Businesses who track their website traffic would have noticed the tremendous growth in traffic coming from mobile devices over the past few years.
Mobile internet usage through smartphones and tablets is set to dominate, not just the preferred access to the internet by businesses and the general public, but also it has become the primary route for criminal elements to commit acts of fraud. Many police and intelligence agencies report that mobile phones and other mobile devices now impact virtually every case under investigation.
Blackhawk is frequently contacted by companies and individuals who have fallen prey to criminals who have, in one manner or another, managed to access the users phone for nefarious purposes. This can be as simple as hijacking the phone to send spam emails, or completely hijacking the phone as part of a more sophisticated identity theft or a crime that relies on a stolen identity.
Often, the phone users only clue that this has happened is when:
- the company’s IT department alerts them about excess data usage or notice unusual patterns of access to restricted files
- a rouge application is used to gain access to a company’s data through WiFi connectivity
- the police turn up on their door step
- they receive an extraordinarily high phone bill
- their service provider blocks their phone
- a financial institution contacts them about a suspicious transaction or a credit enquiry
In some of the worst cases, an individual’s phone is hijacked to use as part of an identity fraud that nets the criminals tens of thousands of pounds or access to sensitive company data for industrial espionage purposes.
How hackers have compromised our clients mobile devices
Within a mobile device, there are a variety of components that can be used to gather information about the user. For instance, it is not well known outside of security firms that the device used to track subtle movements of the phone, something used to detect the position of the device for gaming for instance, the semiconductor gyroscope can be used to:
- listen in to conversations – both as you speak and from your immediate environment
- detect typing and determine what you are writing, often to a high degree of accuracy
Trojan programs – malware can be used to send data from applications used or even further afford access to the local network.
Personal hotspots can be exploited to distribute illegal content. When traced back, the phone user is the person suspected.
These are just some of the ways a mobile device can be used against an employee and the organisation they work for, there are of course many, many more unpleasant scenarios which no one wants to fall victim to.
Blackhawk can help your organisation determine how these incursions and security breaches have occurred and either help gathering the evidence to use in prosecuting an offender or prove that they were an unwitting pawn in a criminal conspiracy to defraud or conduct espionage against a company.
At the heart of a computer forensics investigation is ‘process’. It’s absolutely critical that the forensic integrity of evidential data is preserved, otherwise it may prove inadmissible in legal proceedings.
We follow a universally recognised process to ensure the integrity of both the investigation and the data recovery procedure. Capture, Preservation, Extraction and Analysis. The final stage is the actual report and forensic evidence to our client.
In the case of mobile phone forensics, access to the device in question is critical, although in some cases, the activities or the applications themselves can be tracked and used to unmask the perpetrators.
Investigations and actions taken
Mobile devices are very powerful mini-computers. In the wrong hands, their latent capabilities as access devices can be exploited beyond their most obvious abilities. Luckily, companies like Blackhawk have advanced forensic analytics tools at their disposal. These tools allow Blackhawk to conduct detailed analysis of the processes running on a mobile device and the applications using them.
We are able to simulate suspected incursions by using similar models as that under suspicion, so that when we come to actually analyse the suspect device, we already have a very good idea as to how the event occurred. This allows us to direct our activities precisely, minimising time, but importantly, minimising the risk of damaging the forensic integrity of the data on the device and the processes and applications involved. This all assists in extracting accurate and usable evidential data.
In some instances, the act of reproducing the scenario that may have led to the breach may be all that is needed to prove that, for example, an employee was totally unaware of what was happening and was not the actual perpetrator of the criminal act.
Further Actions Taken
We have assisted clients educating their IT departments and employees as to the potential vulnerabilities mobile device pose to a sophisticated and valuable business operation.
Much like our Corporate security intelligence and risk assessment services, our mobile forensics teams can help companies prepare when employees travel overseas to countries where security is an issue and mobile devices are a hot target for sophisticated criminal elements.
Did you know, for instance, that the popular phone charging stations often found at airports, train stations and shopping malls can offer would-be hackers the chance to plant trojan horse malware on your mobile device within ‘one minute’ of being connected? Think about that for a moment, ideally in less than a minute, and talk to Blackhawk.