Who Is

watching out for you?

In today's world you need to understand a few more things...

Who Is

knocking on your virtual front door?

It could be someone down the block or from the Bloc

How and why a major telecom added forensic security

image of Yogen Appalraju

28-Feb-2013 - As the number of suspected breaches increases, forensics becomes more

important. Forensic investigators attempt to answer the questions...

    Was there a breach?
    What happened?
    What was taken?
    Were customers affected?

“And we need to know those answers in a court-approved manner,” said Yogen Appalraju, VP of Security Solutions, TELUS.  

“We’ve got a fairly comprehensive security practice at TELUS, and three years ago we entered into a partnership with forensic investigators Digital WYZDOM.

We had a very successful partnership, got to know them very well, and worked together.”

The evil people who write code with malicious intent are getting better at hiding their handiwork. So the natural progression was for a provider like TELUS to purchase a top-shelf forensic investigation firm and offer its services to customers.  

“Forensics has the tools to find who, what, where, why, and when,” said Daniel Tobok, Director, TELUS. “Attacks have become spoofed from international locations, and forensics is the tool to uncover those densities.”

On the external side investigators use court-approved tools like Encase and FTK for imaging and analysis... and Cellbrite for phones.

“We have some homebred internal tools we developed for dealing with these incidents, especially in cases we know are going to civil or criminal court,” Tobok said.

It’s not only the extractions of data using Encase or FTK that make a case... it’s also the intelligence and experience of those behind the keyboard conducting the investigation.

For example, a while back various law firms were targeted for working on a large M&A. Digital WYZDOM conducted investigation for a couple of the law firms involved, and assisted them with mitigating their risks.  

“What we see on a daily basis is the level of breaches has increased,” said Tobok. “In the old days it was only enterprises and government. Now everybody is being attacked. We’re seeing large criminal organizations, and sometimes state-sponsored.

Why are breaches on the rise? Is it because people are getting smarter?

“No, It’s because it’s easier,” Tobok said. “There are a lot of tools out there, and everybody can become a hacker or manipulate data. That’s a trend that’s going to continue to go up.”

On the surface it’s difficult to say what an attacker is after, especially when specific malware is used in a targeted attack. Upon examination it’s evident when sophisticated coders have developed the code.

In some case customers don’t even know they were breached.

“They might have something living in their systems for six months before they discover something is wrong,” said Tobok. “Nortel for example, were under surveillance for two years.”

At the next level, sometimes there is internal assistance in these attacks, to bypass the perimeter security. That assistance can be accidental as well as intentional.

With Kanuk investigators in short supply, Canadian firms have sometimes been forced to bring in USA experts. Under the Patriot Act, that opens up their data to inspection by USA border agents when the investigator returns south of the 49th.  

“We’re going to be the only national force keeping the data in Canada, which is very important,” Tobok said. “We also have a national presence in capabilities for forensics in this type of investigation. The plan is to take this new capability directly to customers. That includes government, health care, oil and energy, law firms, financial services, automotive – all of them require these services. These are our targets to elevate our presence in the market.”