. Consumer electronics, prescription drugs, automobile parts, aircraft parts, baby food, designer clothing and designer jewelry are all targets of the counterfeiters. Companies successful in protecting their brand usually have a dedicated or contract brand protection group which searches out and identifies those selling counterfeit products. This information is then used to target the individuals or companies with the goal of having them stop their counterfeiting activities.

Our recommendations for the holidays:
For Consumers:
A.   Buy from an authorized seller and after the purchase, keep the receipts and packaging to ensure that if the product is later determined to be counterfeit – they can contact the authorized seller.
B.   If the product is the hottest on the market or very desirable – it should be selling close to the suggested retail price. The lower the price, the more likely it is counterfeit.
C.   Lastly – Buyer beware!
For Companies:
A.   Prepare your customer service staff to deal with these complaints in a professional manner and try to gather as much information as possible.
B.   Consider increasing your Brand Protection staff or contractor staff to identify problems before they become bigger problems.
C.   Plan how to handle product liability complaints arising out of a counterfeit purchase by a consumer.

There are more recommendations available, but to keep this short feel free to contact our staff with any questions. Happy holidays from the staff of BD Consulting & Investigations, Inc. We wish you all the best in the coming year.

Thomas Quilty

Brand Protection: Shortages of components due to a disaster make counterfeit or gray market parts and products more likely to enter the stream of commerce

Counterfeit and gray market parts or products are a problem for any company attempting to protect their Brand and the consumer.  Protecting a company’s Brand is even more challenging when a disaster or event occurs which interrupts the manufacturing and supply chain operation of a large area.  Counterfeit manufacturers and gray market distributors are always willing to fill demands from consumers or suppliers when these events happen.  The parts or products supplied may or may not meet the manufacturers’ specifications or quality.

The recent tragic earthquake and Tsunami continues to affect the people of Japan and Japanese manufacturers of consumer electronics, automotive, Integrated Components and other parts or products.  Though only a week has passed, at the time this is being written, shortages are already occurring in markets which depend on readily available spare parts such as the automotive industry.  This situation places purchasers and purchasing managers in a position where they may consider alternative sources for the parts or products.

Many companies use the “Just in Time” model for manufacturing and inventory.  This model ensures that inventories are kept to a minimum and items are only ordered or produced when actually needed.  The danger of a “Just in Time Supply” chain is that it is susceptible to disruption unless there are multiple sources for all the parts.  Many companies have only one source for some of their items or products.  As long as everything works, it’s very advantageous and cost effective.  When it fails due to a disruption in the delivery of parts or products because of a disaster or other event, the company may be forced to seek the items from another, possibly unauthorized source.  The business decision to purchase from an alternate or unauthorized source is potentially risky; especially if the products produced using those parts will be used in aerospace, defense, pharmaceutical, automotive or critical infrastructure.

When there are situations such as those occurring in Japan that affect manufacturing or the supply chain, it is important to counsel purchasing staff regarding purchasing from suppliers who may have counterfeit or inferior quality goods.  The risks of allowing these products into the normal supply chain could potentially affect any efforts to legally protect a company’s Brand in the future.  If there is a business requirement to consider alternate sources for a part or product, we recommend consulting with your Corporate Counsel or other competent outside counsel before making this business decision and conducting due diligence checks on suppliers.  This is also the time to increase efforts to combat counterfeiting and gray market activities.   The counterfeiters and gray market distributors are always looking for a business opportunity.  Take steps to keep your company from being their opportunity.

As always, comments are welcome:  info at bdcon.net

Modified from the original post based on input from others.

Thomas Quilty

Creating a Successful Security Culture

I just returned from a four week trip to the East Coast.  During that time I met with a number of public and private entities regarding their data protection strategies.  The main topics of discussion were cyber-crime, IT network security, data security, and data breach issues.  Surprisingly, the majority of these groups have not put aside any time to be trained or educated on these important issues. 

The big question of concern is: how should these issues be approached and dealt with?  One answer is by creating a good security culture within the entity or company. A good security culture should be treated as a partner and not as an enforcer or outsider.  Consider the following ideas when looking at creating a good security culture for your organization.

1. Examine the culture of an entity or an organization.  The culture of any organization is defined by a vision, sharked attitudes, values and practices that support the mission.  The primary mission in security is the protection of people, information, and physical assets (such as facilities).  The goals of any security administrator should be to establish and encourage a culture that maximizes the support of this mission.  To make a security culture a success in an organization four areas should be focused on: teambuilding, cultivating relationships, demonstrating values, and communicating effectively.

2. Building a team could help protect security information and should be a top priority.  In creating a companywide team it takes the pressure off the IT staff.  Members of different departments or business unites should volunteer to become the security contacts for their respective groups.  These employees provide security information and the team’s compliance directly to IT security.  The goal here is to make security a partner rather than an outside enforcer and to spot challenges before they blossom into crises.

3. Cultivating relationships with employees and instilling a greater sense of ownership in the security process.  It security units should conduct biweekly meetings with the security team members and provide training on how to handle sensitive data.

4. Demonstrating value with IT security personnel should prepare and deliver quarterly audits of all information systems to all department heads or company executive administrators.  Example- a detailed checklist similar to those used in the government audits.  These audits would list any training weaknesses, physical security controls, briefings, all paperwork completions, incident reports, outcome on any investigations, implementation of any new technology, etc.

5. Communicating effectively is viewed as one of the most critical elements in developing a good security culture.  In any company, security has to be brought on board as a member of the team within an organization or company and not as an obstacle.  A higher level of communication within an organization will help expand the knowledge about the entire organization.  A company can tell that it has succeeded in establishing an effective security culture when security attitudes and practices go from tolerance to an accepted daily practice. 

These are the basic steps to ensure that company security is successful.  They are important things for all companies ranging in size to think about regardless of the services provided.  Additional recommendations or comments are always appreciated.  Please email them to bdcon.net 

Jimmy Keith, President

Brand Protection Challenges: The Internet and Training

One of today’s’ biggest issues is, “Brand Protection.” One of the areas BD Consulting & Investigations, Inc. (BDCON) assists clients is in targeting brand abuses occurring on the internet.  BDCON, and our European partner, C3I Europe, along with other partners worldwide assist companies in trying to control these abuses.  Using information from multiple commercial sources, we provide our clients with up to date internet monitoring to help track, prioritize, and manage the online abuses.  The collected information is analyzed for relevant data and intelligence.  Based on the results of our analysis, we provide advice and strategies to minimize the affect of infringing websites, trademark infringement, diverted sales, grey market sales and counterfeit sales.  This is just a small part of what is occurring on the internet today and in the field of Brand Protection.

It’s your Company’s Name.  It’s your Company’s Brand.  It’s your Company’s Product and It’s your Company’s Money! “Don’t make it easy for someone to take advantage of your Company!”

How well a company protects their “Brand,” determines the success or failure of a particular product or the company itself.  One of the areas we are asked is where can we find up to date information on the protection of Intellectual Property and Brand Protection which is relevant and cost effective.  BDCON recommends to our clients, potential clients, and working partners is attending the High Tech Crime Investigation Association (HTCIA) 2011 International Conference & Training Expo taking place, September 12 through the 14, 2011, in Indian Wells, CA (near Palm Springs).  There will be labs presented by Blackbag Technologies, Guidance Software, Access Data, SANS Institute, Vere Software, Foundstone, Cellebrite, Infinadyne, Wetstone and many others.  In addition to the labs, there is an entire track on Intellectual Property Rights (IPR) and Brand Protection.  Other lectures offered include: eLegal, Information Security eDiscovery, Child Exploitation, Cyber Investigations/Forensics and more.  This conference will help strengthen knowledge of the above factors related to Internet Brand Protection.  For more information and registration go to www.htciaconference.org. BDCON staff will be attending the conference and are the organizers of the IPR Track.  Hope to see you there!

-Jimmy Keith, President

What is a high tech crime?

I just returned from the International High Technology Crime Investigation Association (HTCIA) Conference and Expo in Indian Wells, CA.  The conference was kicked off by our Key Note Speaker, Dr. Cliff Stoll, Astronomer and Author of the, “Cuckoo’s Egg.”  Cliff was his normal inspiring self and was able to bring into focus many of the issues facing those charged with investigating high tech crimes.  The fact that many of those issues were also present twenty five years ago, demonstrates that we still have much to learn.  Cliff has been a longtime supporter of the HTCIA and understands the challenges faced by investigators who have to investigate crimes involving new technologies.

While at the conference and in the months preceding the conference, our Marketing Representative Christa Miller and others asked for a definition of High Tech Crime.  Their reason for asking was to help focus marketing efforts for the conference and the organization.  After being involved in High Tech Crime investigations for more than twenty years, I hadn’t really considered the actual definition in many years.  After researching my library and the internet, I found the old definition used in 1997 to help justify the creation of California’s High Tech Crime Task Forces.  Here is that definition:

Definition. High-tech crime, as defined in this paper, means both crime against high-tech targets (for example, theft of computer components or high-tech intellectual property) and crime using high-tech means (for example, computer hacking to facilitate telecommunications theft). High-tech crime often involves violence, and high-tech criminals are often also involved in low-tech crimes, such as drug trafficking.

- California High-Tech Task Force Committee, Combating High-Tech Crime in California: The Task Force Approach, June 1997 by Ohlhausen Research, Inc.

This is the definition used by the five California Task Forces and much of the HTCIA to determine whether a particular crime fit into the category of “High Tech Crime.”

In July 2011, the HTCIA’s Strategic Planning Committee realized that the High Tech Crime definition still covered much of what their members did on a daily basis, but didn’t cover everything.  In 1997, digital forensics was called evidence recovery.  “Denial of Service” attacks were starting to become common and identity theft didn’t exist as a separate crime.  The world had changed, since 1997 and the HTCIA is changing to remain current.

Defining what a High Tech Crime is today is easy – defining what it will be in the future is something else.  In the late 1990’s, remarked and overclocked Intel processors were a major problem along with the theft of high tech components and counterfeiting of software.  Though they still occur today, technological improvements in manufacturing, distribution and awareness have reduced the problem for these areas.  Other areas continue to challenge law enforcement and industry investigators.

What will be considered a High Tech Crime be in the future?  In a recent editorial in Science News (SN: 9/10/11), the editor, Tom Siegfried, discusses the potential misuse of new technologies, “…, science’s advances in technological skill always bring with them the potential for misuse…”  When I read this editorial, it reminded me of conversations I had with Cliff Stoll and many others about how to stay current on new technologies.  The challenges for the HTCIA, law enforcement and industry investigators are being prepared for the abuses of new technologies and understanding enough about the new technologies to properly investigate the new type of crime.

Though some may disagree, a High Tech Crime investigator has to be a generalist.  That’s not to say that the investigator can’t have a specialty or an advanced degree in a particular science, but ongoing studies in multiple disciplines is a requirement.  These studies include reading Science and Engineering journals, research, further education and training conferences, especially in areas where the investigator has little knowledge.  By the statements above, you may wonder if I am saying that an investigator has to also be a researcher.  The answer is, “Yes.”  A successful investigator is almost always a researcher and a successful researcher is also an investigator.

The challenge for a High Tech Crime Investigator is how to stay current with new technologies which could be abused by a high tech criminal while trying to contend with employment, family and other social issues.  Though this may seem a huge task, it is a necessary one.  One way of addressing this challenge is the formation of investigative teams within a corporation or law enforcement agency.  The teams can be formal or ad hoc in nature, but would hopefully combine individual expertise in a particular area with other experts from different fields.  Coordinating a group such as this can also be a challenge, but I’ll leave that for another post.

In closing, I want to present HTCIA’s updated definition of a High Tech Crime.  It will most likely be rephrased or updated, but the important part is that the definition is a moving window which changes as new technologies are developed and allows for new opportunities for members of the HTCIA.

“High Technology Crime is any contemporary crime committed through the use of technology or against a technology.”

Types of investigators involved in High Technology crime Investigation may include the fields of:

• Bio Technology
• Pharmaceuticals
• Law enforcement
• Military, Cyber Warfare and Defense
• Scientists, Engineers and Researchers
• Incident response, Data Breach and Disaster Recovery
• Intrusion detection and response or IT Security
• Digital forensics or Forensic data recovery and eDiscovery
• Intellectual property theft (Trade Secrets, Patents, Trade Marks and Copyrights)
• Identity Theft
• Industrial Control Systems
• Transportation
• Food Production and Distribution
• Spam Prevention
• Fraud
• Drug or Human Trafficking
• Bio, Chemical or Cyber Terrorism or Other Terrorist Threat or Event
• Harassment or Stalking
• Cell Phone or Mobile Device investigations
• Malware investigations (Viruses, Trojans, etc.)
• Nano-technology

Tom Quilty

The Holidays and Counterfeiting

The holidays are upon us again, and it is one of the major seasons for counterfeiters to target unsuspecting consumers and corporations both here in the United States and Worldwide.  Consumers looking for a good deal on the latest products may search the web to find the latest or hottest products at the lowest price.  Unfortunately, many times they find what appear to be legitimate products offered at a very low price.  When the product finally arrives, the consumer realizes that the product they purchased is obviously a fake, does not work or quickly falls apart.  Many times, their first step is to call the legitimate company that manufactures the product to complain about the counterfeit product.  When the company tells the consumer that they purchased a fake and there is nothing they can do – the consumer is angry, with both the legitimate company and the company that sold them the fake product.  This affects a company’s Brand Image.

Legitimate companies use many strategies to protect their “Brand” from being associated with fake or counterfeit products.  Increased Brand Protection efforts before the holiday season help ensure that consumers have confidence in the legitimate products sold.   Generally, the more desirable the product, the more likely it will be counterfeited.  Consumer electronics, prescription drugs, automobile parts, aircraft parts, baby food, designer clothing and designer jewelry are all targets of the counterfeiters. Companies successful in protecting their brand usually have a dedicated or contract brand protection group that searches out and identifies those selling counterfeit products.  This information is used to target the individuals or companies with the goal of having them stop their counterfeiting activities.

Our recommendations for the holidays:
For Consumers:
A.   Buy from an authorized seller or dealer and after the purchase, keep the receipts and packaging to ensure that if the product is later determined to be counterfeit – they can contact the seller.
B.   If the product is the hottest on the market or a very desirable item – it should be selling close to the suggested retail price. The lower the price, the more likely it is counterfeit.
C.   Lastly – Buyer beware! If you buy counterfeit products, do not expect sympathy from the legitimate manufacturer.  They are in the business to sell legitimate products, not products purchased from unauthorized sellers.
For Companies:
A.   Prepare your customer service staff to deal with these complaints in a professional manner and try to gather as much information as possible regarding the purchase.
B.   Consider increasing your Brand Protection staff or contractor staff to identify problems before they become bigger problems.
C.   Plan how to handle product liability complaints arising out of a counterfeit purchase by a consumer.

There are more recommendations available, but we wanted to keep this short.  Feel free to contact our staff with any questions.  Happy holidays from the staff of BD Consulting & Investigations, Inc. We wish you all the best in the coming year.

Thomas Quilty

ICS Cyber Security Conference

Last week, I had the opportunity to attend the ICS Cyber
Security Conference in Suffolk, VA.  It
was almost standing room only with 140 attendees at the Virginia Modeling and
Simulation Center operated by Old Dominion University.  For Information Technology (IT)
professionals, it was an eye opener, especially the issues involved with
integrating IT networks with Operations Technology (OT) networks.

The attendees made the conference a success by openly
discussing the issues involved with ICS and how to secure ICS from Cyber
threats.  2/3 of the audience were
Industrial Control System (ICS) professionals from across the world who came to
the conference to share information regarding best practices in responding to
threats to Industrial Control Systems.
The remaining 1/3 was a combination of IT Professionals trying to learn
how to integrate IT and OT networks, Government agencies, educational
institutions and other professionals.

The key discussion of the week was Project Aurora and what
actions have been taken to defend our infrastructure against Aurora
exploits.  This was also a lively
discussion as to whether Aurora was actually a threat and if so, what can be
done to reduce the threat.  A step by
step explanation of Aurora, the physics behind why it works and the Idaho
National Laboratory video of Aurora in action helped the audience understand
why Aurora poses a threat.  Also
discussed was how to reduce the threat of an Aurora incident.

The last presentation of the conference was malware
infections of medical devices.  The
presenter showed how networked medical devices were being infected by several
different malware programs and how this infection could affect the operation of
the medical device.  Medical devices were
not designed to resist malware attacks.
This is an emerging problem that IT departments of hospitals have to
contend.  Overall, the conference was an
excellent source of relevant information and contacts.  Looking forward to next year!

Thomas Quilty, CEO, BD Consulting & Investigations, Inc.

ACFE Certification Course

This month Tom Quilty and I attended the Certified Fraud
Examiners (CFE) exam review course in Austin, Texas. This was a very rigorous
course comprised of 4 days of instruction, 10 hours of class a day, with a 125
question test at the end of each day.  The core material categories covered were law, investigations, fraud
prevention & deterrents, and fraud schemes & financial transaction
investigations. I have attended many courses over my 30 year career in law
enforcement and this was one of the best taught and organized classes that I
have participated in. The instructors presenting this class were interesting,
relevant, and were able to keep the students engaged through some very long
days.

The good news is that at the end of the week Tom and I both
passed the course and have received our CFE certification. The Association of
Certified Fraud Examiners (ACFE) offers an online prep course to prepare for
the class and final testing.  I took the prep course and feel it was worth the extra time and effort to prepare myself for the
final tests. I would highly recommend this course to anyone interested in
obtaining their CFE certification. In the short time I have been exposed to ACFE
it is quite obvious that this is a classy organization that sets very high
standards for their members and a definite asset for the industry of fraud
investigations.

Mike Mattocks, BD Consulting & Investigations, Inc.