eWatch CyberSleuth http://www.ewatch.com/pop_sleuth.html Wednesday, July 12, 2000 It is unfortunate that companies are being targeted by entities whose motives are fraudulent, deceptive or criminal. eWatch CyberSleuth will attempt to identify the entity or entities behind the screen name(s) which have targeted your organization. eWatch CyberSleuth includes a 30-day subscription to the eWatch All Coverage Bundle (except WebWatch) with the screen name(s) as the sole criteria. eWatch CyberSleuth requires 7 to 10 days to complete from the date of submission and costs $4,995 per screen name. 48-hour turn around is available for an additional $1,995 per screen name. Results will vary and cannot be guaranteed. Customers will receive a dossier detailing all information gathered about the subject during the inquiry. Click here to order. COUNTERACTING ONLINE ANTI-CORPORATE ACTIVISM While the Internet is in fact a new medium, based on our five years of experience in helping companies monitor the Internet, most of the old rules with respect to how we respond and react still apply. The biggest differences are that our actions are more public, the audience is larger and we're running in real-time. There are six major motivations for online activism. The same response methodology cannot be used for all of them. It is critical to understand the motivation or motivations behind online attacks in order to employ the correct response mechanisms. The six motivations include: Legitimate complaint. Behavior influencing (Environmental group targeting an oil company, etc.) Stock manipulation. Revenge. Mis- or dis-information. Fraud and extortion. Troubleshooting dubious postings need to happen on four fronts (what we call these the four C's): Classification Containment Communication Counteraction CLASSIFICATION Before troubleshooting, decide if action is warranted. Let's face it, there is a lot of awful content on the Internet about even the best companies. To take action on every occurrence is impractical. What are the key triggers that your company will use to prioritize and classify online threats? In our experience, other companies have used these standards, among others, for online threat assessment: Threats against the safety of employees. Threats against property (physical and intellectual). Decreasing sales. Lowering stock price. Affecting litigation. Affecting negotiations (labor, acquisitions, etc.). CONTAINMENT If the attack is prioritized for action, then containment is the next step. Containment is a two part endeavor focusing on (1.) Neutralizing the information appearing online, and; (2.) Identifying the perpetrators behind the postings, rogue website, hack, etc. Neutralizing information posted online, if appropriate, is the removal of the offending messages from where ever they appear in cyberspace. This may mean something as simple as removing a posting from a web message board on Yahoo! to the shuttering of a terrorist web site. The objective is to not only stop the spread of incorrect information, but ensure that what has already spread is also eliminated. Victims of verifiable libel and trademark infringement have a much easier time neutralizing Internet content in our experience. Non-libelous content but nonetheless incorrect or offensive content is less likely to be removed by 3rd party search engines, ISPs, etc. Identifying the perpetrators behind the action requires the kind of special expertise that we've assembled for out eWatch CyberSleuth product. Internet attackers attempt to cover their tracks by erasing identifying personal information from their postings, using anonymous remailers to strip off network information, posting under assumed names, etc. Identifying these perpetrators is done using a variety of methods such as following leads found in postings and web sites, working ISPs, involving law enforcement, conducting virtual stings, among other tactics. COMMUNICATION Depending on the scope of the event, it may become necessary to communicate to our key audiences about an incident that is occurring online. Our key audiences may include our employees, vendors, customers, prospects, regulators, beat journalists, financial analysts and investors (retail and institutional). The purpose of communicating with our key audiences is to signal that we are on top of the situation and have, or are working, to resolve it. When our key audiences are communicating in real-time, so must we. In certain situations, the lack of a response will be viewed as incompetence or worse, that there is in fact something to hide. As in other media, perception is reality. On the Internet, there are many communication tools at our disposal. We can post back to the message boards where the original postings appeared to give our side of the story, provide clarification or debunk it. We can email directly those we think were affected by the incident. We can use our own web site -- or set up a temporary micro site -- to address the situation in detail. Micro sites are useful for communicating a lot of information to a lot of people in a short period of time...especially journalists. For situations that are or have the potential to affect a large number people, companies are also using traditional media tools such as news releases and media relations that can reach outside the online world more effectively. Regardless of the method used, the targeted company has to evaluate these tools with great caution. What may appear to a company as a serious incident may in fact not be to its key audiences. By communicating even to a small audience we run the risk of creating a larger problem where one did not exist before. And on the Internet, it is easy for our adversaries to take our response out of context. Furthermore, when communicating with our adversaries directly, everything we send them will more than likely appear online. Depending on the situation, curt letters from corporate lawyers merely serve to bolster their claims. COUNTERACTION Based on the information that is learned about the perpetrator(s), and given the seriousness of the offense, the appropriate countermeasures are taken. These may include everything from simply exposing the individual online all the way to arrest. In some cases, the perpetrator is an employee of or contractor to the targeted company. In these cases, termination of employment is customary. Counteraction may also include closing loop-holes in computer networks or developing new security procedures to prevent a recurrence. For more information on eWatch CyberSleuth or to discuss a specific situation you may be facing, please email [EMAIL PROTECTED] or call 1-888-857-6842. ====================== *** NOTICE: In accordance with Title 17 U.S.C. Section 107, this material is distributed without profit to those who have expressed a prior interest in receiving the included information for research and educational purposes. Feel free to distribute widely but PLEASE acknowledge the source. *** -- Leftlink - Australia's Broad Left Mailing List mailto:[EMAIL PROTECTED] http://www.alexia.net.au/~www/mhutton/index.html Sponsored by Melbourne's New International Bookshop Subscribe: mailto:[EMAIL PROTECTED]?Body=subscribe%20leftlink Unsubscribe: mailto:[EMAIL PROTECTED]?Body=unsubscribe%20leftlink
