Imagine that your teenager has downloaded file-sharing software to a home PC that you both share. Such programs can operate in the background to expose the entire content of your hard drive to a potentially hostile Internet, Johnson argues.
While firms such as Investigative Management Group or Corporate Resolutions Inc can perform forensic analyses of company computer systems, Johnson is positioning Elysium Solutions, based in McLean, Virginia, to investigate the much murkier world of peer-to-peer networking. He argues that this largely unknown realm of the online world will become increasingly important for corporate risk management.
Johnson, an attorney and an NCIS investigator for 10 years, launched Elysium Solutions to target private equity firms, along with service providers such as law firms and accountants. Partly, he acknowledged, he was taking advantage of personal acquaintances, but he said also that the buyout business, with its historical emphasis on privacy, made the industry an appropriate market for the firm’s services. “The private equity world is skittish about taking large risks. They always want to mitigate those risks.”
Only 30 percent of the Internet functions through the HTTP protocol, which defines the World Wide Web, Johnson said. The remaining 70 percent is the global file-sharing network, except this invisible Internet is not so much a single network as it is a group of shadowy domains.
Johnson offered the example of two international oil companies, which he did not name, negotiating the payment of several million dollars from one to another. An email was “spoofed” by an outside hacker who apparently had knowledge of the transaction, providing a change in payment instructions that appeared to come from the legitimate payee, he said.
“The money was sent to a new bank account and was lost literally into the Internet.” Once the transaction was completed, he added, there was no way to retrieve the misdirected funds.
In recent years, peer-to-peer software such as LimeWire, BearShare or Ruckus have proliferated. Like the music-sharing service Napster from years ago, such services provide file-sharing capabilities that are free and easy to use. Johnson said as many as 3,000 different applications exist to access the peer-to-peer world.
Such applications often feature an option that makes a user’s entire “My Documents” folder accessible to other users of the network, he said. For a network administrator who might have a spreadsheet of usernames and passwords, the results could be disastrous.
Even apart from “nefarious players” such as Wikileaks and Anonymous, or criminals who commit data theft at retailers such as Target Corp and Neiman Marcus with an eye toward selling the information, many participants in the peer-to-peer world sincerely believe that information should be free.
“The peer-to-peer world is built on the motivation to share information,” Johnson said. “In a corporate setting that could be really bad.”
Phone: (571) 455-4016