Many times, our clients are flabbergasted after we conduct a very confidential TSCM sweep of their offices. When TSCM services are combined with digital forensics, the findings catch them by surprise.

It’s not uncommon for IT departments to be asked to monitor employee’s habits in surfing the Internet. Today with so much of the business world transacting business through the Internet, monitoring has been reduced to applying restrictions and developing Internet use policies.

What Sort of Investigation?

One C-level executive had a problem and contacted directly. He was a little uncertain about what he wanted.

There was a female admin who was giving him some weird vibes. So much so that he went to personnel to find out where she had worked previously because he was suspicious about the interest she was taking in a couple of the projects he was heading. The department she worked in was involved, but she had inserted herself into some of the meetings and he wasn’t sure why her presence was needed. He even mentioned it to the VP heading her division, but the VP just kind of shrugged it off with a vague answer.

Then, she would run into him in the halls and always try to initiate a conversation. He just felt something wasn’t right. One of the projects was about a new service that would be launched in a few months and he didn’t want it to be compromised. She had even sent him a few email correspondences – saying nothing in particular.

Another flag started waving when he told us he had run into her while out to dinner once and then another time shopping with his wife. We were alerted to potential corporate espionage, but there was also the possibility of her trying to insert herself into his life on a personal level.

We suggested the first step was to undertake some digital forensics, a base evaluation for spyware on both his phone and work computer.

The cell phone analysis didn’t reveal any mobile phone tracking software or evidence of cell phone spying. So we went on to conduct a computer forensic examination complete with spyware detectors. The first thing the forensic investigator did was make a copy of everything on the computer. Then with data mining software he started searching. Eventually he found what he was looking for; spyware had been attached to one of the emails the admin had sent him.

She had been getting access to whatever he searched, everything he wrote and sent out, everything he had received. The computer forensics investigation had hit pay dirt and spyware removal was started.

The question about why she did it wasn’t conclusively answered. The executive didn’t know exactly what she was after or what to do next. He made a point to the VP managing her area that he did not want her in any of the project meetings. But should she be confronted and could he have her released?

Our investigators suggested one more evaluation be done before he made any other moves. We suggested a bug sweep of his vehicle. At first he was confused, but we explained that with no spyware detected on his phone, one of the ways she could stay apprised of his whereabouts was through a GPS unit. A TSCM sweep would detect any electronic surveillance or tracking equipment – the GPS could be used as spy equipment for her.

He agreed, reluctantly, thinking her real motivation was nothing more than her trying to get business information. When the electronic bug detection turned up the GPS under his rear bumper, he was flabbergasted.

A quick look into her Internet use revealed even more.

He immediately contacted HR and the legal department. They brought her in and it was revealed that she was enamored with the executive. The entire situation was that she wanted a personal relationship. The executive was embarrassed, but decisive in his actions after that point.

is committed to getting the facts – all of them – so our clients can make good decisions.

-Brenda McGinley, CEO, All in Investigations, All in Investigations