2. Executive Summary
White Hat H4ck3rz was contracted by M57.biz to investigatea suspected caseof Corporate Espionage. An image
of the client’s hard drivewas loaded into FTK Imager. After reviewingrelevant company E-mails and the
spreadsheet in question, we have come to the conclusion thatan originatinge-mail comingfrom Alison,(The
President of M57.Biz) to Jean, (the CFO of M57.Biz) requesting sensitivecompany information such as Name, SSN,
Position,and Salary of currentemployees and intended new hires.
3. User “Jean”has shownevidence of receivingnumerousspamemails,whichinturnstartedsending
spam to“Alison.” Thisisa classicexample of whatisknownasa computerthat isinfectedwithAdware.
Consequently,openingone of these e-mailsandclickingonthe linkwill infectanycomputersthatwere
targetedduringthe forwardingprocess.
We believe that Alison opened one of these emails and was infected, before askingJean for the company data.
4. This is an e-mail originatingfromAlison July 20th,askingJean for the company data. Jean replied with a
confirmation of the data included in a MS Excel document.
The excel document was actually created by Alison on 06/12/2008,and then updated and saved by Jean on
07/20/2008.
5. In Alison’s final reply you can see that there is a separate e-mail address of “tuckgorge@gmail.com” followingher
company e-mail. This is evidence of what is known as “e-mail spoofing”. A malicious3rd party disguised as Alison,
intercepted these transmissionsafter recognizingthe opportunity to sell this confidential data to one of M57.biz’s
competitors.
Company employees “Bob” and “Carol” were involved in attempting to uncover the incident,but we believe they
had no involvement in any illegal activity. Although they did not intentionally nor willingly participatein the
commission of this crime,the faultlies with Jean and Alison for improper storage and transmission of sensitive
company data.
