'At the sound of the beep, leave your spyware'
Associate director of Cyanre Bennie Labuschagne is one of a handful of internationally qualified cyber forensic analysts in SA. Labuschagne worked for the SAPS for seven years and has been involved in numerous high-profile investigations, including that of the arms deal.
Labuschagne says the same crimes have been perpetrated since the dawn of time; so modern-day criminals do not have new end-goals, but rather have entirely new methods of perpetration.
Modern-day criminals do not have new end-goals, but rather have entirely new methods of perpetration.Bennie Labuschagne, associate director of Cyanre
In terms of corporate governance, enterprises walk a tightrope of legal considerations. “The challenge is that, previously, all ICT was under the control of the employer,” says Labuschagne. “Now, employees are bringing their own devices and have their own expectations.” Labuschagne warns that if a corporate governance policy is not properly implemented for employee devices, the employer could face a fine of R2 million, should things go wrong.
Section 14(d) of the South African Constitution protects the right to privacy, including privacy of communications. “This begs the question then of what exactly can fall within the hands of the employer,” says Labuschagne, noting that there can be limitations on rights in certain instances.
One such instance is when circumstances entitle the employer to breach the employee's right to privacy. Such breaches may occur when there is consent (written or verbal), the creation of no expectations of privacy, and finally, necessity.
Labuschagne says that when it comes to computer and mobile forensic investigations, mobile devices pose some unique challenges. Mobile forensic investigations can be limited by a number of factors, including the type of device, backups, the time that has passed, passwords and encryption, as well as secure wiping.
Labuschagne says Cyanre is currently one of the only companies that have the technology to recover data from BlackBerry devices - this includes BlackBerry Messenger. Many investigations have actually not even required access to the phone itself when the device had been backed up to a PC.
According to Labuschagne, there is a 30-day window period in which deleted data may be recovered from a mobile device - thereafter, that data is unrecoverable. Labuschagne also advises employers to ensure they have access to employees' mobile PINs, because if a PIN is entered incorrectly too many times, the entire phone will be wiped and all the data will be unrecoverable.
Labuschagne also emphasised that, with the increased use of cloud services, it is important for employers to have a clear policy as to where employees may store data. “If an employee is allowed to save in an external cloud service, you may never know about that information.”
There are currently close to 8 000 mobile devices that Cyanre can conduct forensic investigations on, and Labuschagne advises companies to ensure that if they are deploying corporate issue devices, those devices are “the right ones” and that access to those devices is written into corporate policy.