News from 2014

Interhack news from the year 2014.

Computer-Aided Theft

Forensic computer scientist C. Matthew Curtin will discuss the theft of intellectual property with the Central Ohio Association of Criminal Defense Lawyers.

As more companies develop and manage proprietary information, the crime of theft becomes increasingly digital. In an engaging discussion of the theft of intellectual property Interhack founder C. Matthew Curtin will show how the owner becomes suspicious, how an investigation is undertaken, and how a civil case opens the way to criminal prosecution.

Steps taken in the process, limits of the data, and how to determine the difference between reasonable inference and understanding "with a reasonable degree of scientific certainty" get particular attention in Mr. Curtin's discussion of a hypothetical case with facts drawn from Interhack's Forensic Computing practice.

The discussion will conclude with lessons for attorneys, both in understanding what they need to know to verify their clients' representations, and in how to ensure proper assessment of investigators' work leading up to trial.

About Interhack

Interhack is the computer expert firm, with practice areas in Forensic Computing, Information Assurance, and Electronic Discovery. Based in Columbus, Ohio, and with engagements throughout North America, the firm has been working to understand and to explain data and computer technology for attorneys and juries since 2000. Applications of Interhack's work include white collar crime, possession and distribution of contraband, copyright infringement, trade secret misappropriation, and electronic record analysis and authentication. Interhack is online at web.interhack.com.

What To Do When (Not If) Data Breaches Occur

Interhack founder C. Matthew Curtin will discuss how to prepare for and respond to data breach incidents at the 2014 ILTA LegalSec Summit in Chicago.

Interhack founder C. Matthew Curtin, CISSP, will join a panel to present "What To Do When (Not If) Data Breaches Occur" at the ILTA LegalSec 2014 conference in Chicago on June 11, 2014 at 3:45 P.M.

When security threats emerge, quick response is imperative to contain risk and protect data assets. Often, the expertise and pace with which an event is managed can make as much media buzz as the data breach itself. Come walk through a mock data breach incident and see how well-defended law firms and corporate legal departments are those that prepare for the unexpected.

Downloads:
Four questions for every CIO.
PDF Incident Handling: When the Breach Occurs

The session will cover preparation, identification, containment, recovery, and follow-up. The panel discusses data breach incidents from the perspective of law firms, bringing the experience of Michael Santos of Cooley LLP and Andrey Zelenskiy of Dentons to the session. Using experience from his own practice in leading efforts to prepare for and respond to information security incidents, Mr. Curtin will focus his remarks on the later stages of the incident, the recovery and follow-up phases.

More information can be found on the session website.

About Interhack

Interhack is a computer expert firm formed in 2000 with a focus on information security and privacy. Today the firm has practices in Information Assurance, Forensic Computing, and Electronic Discovery, providing services to law firms, corporations, and government agencies throughout North America. Interhack helps organizations to prepare for and respond to unplanned events, whether driven by attackers, natural disasters, or litigation. More information can be found online at web.interhack.com.

Stopping Trade Secret Theft

When an employee leaves for a competing organization, how can the company be sure that their information remains safe? In this case study, we will look at one Ohio company concerned about its information being held confidential by an ex-employee. The ex-employee represented to the company and its attorneys that he did not and would not use the company's information. Examination of the ex-employee's activity raised concerns and through the process of litigation, the ex-employee's computer systems were produced for examination, resulting in the finding of the company's information in its competitor's systems. The process led to a change in testimony, and a federal judge's order preventing the ex-employee from competing with the company. The case study will discuss how companies can prepare for addressing these issues.

Interhack founder C. Matthew Curtin will present at the Infosec Summit in Columbus on May 5, 2014 on the topic of investigating and prosecuting the theft of intellectual property.

The presentation is a case study from Curtin's practice involving one Ohio company concerned about its trade secrets going to a competitor by way of a former employee. Forensic analysis in the context of an expedited legal proceeding helped to identify critical information that contradicted the former employee's statements to attorneys, testimony in deposition, and testimony in a hearing. Ultimately the court imposed a noncompete upon the ex-employee.

We will conclude the discussion with lessons on how companies can prepare to protect their intellectual property and how to address the security of their intellectual property.

About Interhack

Interhack Corporation is a computer expert firm with professional practices in Information Assurance, Forensic Computing and Electronic Discovery. Interhack helps its clients throughout North America to identify and to protect their assets through information security assessments, forensic analysis, and the development of formal opinion for use in legal proceedings. Interhack is online at web.interhack.com.

Cracking the Data Encryption Standard

Interhack founder Matt Curtin will present Cracking the Data Encryption Standard to the Open Source Club at The Ohio State University on April 24, 2014.

The Open Source Club will meet at Caldwell Labs Room 120 on the campus of The Ohio State University at 7 P.M. on April 24, 2014. Matt Curtin will discuss the first project in open research to break a message encrypted with the sitting US standard for data encryption, 56-bit DES.

While the effort was one of the largest distributed computing efforts undertaken and for the purpose of cracking cryptographic keys, the project changed the tone of public policy debates in the United States Congress and the policy of the Clinton Administration.

Curtin's presentation will discuss the technical, policy, and social aspects of a self-organizing group and the kind of power that can be brought to bear on problems through the use of the Internet as a platform. In addition to the material covered in his 2005 book, Brute Force: Cracking the Data Encryption Standard, Curtin will look at the effort retrospectively and in particular note how the 1990s Crypto Wars relate directly to the policy of the Bush and Obama administrations to use military surveillance targeting Americans at home.

About the Open Source Club at The Ohio State University

The Open Source Club is a student organization dedicated to the topic of open source software. Focus includes development of the community of open source software users and developers. Matt Curtin hosted the first meeting of the club in his University office and served as the club's first faculty advisor. The Open Source Club is online at opensource.osu.edu.

About Interhack

Interhack Corporation is a computer expert firm engaged by attorneys and executives to conduct technical operations and develop opinions using the best information that computer science can provide. The firm provides information security assessments, forensic computer and data analysis, and electronic discovery services for clients throughout North America. More information is available online at web.interhack.com.

When Cryptography Is Outlawed...

On April 8, 2014, Interhack founder C. Matthew Curtin will discuss the ethical implications of public policy and practice of cryptography at The Ohio State University (Computing Ethics, Philosophy 1337). Based upon his own experience during the Crypto Wars of the 1990s, Curtin will explore the relationship between the individual and the state as affected by the power to keep secrets.

On April 8, 2014, Interhack founder C. Matthew Curtin will discuss the ethical implications of public policy and practice of cryptography at The Ohio State University (Computing Ethics, Philosophy 1337). Based upon his own experience during the Crypto Wars of the 1990s, Curtin will explore the relationship between the individual and the state as affected by the power to keep secrets. Much of the story is available in Curtin's memoir, Brute Force: Cracking the Data Encryption Standard (Copernicus, 2005).

 

Abstract

Cryptography is a powerful tool to protect access to information. How does cryptography affect the balance of power between the individual and the state? When the state represents that it is protecting the interest of the people while simultaneously resisting the people's efforts to protect themselves, how can technologists demonstrate the problem they mean to highlight?

We will discuss the "Crypto Wars" of the mid to late 1990s over cryptographic policy of the Clinton administration, the rise of technologically savvy civil libertarians, and the demonstration that the Administration and intelligence officials misrepresented fundamental facts to the Congress considering legislation. We will also look back at the efforts and the results as they relate to the federal government's efforts to control information today.

 

About Interhack

Interhack is a computer expert firm, engaged by attorneys and executives to address problems and opportunities in security, privacy, and applications of computer technology and data. With clients throughout North America, the firm's experts perform security assessments, forensic analysis, and electronic discovery services in litigation, data breaches, and in support of corporate and government compliance efforts. More information about Interhack is available online at web.interhack.com.

Putting the Science in Computer Science: Applications from Boardrooms to Courtrooms

Interhack founder C. Matthew Curtin will discuss rigorous scientific analysis of computer data and technology at Franklin University with students in the Choose Ohio First scholarship program. Entitled "Putting the Science in Computer Science: Applications from Boardrooms to Courtrooms," Curtin's presentation will draw upon his practice as a consulting computer science to address pressing questions in high-impact situations.

(Columbus, OH)--On March 26, 2014, Interhack founder C. Matthew Curtin will discuss rigorous scientific analysis of computer data and technology for high-impact situations with Franklin University's Choose Ohio First scholarship program participants. Drawing upon his own experience as a consulting computer scientist, Curtin will identify opportunities to assess and respond rationally in the face of difficult situations.

In the first section, Curtin will introduce listeners to the world of litigation, where companies and individuals respond to court orders to isolate, collect, analyze, and present information. He will specifically discuss the role that his firm has in the process and what the firm expects from its employees. The discussion will focus on tactical considerations, the ability to get the job done under sometimes daunting circumstances.

Then he will look at the matter of data breaches. Companies suffering from data breaches are still drawn into high-profile and expensive measures for identifying, remediating, and reporting on attacks. How can companies effectively navigate their way through a world of uncertainty? Curtin will present his firm's research in the area that addresses the question of what is most likely to create a reportable breach incident on a per-industry basis.

Moving on, Curtin will discuss criminal prosecution and defense. How do police investigators, prosecutors, defense attorneys, and courts work their way through the data when the evidence and the data are electronic? Curtin will show how lack of care can lead to false conclusions that can have terrible consequences for the integrity of the legal system.

Finally, Curtin will show how the single standard of rigorous scientific analysis allows technologists to communicate more effectively with  nonspecialists to help impact decisions.

 About Interhack

Interhack is a computer expert firm founded in 2000. The firm supports clients throughout the United States in handling computer security incidents, building security programs, and developing expert opinions on technology and its meaning for matters coming to courtrooms and boardrooms. Interhack can be found online at web.interhack.com.

Windows XP: End of Life

10tv's Kevin Landers interviews Interhack's Brad Moore, CISA on Microsoft no longer providing technical support and security updates for the Windows XP operating system.

Columbus, OH—On April 8, 2014, Microsoft will no longer be providing technical support and security updates for the "Windows XP" operating system, which was released 13 years ago.

In discussing the topic with Kevin Landers of 10TV News, Interhack Technical Specialist, Brad Moore said that the security risk to users will continue to increase from this date. Moore indicated that the primary options available to users running Windows XP are to upgrade to a newer version of Windows, look at alternative operating systems with current support, or buy a new computer. 

Upgrading may seem to be the cheapest option, but there are challenges associated with making a change from XP. Many existing computers will not be powerful enough to run newer versions of Windows and there are financial costs associated with purchasing new systems as well as a time commitment to learning a new system.

When asked whether he thought that the risk to users of Windows XP will greatly increase on April 8th, Moore stated that he doesn't expect it to be like a switch being flipped but rather, the risk will continue to increase over time as the number of unfixed security holes in the system increases.

 

About Interhack

Interhack aids executives and attorneys facing challenges and opportunities involving the use of information. We perform security and privacy assessments, as well as services to work with data in legal proceedings. Our work is used to find the right questions to ask and the best answers science can provide. Additional information about Interhack is available at web.interhack.com.

The Cyberwarfare Threat

In an interview with Fox News, Interhack Founder C. Matthew Curtin discusses cyberwarfare capability of North Korea and other actors targeting the United States.

Computer security is no different from other security, asserts Interhack founder C. Matthew Curtin. Ultimately the question is how make the cost of an attack greater than its value to the attacker. "The threats are real and dismissing them is unwise," says Curtin in an interview for Fox News.

Curtin acknowledges that some argue that greater surveillance powers are the solution, hoping to develop an understanding of likely targets and how to address those concerns. Nevertheless, when deciding how to spend limited resources, whether to spend them on hardening targets or predicting targets is not an abstract question. "Money and time spent to build stronger infrastructure, capable of withstanding attack, makes everyone safer," says Curtin. "It improves security without incurring the cost of individual citizens' privacy."

Choosing how to address the threat is not a technical matter but a policy matter. "Do we improve security by sacrificing individual privacy and liberty so that government can monitor more and presumably respond, or do we improve security while strengthening individual liberty at the cost of the government's ability to monitor its own citizenry?"

About Interhack

Interhack is a computer expert firm founded in 2000. The firm supports clients throughout the United States in handling computer security incidents, building security programs, and developing expert opinions on technology and its meaning for matters coming to courtrooms and boardrooms. Interhack can be found online at web.interhack.com.

Computer Security: Is Anyone Safe?

If our largest companies and government agencies can have their information compromised, is there anything that individuals can do to protect themselves? Interhack Founder Matt Curtin discusses computer security with Kevin Wall "Live and Local" (Las Vegas) on the air.

There is no silver bullet that makes all security problems go away. We invest in computer systems to improve our productivity. We gain benefits from economy of scale and the ability to move information easily. We also take on risk, and from time to time we see failure. Sometimes that failure is in the exposure of information meant to be kept private. What can an individual do to keep safe?

In discussing the topic with Kevin Wall, host of "Live and Local" on KXNT Las Vegas, Interhack Founder Matt Curtin says that there are things individuals can do. "We have heard that there's no such thing as a free lunch," Curtin argues. "So when we're online it's helpful to remember that if someone is offering us something we need to understand its cost. That cost might include personal information. If we don't know the organization that wants our information it might be best for us to take our business somewhere we can trust. Secondly, just as our cars need to be fueled and to have oil changed and other maintenance performed, we need to do the same for our computers in the form of patches and anti-malware systems."

Ultimately the point of security is to make the bad guys need to put more effort into the attack than it's worth to them. Even the most determined attacker can't keep his black hat business going if it costs him $1000 to steal $1000.

About Interhack

Interhack is a computer expert firm with a practice area in Information Assurance, addressing issues of privacy, security, and regulatory compliance. We help companies to understand their security posture and to improve their ability to detect and to respond to incidents, whether their reporting ultimately goes to the boardroom or the courtroom. The firm's national practice is based in Columbus, Ohio, and has been serving clients since 2000. Interhack is on the Web at web.interhack.com.

About Kevin Wall "Live and Local"

Kevin Wall hosts KXNT’s Live and Local afternoon show, weekdays 3pm-6pm on 100.5 FM. Kevin provides the Valley a voice on the news and issues that matter most to Las Vegas and Southern Nevada. Tune in and join in the conversation at http://lasvegas.cbslocal.com/personality/live-local-with-kevin-wall/.

Cracking the Code at Hawken Middle School

C. Matthew Curtin, founder at Interhack, was a featured guest speaker at Hawken Middle School for Insights Week. Mr. Curtin was a part of the Science and Technology category in his lecture titled “Cracking the Code: The History and Science of Making and Keeping Secrets”.

Cleveland, OH- C. Matthew Curtin, founder at Interhack, was a featured guest speaker at Hawken Middle School for Insights Week. Mr. Curtin was a part of the Science and Technology category in his lecture titled “Cracking the Code: The History and Science of Making and Keeping Secrets”.

 

He told the middle schoolers how cryptography works and spoke about his early experiences with cryptography. Specifically, on his experience on the 1997 DES challenege in the late 90's when he helped lead a team to break an encrypted message with the then government standard for data encryption, referencing his book Brute Force.

 

Insights Week lets students pick engaging and innovative courses of interest to them from different categories. Throughout the week, real world experiences and inquiry will strengthened skills of collaboration, synthesis of information, and critical thinking. Hawken Middles school is known for it's educational excellence and innovative programming.

 

About Interhack 

Interhack aids executives and attorneys facing challenges and opportunities involving the use of information. We perform security and privacy assessments, as well as services to work with data in legal proceedings. Our work is used to find the right questions to ask and the best answers science can provide. Additional information about Interhack is available at web.interhack.com.