Ride the Lightning

LUCK, BE A LADY TONIGHT: PROPRIETARY DATA ONLINE

August 27, 2007

I spent a wonderful weekend at Atlantic City celebrating my stepson’s 21st birthday. To drink and gamble at the same time struck him as a wonderful rite of passage – and Lady Luck even sent him home $700 richer. Atlantic City is a strange place, immediately attested to by a gentleman (perhaps that’s the wrong word) who was walking down the boardwalk wearing a rubber penis where his nose should have been. There are some things you shouldn’t even try to speculate about.

The bad news about my weekend was that I lost money (surprise). The good news is that I can still pay the mortgage. Further bad news: My expedition to the casino, where I should have been happily losing money to the Wheel of Fortune machine, was deferred by a client emergency. The really good news: Luck was indeed a lady and the immediate crisis was solved with astonishing speed.

Speaking generically to protect the client’s identity, the situation was not uncommon. Someone, perhaps an employee, had taken the company’s proprietary data and posted it on a message board. In general, message boards are pretty helpful at removing such data once they are advised that the proprietary data could only have been obtained by an employee breaching their confidentiality agreement. Indeed, this board was prompt in removing the offending post once it was notified of the situation via e-mail, and the crisis was over. The message board was put on notice that it should preserve all information regarding the post and the poster as the company intends to pursue its legal remedies.

This brings up a frequently asked question: How do you find the source of such data leaks? Hopefully, you are logging Internet usage for the employees. If so, then it is a fairly simple matter to review the recent logs for access to the message board URL. Depending on the logging level, a search for the poster’s ID would be another approach. If the poster’s moniker is “geekster,” you look for that. You may need to look on local hard drives, which becomes complex if you have a large company and have no clue about the poster’s identity. Often, there is a group of key players so there can be targeted focus in the search. If you can come close to determining which machines may have been used for posting the proprietary data then a forensic technologist can analyze the Internet history of the hard drives to identify the exact computer and the user ID logged on at the time the posting was made.

Of course, it is always possible that the information was fed to a third party, and that there is no record on the company’s systems. In this case, companies frequently file a “John Doe” suit and then subpoena the message board, asking for all information available about the post (including the IP address it came from) and the identity of the poster (though not all message boards require genuine identifying information). The popularity of these “John Doe” suits is rising as companies seek to stem the tide of data leaks on message boards and blogs. So the crisis is over, the investigation begins, and I hope that Lady Luck, who deserted me at the casino, will stay with me through the investigation.

E-mail:   Phone: 703-359-0700