[email protected] · Strategic Security Consuling Humint Intelligence Risk Assessment Risk Percepion Risk Management Risk Governance Country Risk Report Travel Security Mariime Security

www.inside.agency [email protected]

INTELLIGENCE & SECURITY INVESTIGATIONS


SUMMARY

About Us

INSIDE Due Diligence & Compliance

GRC – Governance, Risk Management & Compliance

Reputaional Risk ManagementMonitoring Check

Compliance Check

Web Intelligence ReputaionProviders & Compliance Business InformaionLiigaion Invesigaive Report

INSIDE Invesigaions ItalyInvesigaion of Employee AbsenteeismInvesigaion into Corporate InidelityUnfair Compeiion Invesigaions

INSIDE Foreign IntelligenceCredit Risk Check

Dossier Due Diligence InvesigaionINSIDE Cyber Security

Services

INSIDE Digital & Mobile ForensicsMode of Delivery of the Service

INSIDE Electronic DebuggingAni-surveillance Intervenion Methodology

INSIDE Security

Strategic Security Consuling Humint Intelligence

Risk Assessment

Risk PercepionRisk Management

Risk Governance

Country Risk ReportTravel SecurityMariime SecurityExecuive ProtecionSecurity Driver

INSIDE Training

Shooing courses for Home DefenceSafety and Protecion in High-risk SituaionsStrategic Security and First AidSurvival in Hosile TerritoryIntelligence and Aniterrorism

1

2

3

3

4

4

5

7

9

10

10

10

11

12

12

13

15

16

27

28

31

32

37

37

37

38

38

38

39

39

39

40

40

40

41

41

41

41

42

42



1

ABOUT US

INSIDE gathers informaion, at a naional and internaional level, that is useful to companies for risk management, in

compliance with regulaions, professional ethics and corporate governance standards. The informaion is used to assess

the economic, inancial and reputaional risks of organisaions and individuals with whom the company may establish

business relaions.

This series of informaion allows strategies and techniques to be prepared to counteract the dangers inherent in various

market sectors (pharmaceuicals, automobiles, insurance, inance, government...), which can afect small businesses as

well as larger companies.

Reports can also be prepared on poliically exposed persons (PEPs), who hold or have previously held public oice, and

are therefore more exposed to the risk of commiing certain crimes, such as corrupion, bribery or money laundering.

INSIDE helps organisaions to know their business partners, guiding their acivity towards more informed decisions,

through a range of services that ensure regulatory compliance and fulilment of legal and audiing requirements

(regulaions of the Foreign Corrupt Pracices Act - FCPA, the UK Bribery Act, Ani-Money Laundering – AML controls, the

USA PARTRIOT Act and Countering the Financing of Terrorism – CFT controls); the research conducted - which can cover

all market sectors and any organisaion, regardless of its size - provides a thorough check on potenial business relaions,

highlighing any risks of corrupion arising from a geopoliical analysis of the case.

The reports provide all informaion on a company and its directors, aciviies, history, administraion, conflicts of interest,

inancial liabiliies, legal and judicial afairs (compliance risk), and reputaional risk. They also include veriicaion of

statements by the administrators, compliance with ani-money laundering (AML) rules, ani-corrupion controls, FCPA

and UKBA rules, sancions against Iran, and Internaional and US due diligence procedures.

INSIDE reports are generally recommended for veriicaion of inancial crimes, but are not limited to this: the research

by INSIDE provides a valid soluion in situaions of geopoliical risk (high-risk countries) regarding a transacion or

an individual involved in it, for supply chain and due diligence checks, before major investments such as mergers or

acquisiions, and for an integrated compliance programme.

INSIDE conducts the invesigaions itself, thereby maintaining a high level of quality and eiciency, with access to a large

number of operators located across ive coninents and speaking over 60 internaional languages; it also uses naive

speaker professionals, who can grasp language nuances that are oten incomprehensible to those outside of a paricular

culture. The informaion and “open source” data collected is abundant and of high quality, as the various sources used

are constantly updated with foreign oicial informaion.



2

Through these services, INSIDE supports its Clients in the assessment of the value and inancial health of potenial

business partners, as well as the professionalism of employees or candidates for employment, in order to allow an

aware and informed decision, and thus a posiive conclusion to transacions, avoiding economic risks and associated

inancial and reputaional damage. It is highly important to examine the proile of a company that may present risk

factors or operate in a dangerous environment (ensuring compliance with current regulaions: AML, KIC, FCPA), and the

professional and personal proiles of its directors.

The research aciviies are carried out by specialised staf (including former police oicers, journalists and professional

experts capable of uncovering the most hidden informaion), operaing both in Italy and abroad and including naive

speakers of the most widely used internaional languages.

The team employed consults a huge range of informaion channels, databases and public registers in various languages.

These are, however, public sources and, as such, accessible to anyone (therefore veriiable) and compliant with the laws

of the country concerned. They can be used to create a detailed proile of clients or business partners, and highlight their

records, properies, involvement in lawsuits and regulatory violaions.

In countries where the possibility of accessing certain types of informaion is limited, INSIDE integrates its Due Diligence

& Compliance Invesigaion dossier with indings from on-the-spot invesigaions.

INSIDE provides the requested reports with highly compeiive delivery imes and costs. They oten concern cases

involving maters of corrupion and money laundering, or preparatory invesigaions for operaions such as mergers, joint

ventures, acquisiions, private equity and investments in general. Given the large commitment in terms of movement of

capital in such transacions, due diligence aciviies to proile the paries involved become essenial.

The service therefore brings to light any risks involved in the transacions (inancial relaionships are oten not

consolidated, so there is no real knowledge of the other party), allowing the Client to address them in advance, thus

contribuing to their success or convincing him/her to reject them.

More speciically, the service allows informaion to be obtained on inancial and operaional track records, reputaional,

business and personal backgrounds, liigaion, inancial management, corporate problems, unrealisic expectaions,

liabiliies not reflected in the inancial statements and overstated proits.



3

This contains all informaion from external sources concerning legal eniies.

The focus of the assessment is the level of risk exposure of legal persons or eniies, and therefore that of their

representaives; a study is made of their operaional history (operaional risk) and background in terms of reputaion

(reputaional risk), economic condiions and compliance risk (legal-judicial afairs).

It also includes an indicaion of all the commercial afairs in which the enity has been involved over the past 5-10 years

(judicial proceedings, protests, bankruptcy procedures, and legal entries and registraions), asset veriicaions and, for

joint-stock companies, an analysis of the inancial indicators resuling from a comparison of the items in the recent

inancial statements.

The company’s public legal data is then supplemented by indings gathered on-site and indicaions from economic

operators in that speciic ield. The dossier concludes with a reliability assessment (an opinion on the credit that may

be granted).

The addiion of a new professional igure to its structure (for example, a new manager), is considered a major investment

for a company. A choice made too hasily, without the necessary precauions, could place a strategic role in the wrong

hands, with the risk, over ime, of major logisical and economic/inancial repercussions, as well as harm to the company’s

reputaion.

INSIDE provides senior management required to choose a new igure with a series of invesigaive aciviies, fully

compliant with the provisions of Art. 8 of Law 300/70 (Workers’ Statute), for assessing the suitability of the candidate.

More speciically, it ofers a “customised” invesigaive dossier on the individual and/or business partner, aimed at

determining their reliability as a partner for business relaions and/or professional and/or corporate assignments.

An examinaion is made of all the indicators of the individual’s competence and reliability, as well as informaion collected

on-the-spot concerning any detrimental business and/or personal aspects.

GRC - Governance, Risk Management & Compliance

Reputaional Risk management

Company Reputaion Dossier

Personal Reputaion Dossier

COMPLETION TIME

15/20 days

COMPLETION TIME

15/20 days



4

This service allows coninuous monitoring of a business (and its representaives) to verify any events that may afect

the Client’s commercial risk over ime, and promptly indicate their occurrence through an alert system that permits

immediate updaing.

This service allows you to check your clients, speciically verifying their inclusion in paricular

databases, indicated below:

COUNTER-TERRORISM LISTS

Lists drawn up by legislators and insituions from various countries;

ITALIAN ANTI-MONEY LAUNDERING LISTS

Containing more than 400,000 names of individuals and eniies involved in crimes of this type in Italy, in accordance

with the provisions of internaional law;

PIL LISTS

Containing the names of Local Italian Poliicians (regional, provincial and municipal);

INTERNATIONAL PEP LISTS

Containing more than 400,000 names of Poliically Exposed Persons from over 240 countries, ideniied based on the

ani-money laundering direcives of the Financial Acion Task Force (FATF) and relevant global legislaion;

LISTS OF ILLEGAL GAMBLING SITES

Indicaing redirect sites and internaional companies that own sites without authorisaion from the Autonomous

Administraion of State Monopolies (AAMS);

BLACKLISTS & WATCHLISTS

Containing the names of persons sought by naional or internaional invesigaion authoriies, such as the DIA, FBI

and Interpol, as well as governments, persons included in the lists of judicial authoriies or government agencies, and

persons served with orders issued by inancial authoriies, such as FINMA, or supervisory authoriies.

Monitoring Check

Compliance Check

Annual Monitoring of Customers & Suppliers

COMPLETION TIME

24H



5

There is no doubt about the beneits provided by the Web, paricularly for companies: it allows the disseminaion of commercial informaion so that products and services can be adverised or sold. Moreover, because the Internet gives a reliable percepion of reality, any business can analysis the informaion published online to assess how it is perceived by the market, and this can provide a strong compeiive advantage: companies can used online research to enhance their image in terms of markeing or to simply improve the quality and features of their products.

A NEW METHOD OF DATA ANALYSISA computer is a machine with ariicial intelligence and can therefore perform funcions and operaions similar to those of the human mind. In order to facilitate the analysis of texts, PCs would have to be given the capacity of study and interpretaion that individuals develop during their school years.

The data comprehension process involves analysis of a text on four diferent levels:

1) grammaical analysis: this allows a grammaical sense (verb, adjecive, noun, aricle...) to be given to each segment of the text, thereby removing lexical ambiguity;

2) logical analysis: this recognises the role that groups of words play within the text and answers quesions such as where? how? when? and who?;

3) semanic analysis: this allows a meaning to be assigned to the right syntacic structure and, consequently, to the linguisic expression, eliminaing semanic ambiguiies;

4) analysis of seniment: this allows the polarity of the content regarding an individual, a product or a brand to be determined (posiive, neutral, negaive).

Clustering techniques are then used to classify various types of comments into groups (e.g. complaints or suggesions), thus creaing new keys for interpretaion of the data.

KNOWLEDGE MINING: A NEW METHODOLOGICAL APPROACH

This new approach to the interpretaion of data consists of two phases:

1) a mining phase: examining relevant texts as if they were a mine to be explored;

2) a knowledge phase: idenifying the informaion of real importance and any connecions that were iniially hidden.

The approach involves the use of a crawler, sotware that analyses the content of the network methodically and automaically, placing it in an index: it then analyses all the data collected and subdivides it according to relevance and importance in order to understand its meaning. The importance of one item of informaion compared to another is not ideniied on the basis of certain keywords: everything depends on the contextualisaion of the informaion and its automaic comprehension.

The knowledge mining process, which allows the data online to be found and interpreted in terms of quality, quanity and reputaional seniment, can be summarised as follows:

Study of the context, in order to select data on the Web in line with the object of the search;

Exploring the web with a crawler: study of the content, separaion and classiicaion of what is relevant;

Interpretaion of content in terms of quanity and quality;

Decoding the polarisaion: evaluaion of data collected in terms of quality, through the recogniion of expected and unexpected results.

Web Intelligence Reputaion

Analyical Descripion

INTRODUCTION

•

•

•

•



6

Sources consulted: open sources (Internet, major search engines, social networks).

Output:

- Negaive: “No informaion of interest regarding the subject was found”.

- Posiive: a short collecion of the evidence found in graphical format with links to the source.

Sources consulted:

- open sources (Internet, major search engines, social networks);

- press records from over 4,000 naional and local newspapers published in a period of up to ten years (e.g. 2004-2014).

Output:

- Negaivo: “No informaion of interest regarding the subject was found”.

- Posiive:

• a collecion of the evidence found in graphical format with links to the source;

• a copy of the aricle/s and details of the publicaion.

Sources consulted:

- open sources (Internet, major search engines, social networks);

- press records from over 4,000 naional and local newspapers published in a period of up to ten years;

- detrimental factors of a conidenial nature from intelligence aciviies (combined with journalisic interviews, if available).

Output:

- Negaivo: “No informaion of interest regarding the subject was found”.

- Posiive:

• a collecion of the evidence found in graphical format with links to the source;

• a copy of the aricle/s and details of the publicaion.

• clear indicaions of the types of detrimental factors that have emerged.

Web Intelligence Reputaion

Level of Detail

SMALL Report

MEDIUM Report

LARGE Report

COMPLETION TIME

3/5 days

COMPLETION TIME

8/12 days

COMPLETION TIME

5/7 days

All the informaion collected in the report, resuling from the analysis of posts in blogs, forums, social networks and news aricles, is publicly available and, as such, is accessible to anyone.

NOTES ON THE CONFIDENTIALITY OF INFORMATION



7

suitable for assessment and ceriicaion of high-end partners and individuals external or internal to the company.

Oicial data, raing, score, payment experiences and check on negaive informaion (protests, detrimental aspects, bankruptcy proceedings) in a format that allows immediate ideniicaion of the areas of risk (company, representaives), together with details, where appropriate. Data on representaives and local units. The inancial statements secion is based on the last three years, both for the balance sheet highlights and the indicators. Market informaion and number of queries. Summary comment. For an agreed monthly fee, alerts can be received in the event of changes in the reliability assessment or the corporate structure.

suitable for assessment and ceriicaion of high-end suppliers, partners and franchisees.

Oicial data, raing, score, payment experiences and credit. For raing and score: industry comparison and trend analysis. Check on negaive data (protests, detrimental factors, bankruptcy proceedings) in a format that allows immediate ideniicaion of the areas of risk (company, representaives or partners), together with details, where relevant. Data on representaives, family history, partners, past joint investments, board of directors and local units. The inancial statements secion should be based on the last three years, both for the balance sheet highlights and the indicators. Market news, press releases, CIGS (extraordinary redundancy fund) and the number of queries. Media, crime and web reputaion. Analysts’ comments. For an agreed monthly fee, alerts can be received in the event of changes in the reliability assessment or the corporate structure.

suitable for assessment and ceriicaion of high-end suppliers, partners and franchisees.

Oicial data, raing, score, payment experiences and credit. All industry comparison and trend analysis data, geographical breakdown. Check on negaive data (protests, detrimental factors, bankruptcy proceedings) in a format that allows immediate ideniicaion of the areas of risk (company, representaives, ailiated companies, subsidiaries or partners), together with details, where relevant. Data on representaives, family history, partners, past joint investments, board of directors, past shareholdings and local units. The inancial statements secion should be based on the last three years, both for the balance sheet highlights and the indicators. Market news, press releases, CIGS (extraordinary redundancy fund) and the number of queries. Reputaion (media, crime and web) and online and oline seniment, intelligence context, analyical and predicive scenarios. Ideniicaion of buildings with maps and satellite photos, photo ideniicaion of the individuals, in-depth evaluaion by analysts based on intelligence sources. Possible invesigaive acivity on site.

Providers & Compliance Business Informaion

Analyical Descripion

STANDARD Report

PREMIUM Report

ADVANCE Report

COMPLETION TIME

1/3 days

COMPLETION TIME

5/9 days

COMPLETION TIME

12/16 days



8

Providers & Compliance Business Informaion

Levels of Detail

SecionOicial Data

Partners

Immediate ideniicaion of areas of risk

Balance Sheet Indicators

Credit

Local units

Partners

Number of queries

Ideniicaion of properies with maps and satellite photos

Score

Board of Directors

Representaives

Press Reports

Intelligence Context

Geographical subdivision

Balance Sheet Highlights

Informaion on Representaives

Analysts’ comments

In-depth assessment by analysts based on intelligence sources

Raing

Past joint ventures

Company

Market Informaion

Industry comparison and trend analysis data

Annual Financial Statements

Details of Risk Areas (where relevant)

Reputaion (media, crime and web)

Photo ideniicaion of individuals

Payment Experiences

Past shareholdings

Ailiates, subsidiaries

CIGS (extraordinary redundancy fund)

Analyic and Predicive Scenarios

Check on Negaive Informaion (Protests, Detrimental aspects, Legal Proceedings)

Consolidated Balance sheet

Family History

Online and oline seniment

Possible on-site invesigaive aciviies

STANDARD

Report

3

PREMIUM

Report

3

ADVANCE

Report

5



9

Liigaion Invesigaive Report

This service is recommended when a dispute arises and allows the debtor’s actual inancial and asset situaion to

be assessed before taking legal acion, which, in the event of conirmed desituion or other limitaions, may prove

unsuccessful.

The following data is provided for INDIVIDUALS: • Tracing of personal details and addresses• Search for newly listed telephone connecions in addiion to those already provided• Ideniicaion and conirmaion of work acivity (employee/self-employed/reired) • Informaion from inspecion• Veriicaion of the subject’s involvements in companies in Italy • Research into the individual’s shareholdings in joint-stock companies in Italy • Search for assets in the naional real estate register• Search for real estate on locaion• Tracing of registered cars/motorcycles • Check for disputes and detrimental aspects (Courts and Land Registry)• Bank References• Final assessment of recoverable credit

The following data is provided for LEGAL ENTITIES: • Legal ideniicaion of the enity through the General Register of Companies • Conirmaion of efecive operaion on site and/or tracing of any new locaion/s • Informaion from conidenial local sources • Search for newly listed telephone connecions in addiion to those already provided by the debtor • Registered residence and domicile of the legal representaive• Tracing of registered cars/motorcycles • Search for assets in the naional real estate register• Search for real estate on locaion• Search for contract awards• Search for disputes and detrimental aspects of other types concerning the enity and its

legal representaive, with relevant details• Bank references• Final assessment of recoverable credit

360° CREDIT RECOVERY INVESTIGATION

COMPLETION TIME

15/20 days

COMPLETION TIME

15/20 days

Informaion dossier containing the informaion provided from service “360° Credit Recovery

Invesigaion” and integrated with Financial Informaion originated from the acivity of Humint

Intelligence, that is from a gathering informaion from insitutes of credit, aimed at idenifying

eventual banking relaionships of individual or legal eniies searched.

360° CREDIT RECOVERY INVESTIGATION WITH FINANCIAL INFORMATION



10

Art. 2119 of the Italian Civil Code provides for the possibility of withdrawing from a contract “before the expiry of the

term, if the contract is for a ixed period, or without noice, if the contract is for an indeinite period, if a cause arises that

does not allow the coninuaion of the relaionship, even temporarily”.

Oten, however, employers experience great diiculty in assering their rights in the absence of real and documented

evidence.

INSIDE conducts targeted invesigaion aciviies to ind and document all evidence that can be used to legiimise

the dismissal of an ofending employee, paricularly with regard to ideniicaion of the causes of absence and/or

opportunisic behaviour incompaible with the employment relaionship, to demonstrate:

• Whether employees are performing two jobs;

• Whether the employee’s sick leave is genuine or to be considered unjusiied;

• Whether parental leave, regulated by Law no. 104/1992, or trade union leave has been taken for genuine reasons;

• Whether employees in temporary redundancy are working for other companies and receiving hidden earnings,

in circumvenion of the law.

Inidelity in the workplace has its legal basis in Art. 2105 of the Italian Civil Code, according to which “the employee

may not conduct business, on his/her own behalf or that of third paries, in compeiion with the employer, nor divulge

informaion concerning the company’s organisaion and producion methods or use it to the detriment of the company”.

Current legislaion is therefore aimed at protecing companies against any kind of paricularly disloyal aitude by

employees or partners that could harm the company or place it at a disadvantage, such as acts of corporate espionage

and/or sabotage and/or otherwise professionally improper acts by partners or directors.

In cases of suspected corporate inidelity, INSIDE iniiates a series of invesigaion procedures concerning the partner or

employee aimed at highlighing and documening all behaviours considered improper and harmful to the company and

which violate the above-menioned obligaion of professional loyalty.

Invesigaion of Employee Absenteeism

Invesigaion into Corporate Inidelity



11

Cases of unfair compeiion and counterfeiing of products/brands are becoming increasingly common occurrences in

Italy, due in part to the unregulated growth of Asian countries, paricularly the People’s Republic of China, which place

products in our markets with disregard for all internaional standards.

It is worth clarifying that according to the Italian Civil Code (Art. 2598), without prejudice to the provisions concerning

the protecion of brands and patents, “acts of unfair compeiion” are perpetrated by whoever:

• uses names or idenifying characterisics likely to be confused with names or logos used legiimately by others,

or slavishly imitates the products of a compeitor, or performs acions with any other means likely to create

confusion with the products and the acivity of a compeitor;

• disseminates news and assessments of the products and acivity of a compeitor that can bring them into

discredit, or appropriates qualiies of the products or business of a compeitor;

• directly or indirectly uses any other means inconsistent with the principles of professional propriety that can

damage the company of another.

Ater careful analysis of the case, INSIDE will implement a series of invesigaion aciviies combined with expert opinions

aimed at verifying the occurrence of unfair compeiion and/or counterfeiing of products that has caused damage

inancially and in terms of image to the company that owns the trademark and related know-how.

Unfair Compeiion Invesigaions



12

In the current business scenario, characterised by serious misconduct such as corrupion, money laundering and fraud,

it is essenial for companies to subject their suppliers and business partners to greater scruiny, not only for reasons of

reputaion, but also in consideraion of the potenial economic damage they may incur.

Therefore, to enable its customers to “cerify” their suppliers, INSIDE ofers global screening services: it collects and

veriies all useful and relevant informaion about third paries and assesses the main risks, using the latest technology,

which can integrate data collected in the due diligence process, and creaing points of contact between the Client’s

internal staf and that of INSIDE.

This is all done in the strictest compliance with ani-corrupion regulaions and those of the various industrial sectors,

of which the professionals involved in the research acivity have expert knowledge.

This service allows prompt access to all the main legal informaion on foreign companies and also provides a

comprehensive overview of their economic, inancial and administraive situaion.

It is provided in English, with Italian provided on request, and is available worldwide. Algorithms and proven evaluaion

systems are applied to determine the risk level of the company examined, together with a maximum recommended

credit limit.

The informaion in the foreign report is obtained through cross-consultaion of oicial public databases in foreign

countries.

The service is provided in oline mode throughout the world, with a speciic quotaion depending on the country

concerned.

With regard to the advantages obtained, it allows informaion to be gathered on foreign companies that is otherwise

diicult to obtain, together with risk and solvency indicators.

Credit Risk Check

COMPLETION TIME

Normal 12 days Urgent 5 days Flash 3 days



13

INSIDE’s intelligence acivity is capable of detecing risks in business and interpersonal relaionships at a global

level, and possible risks regarding business dealings due to past events with which those concerned are associated;

the data collected is used to compose highly detailed proiles.

Due diligence control provides organisaions with a safeguard against reputaional and inancial damage. It allows

background checks to be made on individuals or eniies worldwide to provide companies with greater knowledge of

their business partners, thanks to specialists based around the world who speak more than 60 languages (including

naive speakers, familiar with linguisic nuances that are oten impercepible to those outside the culture of a given

country).

The focus is varied: checks on corrupion or money laundering, preliminary veriicaions for transacions such

as mergers, acquisiions or joint ventures, checks on supply chains, due diligence checks on agents, consultants,

distributors and immigrant investors (tax residence applicaions), on individuals connected with high-risk countries,

on high-net-worth-individuals...

The invesigaions cover more than 240 countries, with hundreds of agents acive 24 hours a day, 7 days a week.

The research also covers individuals or eniies included in all lists of groups subject to sancions, watchlists, and

lists of supervisory authoriies and law enforcement agencies regarding maters of inancial crimes, terrorism and

organised crime in general.

Cases oten arise of people already involved in criminal proceedings but not yet convicted, and the reputaional

damage that may result can be even more harmful than any inancial sancions imposed on them as a result of

breach of compliance obligaions.

The research aciviies also meet the due diligence requirements of the KYC (Know Your Customer), AML (Ani

Money Laundering), CFT (Countering the Financing of Terrorism) and PEP (Poliically Exposed Persons) procedures.

The informaion collected and contained in the dossier, which is coninuously updated and subject to quality control,

is of public origin:

• global media (over 100,000 sources);

• data from local and internaional public records;

• speciic sources for each country and industry;

• data sources in foreign languages;

• data stored in our databases;

• global compliance informaion sources;

• informaion that is publicly available but diicult to ind;

• negaive reports from internaional media;

• around 400 lists of groups and individuals subject to sancions, watchlists and lists compiled by supervisory

authoriies and law enforcement agencies (INSIDE invesigaions oten idenify persons at high risk even

before they appear in the oicial lists).

Due Diligence Invesigaion Dossier



14

The data is analysed in detail, separated and matched together (oten a huge amount of data has to be processed)

through advanced screening procedures and accurate search processes, and subjected to strict quality controls. This

allows compliance processes to be simpliied, saving costs in terms of ime spent resolving diiculies, and thereby

acceleraing the pace of operaions.

Some funcions are provided that allow speciic informaion to be obtained for AML and CFT screening aciviies:

• penalies in real ime: this is a soluion for compliance with payment procedures; it allows bodies that

carry out checks on ime-sensiive cash transfers to obtain updated informaion on penalies;

• Iran Economic Interest (IEI): this allows companies to track customers, employees and business partners

in general, in order to detect the risk of breaches of trade sancions against Iran;

• Country-check intelligence: this provides global informaion on economic, poliical and criminal aspects

in support of AML due diligence aciviies;

• IHS mariime vessel data: reveals the idenity, ownership structure (current and historical) and locaion

of vessels and details on all sea-going, self-propelled merchant ships of 100 GT and above;

• US SAM (System for Award Management): provides informaion on organisaions that are either

restricted or prohibited from doing business with the US government.

The dossier provides a complete risk overview: informaion on organisaions, their properies, directors, links with

poliics and organised crime, and conflicts of interest.

It is drated in English within a short ime period (10 to 15 days) and at a limited cost (since INSIDE is personally

involved in its preparaion).

The service is provided in tabular format: the tables facilitate understanding of the informaion and assessment of

the risks involved; the links through which the data was collected are also given to allow veriicaion.

As a conclusion, a summary sheet and business intelligence secion can be provided.

The methods used are geared towards total discreion: the individuals covered by the research are not aware of the

ongoing invesigaions.

The more speciic reports include:

• ani-money laundering (AML) compliance;

• veriicaion of statements by administrators;

• ani-corrupion checks and veriicaion of compliance with the ani-corrupion laws in the USA (FCPA)

and the UK (UKBA);

• sancions against Iran;

• Internaional and American due diligence. COMPLETION TIME

15/20 days



15

INSIDE’s Cyber Security Division is aimed at combaing computer crime and provides assistance not only in support

of law enforcement aciviies but also to companies.

Atenion to Informaion Security is increasing rapidly,

since it is impossible to think of managing business

aciviies today without the help of computer systems,

which are now essenial tools in the producion processes

of companies.

It is therefore important to ind professional help for

defence against computer atacks that could seriously

threaten your most important asset: your know-how.

INSIDE’s Cyber Security Division can detect the level

of vulnerability of your systems and perform a careful

diagnosic analysis to idenify the appropriate steps for

ensuring the safety of your informaion property.

The main objecive of the INSIDE Cyber Security Division, with its experience acquired in the industry, its high quality

and safety standards, and the support of its highly qualiied technical staf, is to analyse and strengthen the security

of your company’s IT infrastructure, for which it has developed a series of speciic services.

Ater each acivity, the INSIDE Cyber Security Division issues a report containing details of all the operaions carried

out and providing all the necessary soluions for the total security of your company.



16

The services ofered by the INSIDE Cyber Security Division are designed to achieve the following objecives:

VULNERABILITY ASSESSMENT AND MITIGATION• Assessment of the strength of the security system in use• Ideniicaion of known vulnerabiliies• Implementaion of countermeasures

PENETRATION TEST

• Assessment of the strength of the security system in use• Ideniicaion of the weaknesses of the plaform through a simulated atack

WEB APPLICATION PENETRATION TESTING• Ideniicaion of vulnerabiliies in web applicaions• Resoluion of the problems detected

THREAT DETECTION & ANALYSIS• Ideniicaion and analysis of hosile hardware or sotware devices

ETHICAL HACKING• Ideniicaion of the exposure risk of the computer system to hosile technological and/or human

events

CODE REVIEW• Detecion of vulnerabiliies in the source code

SECURITY EVALUATION• Assessment of the security level of hardware and sotware applicaions, processes and plaforms

IT RISK MANAGEMENT• Ideniicaion of risks from corporate IT investments• Deining strategies to govern them

SECURITY AUDIT

• Accurate ideniicaion of vulnerabiliies in the computer system• Increasing the capacity for assessment of the risks it contains

HIGH LEVEL SECURITY CONSULTING• Provision of advice on computer security issues

The following secion of this document describes the methods used and the characterisics of the acivity carried

out, together with the procedures followed regarding the delivery of the inal report to the Client.

1. AREA OF INTERVENTION

The intervenion requested will focus on the technology structure used by the Client, namely:• the computer system• internal and external infrastructure• networks• hardware/sotware devices• web applicaions used by the Client

Services



17

2. METHODOLOGY

The INSIDE Cyber Security Division has a group of experts specialised in the ield, with a series of internaionally

accredited ceriicaions.

More speciically, it carries out its professional acivity in the strictest compliance with the following standards:

• ISO/IEC 19011:2003 – Guidelines for quality and/or environmental management

• ISO/IEC 20000-1:2005 – Service management – Part 1: Speciicaion

• ISO/IEC 27002:2005 – Code of pracice for informaion security management

• ISO/IEC27004:2009 – Informaion security management – Measurement

• ISO/IEC 27005:2008 – Informaion security risk management

• BS25999-2:2007 – Business coninuity management – Speciicaion

• COBIT v4.1 – Control Objecives for Informaion and related Technologies

• OSSTMM v3 – Open Source Security Tesing Methodology Manual

• OWASP Tesing Guide v3 – Open Web applicaion Security Project Tesing Guide

• CC v3.1 – Common Criteria

• CEM v3.1 – Common Methodology for Informaion Technology Security Evaluaion

• ITIL v3 – Informaion Technology Infrastructure Library

• PCI-DSS v2.0 – Payment Card Industry Data Security Standard

• Basilea2 – Internaional Convergence of Capital Measurement and Capital Standards

• SOX of 2002 – Public Company Accouning Reform and Investor Protecion Act

• Legislaive Decree 231/2001 – Administraive liability of legal persons, companies and associaions

without legal personality

• Legislaive Decree 196/2003 – Personal data protecion code

• Legislaive Decree 262/2005 – Protecion of savings and regulaion of inancial markets

• Legislaive Decree 81/2008 – Protecion of health and safety in the workplace;

Image 1. Main internaional standards



18

2.1 METHODOLOGICAL REFERENCES

2.1.1 OSSTMM

2.1.2 OWASP

The OSSTMM (Open Source Security Tesing Methodology Manual) is a ceriicaion

provided by ISECOM (the Insitute for Security and Open Methodologies), an internaional

community for research and collaboraion on security, established in January 2001.

It is a peer-reviewed methodological approach used in the ield of computer security

systems and is based on performing security tests and analysis on infrastructure and IT

assets to arrive at veriied facts; these facts provide useful informaion in measurable

terms for the improvement of operaional security.

The use of the OSSTMM standard, in compliance with relevant regulaions, allows the

achievement of consistent and repeatable results, providing an understanding of the

countermeasures to be implemented, the extent to which the system is exposed to

possible atacks, and therefore how to achieve maximum security.

The OWASP Tesing Guide is a framework for tesing the security of applicaions and

network infrastructure developed by OWASP (The Open Web Applicaion Security

Project), a non-proit foundaion whose aciviies are centred on the producion of

resources, aricles and material related to informaion security issues.

OWASP has compiled a classiicaion of the security threats considered most criical:

• SQL Injecion

• Broken Authenicaion and Session Management

• Cross Site Scriping

• Insecure Direct Object Reference

• Security Misconiguraion

• Sensiive Date Exposure

• Missing Funcion Level access Control

• Cross Site Request Forgery

• Using Components with Known Vulnerabiliies

• Unvalidated Redirects and Forwards



19

2.2.1 PROACTIVE SECURITY SERVICES

Through the services of the INSIDE Cyber Security Division, we can assess the vulnerability of your systems and perform

careful diagnosic analysis to determine the appropriate measures to ensure the security of your informaion property.

PENETRATION TEST

The Penetraion Test is a service for assessing the security of a system or network through the simulaion of an external

or internal atack by a threat agent. The aim is to highlight the weaknesses of the plaform, providing the greatest

amount of informaion on the technological vulnerabiliies that have enabled unauthorised access: it essenially involves

puing ourselves in the shoes of the hacker, who exploits detected vulnerabiliies to obtain informaion required for

access to the computer infrastructure.

VAM – VULNERABILITY ASSESSMENT AND MITIGATION

The Vulnerability Assessment and Miigaion (VAM) method adopted by the INSIDE Cyber Security Division consists of a

series of non-invasive aciviies aimed at evaluaing the efeciveness and strength of the security systems used by your

company, and idenifying known vulnerabiliies in case of a cyber atack. These iniial intervenion phases are followed

by the adopion of countermeasures aimed at improving the security of your systems.

VAM should be implemented in various stages throughout the year, since the technology is constantly developing, as

are the tools used to atack systems.

The INSIDE Cyber Security Division develops the following levels of VAM:

• Database: our analysis focuses in paricular on the DBs mostly commonly used by companies (Microsot SQL

Server, Oracle, SYBASE Server, etc.). The assessment is done using highly sophisicated tools and sotware,

and includes an automaic scan of these databases to idenify and analyse weak points that are prone to

atack. All companies “store” their business informaion in these types of databases, which, being constantly

reorganised for beter use, are exposed to atacks by paries with malicious intent, such as compeitors.

• Telephone Network: an atack on a telephone network is commonly known as ‘war dialling’. It is a frequently

used form of computer atack, as the telephone network is more vulnerable due to the presence of bugs.

The atack involves automaic scanning of an enire telephone network, including switchboards, modems

and telephone equipment.

2.2 MODES OF DELIVERY



20

WEB APPLICATION PENETRATION TESTING

With the advent of e-commerce, companies are increasingly using the web to promote and sell their products and/or

services. The INSIDE Cyber Security Division conducts prevenion and safety aciviies on all the web applicaions used

by companies.

The process involves scanning and monitoring all the secions of the web applicaion, with paricular atenion to areas

protected by usernames and passwords, which, when entered, allow access to the services ofered through HTTP or

HTTPS protocols.

The work involves the following security ields:

• Scanning of sensiive data sent via the applicaion and exposed to risk of intercepion by malicious paries,

through an examinaion of the HTML code, scripts or other informaion that can be obtained through

debugging mechanisms;

• Thorough analysis of interacive ields between the applicaion and the user to idenify any gaps created by

(in)voluntarily input;

• Authenicaion procedures;

• Resoluion of issues related to a speciic session, such as imeouts, logouts, hijacking, logins using unveriied

addresses, etc.

• Validaion and alterability of data;

• Execuion of commands in unexpected areas of the applicaion, for example, through speciic SQL strings,

which can lead to the direct manipulaion of the database, with the possibility of acquiring, modifying and

deleing stored data;

• Incorrect or inappropriate interacions with the operaing system (shell escape).

THREAT DETECTION & ANALYSIS

Through its Threat Detecion & Analysis procedure, the INSIDE Cyber Security Division can detect and analyse any hosile

hardware or sotware devices (such as viruses) that are potenially capable of damaging or exporing sensiive data in

computer systems afected by threats.

ETHICAL HACKING

Ethical Hacking consists in the simulaion of an internal or external malicious atack, depending on the type of exposure

risk ideniied in the computer system, and includes human as well as technological aspects, for example, the Social

Engineering method.

Social Engineering is a series of psychological techniques used by a Social Engineer to deceive the recipient into

performing certain acions (such as issuing access codes, or opening malicious atachments or site containing diallers,

etc.).

The atack includes an iniial phase, known as footprining, consising in the collecion of informaion about the vicim

(e-mail address, phone numbers, etc.) and the subsequent assessment of its reliability. Once the vicim has fallen into the

trap, through the false sense of conidence induced by the Social Engineer, the computer system can then be accessed

and violated.



21

No paricular computer skills are needed to perform this acivity, as knowledge of the person’s psychology is suicient

(normal computer intrusion tools may already have been tried, unsuccessfully): the Social Engineer exploits certain

impressions of the vicim, such as guilt, innocence or ignorance.

CODE REVIEW

Through its Code Review service, the INSIDE Cyber Security Division detects vulnerabiliies in source code, thus limiing

the costs due to producion of the program.

The acivity consists of an iniial analysis of the applicaion, using tools to simulate execuion of the code and detect any

vulnerabiliies that may be present. A second phase searches for vulnerabiliies that may not have been ideniied in the

iniial analysis.

SECURITY EVALUATION

For its Security Evaluaion service, the INSIDE Cyber Security Division uses highly skilled technicians working in a

laboratory environment to evaluate the safety levels of hardware and sotware applicaions, processes and, plaforms

by idenifying any vulnerabiliies that are present and implemening exising security procedures.

IT RISK MANAGEMENT

Through its IT Risk Management process, the INSIDE Cyber Security Division ideniies risks (vulnerabiliies, threats, etc.)

due to corporate IT investments (Risk Assessment) and deines the best strategies for governing them (Risk Treatment),

thereby increasing the level of security required by IT infrastructure.

SECURITY AUDIT

The Security Audit service provides a technical assessment of an organisaion’s security policy based on a combinaion

of Penetraion Tesing and Risk Assessment aciviies. It basically involves accurate ideniicaion of vulnerabiliies in

the computer system through precise opimisaion of the execuion of technological checks, thereby strengthening its

risk assessment capacity.

HIGH LEVEL SECURITY CONSULTING

The specialised staf of the INSDE Cyber Security Division ofer consuling services on any computer security issues that

may not be covered by the services described above.



22

2.2.2 ATTACK VECTORS - for the Penetraion Test and Web Applicaion Penetraion Test services

The Cyber Security Division uses the atack vector technique – of which there are several, depending on the device for

which the service is intended – to simulate the aciviies of a threat agent that accesses an IT system in an unauthorised

manner.

Some of the atack vectors used are listed below:

• Infrastructure: IP, VPN, Wi-Fi, SCADA, etc.

• Applicaions: Web, Database, Client-Server, etc.

• Telephony: PBX, RAS, APN, BlackBerry, VoIP, etc.

• Others: Human, Physical, Video Surveillance, Biometrics, etc.

In some cases we prefer to run tests from a privileged posiion, using standard access credenials, to evaluate the

possibility of circumvening the authenicaion and authorisaion mechanisms in use.

Firewall

Wi-Fi

Modem

www

e-mail

FTP

Blackberry DataBase

PBX

VOIP

LAN

DMZVPN

Internet

web

Remote

User

Remote Site

Domain

Telephones

Image 2. Main atack vectors



23

2.2.3 APPROACH

The approach developed by the INSIDE Cyber Security Division, always geared towards the assessment of the security

level of the Client’s IT infrastructure, operates in blind mode, through the simulaion of a “blind” atack, i.e. without

knowledge of the implementaion details of the infrastructure.

2.2.5 DENIAL OF SERVICE

This project does not include tesing for Denial of Service (DoS) atacks, unless speciically requested by the Client. These

consist of malfuncions due to cyber atacks in which the resources of an IT system providing a service are deliberately

exhausted so that it is no longer able to provide the service.

2.2.4 TOOLS

The INSIDE Cyber Security Division uses the atack tools most commonly used in the market or those developed by the

Security Advisory Team, included in the categories listed below:

• Vulnerability Scanning (Nessus, NeXpose, OpenVAS, etc.)

• Network Scanning (Nmap, Unicornscan, Singsing, Arp-scan, Ike-scan, p0f, etc.)

• Web Tesing (Burp suite, Zed Atack Proxy, w3af, Skipish, Nikto, etc.)

• Wireless Tesing (Aircrack-ng, Kismet, Karmetasploit, etc.)

• Phone Tesing (Minicom, WarVOX, Ward, THC-SCAN, etc.)

• Packet Forging (hping, Scapy, VoIP Hopper, Yersinia, ISIC, Netcat, etc.)

• Network Sniing (Wireshark, Cain & Abel, Etercap, etc.)

• Password Cracking (John, Rcrack, fgdump, THC-Hydra, Medusa, etc.)

• Exploitaion (Metasploit framework, Exploit-db, private exploits, etc.)

Zero-day exploits, computer atacks that are paricularly harmful to the integrity of a website and the proper funcioning

of an internet node, may also be used, but only at the Client’s explicit request.

Only proprietary hardware and sotware is used, and at the conclusion of each project a saniisaion procedure is carried

out to delete any data remaining from the operaion.



24

3.1 Preparaion of the aciviies

In the iniial phase of the project, the Security Advisory Team has to interface with the Client to gather all the informaion

required for the task and to arrange the schedule and intervenion method for each paricular security operaion.

3.2 EXTERNAL WEB CHECKS - for web applicaion penetraion tesing

The purpose of this acivity is the analysis of web applicaions, using a range of various technologies (ASP.NET, PHP, JSP,

etc.), to test the security of the applicaion components and prevent any threat agents from the Internet from gaining

access to sensiive data possessed by the Client.

3.3 EXTERNAL IP CHECKS - for Penetraion Tests

The purpose of this acivity is to analyse systems exposed to threat from the Internet in order to assess the security of

the overall network infrastructure and prevent unauthorised access or removal of conidenial informaion.

3.4 INTERNAL IP CHECKS - for Penetraion TestsThe purpose of this acivity is to analyse the systems on the Client’s private network to assess the security of the ove-

rall network infrastructure and prevent unauthorised access or removal of conidenial informaion.

3. ACTIVITY PLAN

Firewallbrowser DataBase

Server

Application

Server

Web

Server

Application Application Database

Protection ofSensitive Data

Manipulationof Parameter

Sessions and Cookie

Authenticated User

User

Threat

Agent

User Authentication

Input Validation

Exception Generation

Secure Configuration

Encryption or Hashing of Sensitive data

Recording andAudit of Activity

Protection ofSensitive data

Encryption or Hashing of Sensitive data

Image 3. Architecture of a web applicaion and security measures



25

A series of informaion is given below regarding the inal document delivered to the Client at the conclusion of the

project.

4.1 TEST REPORT

On compleion of all the aciviies, the INSIDE Cyber Security Division issues a strictly conidenial report containing

details of all the operaions carried out and the necessary soluions for the total security of your company.

The document consists of two levels of analysis:

• Execuive Summary: an introductory secion that provides the Client with a broad overview of the main

informaion on the security level of the structure examined, together with an indicaion of the risks ideniied,

foreseeable damage and the measures to be taken to resolve problems;

• Technical Report: the true inal document, containing a technical descripion of the operaions performed,

the criical aspects detected and details of the measures to be implemented.

The graph shows the ime taken to provide the requested services.

The aciviies described in this ofer shall be carried out at the INSIDE headquarters or, in the case of an agreement

between the paries in this regard, on the Client’s own premises.

4. DELIVERABLE

5. DELIVERY TIMES

Activity Week 4Week 1 Week 2 Week 3

Organisation of activities and Project Management

External Web Checks

Follow-up check

Presentation of results



26

The INSIDE Cyber Security Division includes highly specialised experts with a range of awards and ceriicaions for

security tesing that vouch for their technical and professional competence and ethical values:

• CISSP (Ceriied Informaion System Security Professional)

• CISA (Ceriied Informaion Security Auditor)

• CISM (Ceriied Informaion Security Manager)

• OPSA (OSSTMM Professional Security Analyst)

• OPST (OSSTMM Professional Security Tester)

• OWSE (OSSTMM Wireless Security Expert)

• GCFA (GIAC Ceriied Forensics Analyst)

• ITV3F (ITIL Foundaion v3)

• ISFS (Informaion Security based on ISO/IEC 27002)

• ISO/IEC 27001:2005 Lead Auditor (various schemes)

• PCI-QSA (Payment Card Industry Qualiied Security Assessor)

• PCI-ASV (Payment Card Industry approved Scanning Vendor)

6.1 SENIOR SECURITY ADVISOR

This igure has ive years of technical and organisaional experience in the ield of security and thus possesses the

necessary requirements to idenify the work acivity and plan the strategies that the customer needs.

He/she possesses thorough knowledge of the security services and procedures to be implemented for the soluion of

all security problems; thanks to these skills and constant updaing, he/she is able to intervene dynamically in training

and research aciviies.

6.2 SECURITY ADVISOR

This igure has three years of technical and organisaional experience in the ield of security. He/she is capable of assising

the Client in the choice the services to be carried out to ensure company security; he/she directs the aciviies of the

Security Expert and plays an acive role in training and research projects.

6.3 SECURITY EXPERT

The Security Expert, with two years of technical and organisaional experience in the ield of security, has developed the

capacity to ofer advice and assistance, and provide support for the work of the Security Advisor. He/she is regularly

involved in updaing and research aciviies.

6. PROFESSIONAL FIGURES



27

INSIDE ofers professional IT and technology services, skilfully combining considerable advanced business skills with

proven experience in the recruitment and training of its specialists.

To provide the best possible support to its Clients (companies and lawyers, as well as private individuals who feel the

need to monitor their children more closely), INSIDE has brought together the best experise in the ield of security in

a special ranges of services known as IT Security.

The Service Line operates throughout Italy; the area of intervenion of the INSIDE Forensics Division is described below:

Forensic Analysis and Incident Management (FOR-SEC): INSIDE’s intervenion in this area is normally in response to

errors, accidents, intrusions or legal acion. The advice provided covers forensic analysis of digital media, secure deleion

of data, the recovery of data from damaged digital storage media and the deiniion and implementaion of technological

processes and procedures for proper incident management. The staf that operate in this ield hold GCFA and GCIH

ceriicaion (SANS ceriicaions) and follow the guidelines laid down by the US Department of Jusice for the seizure

and preservaion of digital crime evidence.

Intervenions can be carried out on a series of devices:

• computers and storage devices - Computer Forensics;

• electronic devices that use mobile technology - Mobile Forensics: mobile phones, smartphones, tablets and

SIM cards, of any make and model;

• “closed” equipment - Embedded Forensics: game consoles, skimmers used for the cloning of credit cards,

PDAs, organisers, Mp3 players, databanks and closed circuit systems;

• Internet - Network Forensics: e-mail; social networks (Facebook, Linkedin, Twiter, MySpace...), data

exchange systems (FTP, Peer to Peer...), VoIP (Skype is the best known), Virtual Private Networks (VPN);

• sotware - Sotware Forensics: sotware illicitly possessed and marketed with a signiicant economic return

for the perpetrator; encrypion sotware, pirated video games; sotware designed to bypass security systems

(password cracking).

The Service Line not only manages INSIDE’s own experise, but also provides for the coninuous training of its consultants

and clients, with speciic events ranging from seminars to safety courses organised internally or externally. The Service

Line also includes SANS instructors who can give specialised courses with ceriicaion accredited under standard ISO

17024, such as perimeter security, incident management and web applicaion security.

INSIDE considers it essenial for the staf of the Service Line to be part of the development and innovaion in the ield

of ICT Security, with acive paricipaion on the boards of SANS, OWASP and OSSTMM, as well as internal development

projects ranging from advanced forensic analysis of digital signals to the deiniion of analyical systems for digital fraud

prevenion (pre-crime).



28

INSIDE provides its Clients with its own experise in the ield of IT security, and is commited to the providing speciic

consultancy through its own IT Consultants for the execuion of the following forensic analysis aciviies, with

provision of documentaion:

• Forensic analysis of the content of the Client’s phone to detect any malicious sotware direcing calls to

unauthorised numbers or at higher rates;

• Data recovery from digital media (deleted data and/or hidden data) on devices owned by the Client and

transfer of the data to an external device (USB - CD ROM).

The analysis of the informaion extracted from the device will be based on keywords provided by the Client (names,

addresses, phone numbers, etc.) and the consultant’s experience in responding to any quesions raised by the Client.

Please note that the Client is required to provide all necessary informaion to ensure access to the device to be

analysed (e.g. passwords, PIN numbers, etc.). If these are not known, INSIDE will apply analysis and/or acquisiion

methods that may not, however, be exhausive or complete.

1. DATA RECOVERY INTERVENTION METHODOLOGY

INSIDE’s Forensics Division is able to handle all data losses caused by human error, sabotage or events of various

kinds.

During the data recovery process, the IT personnel work on the broken or malfuncioning device or disk with the aim

of temporarily restoring its funcionality and extracing the data. The extracted informaion is then reconstructed

and saved in a format accessible to the user.

• Prognosis: once they receive the damaged data storage media, the IT Consultants of the INSIDE Forensics

Division begin the prognosis (technical analysis) phase to idenify the problem and understand which

iles can be recovered. When this analysis is completed, the Client is provided with a list of recoverable

iles, including a descripion of the state of integrity of each one.

• Data Recovery: once the restoraion of the recoverable iles has been authorised, the data recovery

phase begins, ater which the iles are stored on the Client’s external backup media.

• Data Resituion: the backup media with the recovered data is sent to the Client by express courier. To

ensure greater security, the data is encrypted and the password is sent by e-mail.

Descripion and Mode of Delivery of the Service



29

2. FORENSIC ANALYSIS INTERVENTION METHODOLOGY

We describe below the sequence used by the INSIDE Forensics Division for carrying out data analysis aciviies, from

the assignment of the task to the inal report:

• Ideniicaion: to begin with, all potenial sources of data that can provide valid evidence presentable in

court are ideniied and an appropriate work plan is devised.

• Acquisiion: digital data should never be accessed without proper tools and procedures, due to the

risk of invalidaion or inadmissibility of the evidence presented in court. Digital informaion is fragile

and can easily and/or inadvertently be altered by unqualiied persons, even merely by switching on the

device on which is stored. The intervenion methodology used by the INSIDE Forensics Division ensures

that the data is acquired without any alteraion and/or damage. A duplicate forensic copy of the data is

made and its integrity is checked using hash funcions. All the operaions are adequately documented

to ensure a proper chain of custody.

• Extracion: INSIDE works on the forensic copy acquired to extract the data and informaion contained

in this perfect copy of the storage medium under analysis. Our extracion process ensures the recovery

of deleted iles, hidden iles, temporary iles, ile fragments and other informaion stored on various

devices such as personal computers, servers, mobile phones, smart phones and navigaion systems.

• Data analysis: once the informaion has been extracted, it is analysed to reconstruct the aciviies

carried out with the digital device. A inal report is then prepared containing all relevant informaion,

which can be used for internal appraisals within the company or in court.

3. TOOLS USED

The INSIDE Forensics Division uses the best professional equipment available.

Forensic copies are made using professional equipment that is ceriied and accredited for legal use.

The tools we mainly use include the following:

• LOGICUBE FORENSIC FALCON: for making forensic copies of hard disks;

• UFED: for the extracion and analysis of data from mobile devices;

• CAINE and SLEUTH KIT - AUTOPSY: for analysis of the data;

• Other tools similarly recognised and established in the ield of forensics.

The exclusive use of sotware tools alone, however, is not suicient to obtain a saisfactory result, which also

requires the signiicant experience and knowledge of the staf assigned by INSIDE to use them. For this reason,

careful and thorough manual checks are also carried out to assess the vulnerabiliies found and detect any further

security breaches.



30

4. DOCUMENTATION DELIVERED TO THE CLIENT

On compleion of the analysis aciviies, the Client is provided with two separate documents containing the

informaion recovered from the devices that were analysed, and the complete analysis procedure that was

performed, to ensure the repeatability of the analysis.

The documentaion is provided on standard INSIDE document forms, or on templates provided by the Client,

without prejudice to the possibility of the structure being modiied by INSIDE staf to provide the most complete

documentaion possible of the analysed material.

5. SERVICE PROVISION LOCATIONS

The aciviies described above shall be carried out in the forensics laboratory at the INSIDE headquarters, according

to the work plan agreed with the technical manager assigned by the Client.

The aciviies shall be carried out using laptop computers owned by INSIDE, on which all of the tools used shall be

installed and duly licensed. These computers shall also have updated anivirus programs and personal irewalls.

6. DELIVERY TIMES

The aciviies shall be completed within 15-20 working days (unless scheduled otherwise).

This ime schedule may be changed based on decisions taken while the aciviies are in progress and raiied during

project progress meeings.

7. CONTROL STRUCTURE

The aciviies of the INSIDE Cyber Security Division technicians are supervised by a Service Line Manager who is

exclusively responsible for the aciviies, has sole authority to receive all formal communicaions from the Client and

is delegated to paricipate in the project control phases.



31

INSIDE believes that the protecion of

corporate data is vital for the development

and growth of your business; being able

to protect your projects, the names of

your customers and suppliers, and your

producion and markeing strategies means

having an edge over your compeitors.

Our electronic debugging services can

be requested by anyone with a suspicion

of being spied on, whether privately or

professionally, or by those who simply wish

to ensure their privacy.

The INSIDE Electronic Debugging Division provides individuals and companies with electronic debugging services for

oices/premises through the use of highly professional digital/analogue equipment.

Our staf, on call 24 hours a day, can quickly reach any locaion, whether in Italy or abroad, and are constantly

updated on legal and regulatory developments and ani-surveillance techniques.



32

The intervenion procedure followed by the technicians of the INSIDE Electronic Debugging Division complies with

internaional standard procedures, and ensures efecive bug sweeping and the ideniicaion of any surveillance

devices.

It is recommended to carry out site and phone bug sweeping operaions periodically, or at least whenever privacy

concerns arise.

Ater an iniial inspecion, together with a representaive of the Client, performing an external radio frequency scan

and a visual check on the outer perimeter, the staf of our Division then begin the debugging, which involves the

following operaions:

• Installaion of measures to block bugs, GPS trackers and microphone capsules, if necessary;

• Analysis of frequencies from 10 kHz to 6GHz;

• Thermal imaging analysis of the spaces and objects to be cleared: thanks to this type of innovaive

analysis, the locaion of the most sophisicated bugs that are diicult to detect can be determined;

• Infrared analysis to detect laser microphones and/or micro-cameras;

• Inspecion of all objects with unusual features;

• Inspecion of PCs and mobile phones;

• Removal of detected devices, if agreed;

• Final meeing with delivery of the report on the aciviies carried out.

The intervenion procedure consists of a passive search phase, using the equipment at our disposal, to inadvertently

idenify any surveillance systems in the area/device inspected, and an acive and physical search phase, which

allows inaccessible places to be examined to trace any hidden devices.

If requested by the Client, the INSIDE Electronic Debugging Division technicians are able to install security seals on

false ceilings, juncion boxes, raised floors, etc.

Ani-surveillance Intervenion Methodology



33

1. SOME EXAMPLES OF SURVEILLANCE DEVICES

• Spy sotware, for monitoring aciviies on a PC, and spy phone sotware, for monitoring aciviies on

mobile phones;

• Audio/video bugs, easily hidden anywhere;

• Laser microphone, enables remote listening and can detect sound vibraions through glass;

• Micro digital audio recorder, can be concealed anywhere, even in a vehicle;

• GPS detector, installed on the inside or outside of a vehicle to provide the posiion of the vehicle in real

ime and can track the route taken, including stops;

• GPS detector and audio bug, for satellite tracking and transmission of conversaions from inside vehicles;

• Phone tapping;

• Audio/video recorders, can be concealed on the person talking to us.

2. DETECTION EQUIPMENT

The staf of the INSIDE Electronic Debugging Division use highly professional equipment to idenify, locate and

remove any kind of listening device that threatens your privacy.

OSCOR GREEN SPECTRUM ANALYSER

OSCOR Green was designed to idenify illegal signals, perform inspecions for communicaion systems, analyse radio

frequency (RF) emissions and invesigate misuse of the RF spectrum.

The OSCOR Green Spectrum Analyser can scan all frequencies from 10 kHz up

to 24 GHz in less than a second, enabling rapid detecion of hidden electronic

transmiing devices in a room or a vehicle.

This highly professional equipment has numerous possibiliies of use, but the

OSCOR Green mainly allows the following:

• Analysis of the electromagneic spectrum from 10 kHz to 24 GHz in less

than a second, capturing more than 2,000,000 data points per second;

• Three hours of coninuous use, allowing the clearance of large rooms

and/or industrial structures;

• Rapid ideniicaion and locaion of any type of RF transmission.



34

CPM-700

The CPM-700 is a professional device designed for detecing and locaing all major types of electronic devices used

in surveillance operaions, including radio frequency bugs, micro-cameras, GSM micro-bugs, video transmiters,

micro-recorders and laser direcional microphones.

Devices such as the CPM-700 are important and efecive

tools for professional counter surveillance teams, government

security personnel and private ciizens with security needs.

The CPM-700 is highly efecive for the rapid detecion and

locaion of transmited signals.

Mulifuncional Interfaces

Probes can be used to detect RF transmiters (audio and video) and inducion transmiters on electrical circuits and

the phone systems. There are also probes to detect infra-red transmiters and recorders.

Wideband coverage

From 200Hz to over 3GHz.

Monitor Mode

During bug sweeping, the monitor mode (silent or audible) warns of possible remote control devices.

Auxiliary audio input

This allows users to listen to telephones or test unknown wires that can conceal wired microphones in the cable

ducing of their homes or oices.

MDS-4001

The MDS-4001 is a highly professional device designed to detect and

locate electronic equipment used in surveillance operaions, such

as radio frequency bugs, micro-cameras, video transmiters, micro-

recorders and direcional microphones.



35

RAKSA

The RAKSA iDet Selecive RF Detector allows you to idenify and locate a

wide variety of radio transmiters normally used to gain unlawful access to

conidenial informaion in a given area.

Below is a list of some of the devices ideniied by RAKSA:

• Mobile phones of GSM 900/1800, UMTS(3G), CDMA 450 (453-458

MHz), UMTS 900 standards

• Cordless handsets

• Bluetooth and Wi-Fi devices

• Wireless video cameras

• Radio transmiters (AM, FM, PM, FSK, PSK, etc.)

Thanks to its compact size, the device permits the utmost discreion.

CAM-105

The CAM-105w is an essenial device for preliminary analysis of areas to be swept

for bugging devices. This instrument detects GSM (2G), UMTS (3G) and 4G (LTE)

mobile phones, smartphones, GPS, SMS communicaions, streaming video on 3G/4G

frequencies and Wi-Fi & Bluetooth devices.

The CAM-105W is designed to detect and locate transmissions from devices based

on mobile telephony modules, such as mobile phones, PDAs and smartphones, GPS/

GSM tracking bugs and concealed 3G/4G wireless cameras.

It can be used to check for hidden devices in rooms used for conidenial meeings, examinaion halls, hospitals or

prisons, and to locate hidden tracking devices in vehicles.

The CAM-105W also has a separate 2400 Mhz band detector to deal with the fast-growing threat from Wi-Fi/

Bluetooth/video devices. The detected signal is analysed by complex algorithms to determine its nature and type.

The wireless detecion mode (2.4 Ghz) records the last 24 hours of acivity, which can then be viewed later for more

detailed analysis.



36

THERMAL CAMERA

The thermal imaging camera is a special camera sensiive to

infrared radiaion that takes thermographic pictures and video.

Once the radiaion has been measured, it provides temperature

maps of exposed surfaces, which are oten used for scieniic or

military purposes.

Thermal imaging cameras can measure the temperature of

each individual point of the image examined, ater entering the

temperature and emissivity parameters in the instrument (or the

image analysis sotware during post processing).

The device rapidly “reads” the energy value stored by each pixel and generates an image of the object observed,

either in black and white or false colours.

This allows us to unmistakably disinguish all technical devices hidden in inaccessible places, such as crawlspaces,

plasterboard walls or any other space suitable for hiding an audio or video micro-bug.

The possibility of comparing data from the ordinary equipment used in electronic debugging allows us to idenify

and locate any type of device used for audio and video surveillance with absolute certainty.

The INSIDE Electronic Debugging Division reserves the right to use whatever equipment it deems most suitable for

each paricular case.



37

Today’s global economic environment makes it essenial for every company to face security issues.

INSIDE’s Security Division team, highly skilled and able to act quickly in every part of the world, provides the appropriate

means to prevent potenial risks for a company and idenify and consequently manage crisis situaions that may be

met, thus ensuring resources and infrastructures security.

INSIDE’s Security Division provides customised services (based on business goals or risk protecion) related to the

safety of goods and resources involved in business processes, thus providing the right business strategy on risk control:

efecive data protecion considerably contributes to the safe conduct of producive aciviies and, consequently, to the

company’s success.

Strategic consuling services for security allow for knowledge and assessment of the level of compliance with the

regulatory framework; it will also allow you to analyse and manage physical, logical, organizaional and business

coninuity safety risks and improve informaion security processes.

This is an intelligence acivity consising in collecing informaion through interpersonal contacts and, therefore,

informaion provided by human sources (e.g. conversaions with people who possess or are able to access relevant

informaion: observaions from refugees or war prisoners; informaion on maters speciically known by the contact

person; news concerning interpersonal relaionships and interest networks).

Humint is a bulwark in the ield of espionage and in obtaining informaion, which may be performed by contacing a rival

company’s employee or unrelated subjects who, nonetheless, may be able to easily access data of interest.

When a new case is assigned, the Humint analyst working in INSIDE’s Security Division irst locates the desired informaion

goal, then assesses the candidate’s loyalty and propensity to treason in order to trace a full proile (all subject’s features,

such as character, ideology, behaviour, habits and social context, are taken into account).

An essenial preliminary acivity for Humint’s informaion gathering is the selecion of sources, their precise ideniicaion

as well as the subsequent cross-check of collected data.

Strategic Security Consuling

Humint Intelligence



38

It helps determine quanitaive and qualitaive risks arising from potenial sources of danger, in probabilisic terms,

by mapping your security device (deined as the set of technologies, people, processes and infrastructures used for

security), by evaluaing each analysed area and analysing the gap between the current device and the one you expect to

be supplied with, namely, once the threat analysis has been carried out, it is possible to measure the gap between the

device currently in use and the needed to face the threat, with appropriate suggesions for miigaing or transferring risk.

This is achieved by always balancing eiciency, efeciveness and sustainability, and in compliance with the

ISO/IEC 27002 standard on informaion security.

INSIDE’s Security Division is able to idenify, through the hearing of corporate subjects (managers) in charge of criical

processes, how individuals perceive potenially dangerous events by not only considering risk assessment reliability, but

also future expectaions deriving from the choices that have been made. The service has, therefore, the dual purpose of

evaluaing management and assessment choices and inclinaion to risk.

It consists in the development of new business management methods that take into account risks and disasters under

which normal aciviies should result to be inadequate, and include those efects that might result from uncertain

situaions, in view of a proper use of risk miigaion policies.

Risk Assessment

Risk Percepion

Risk Management



39

INSIDE’s Security Division carries out analysis capable of understanding and evaluaing the origins of various governances,

risk governance efeciveness and eiciency, implicaions in terms of technological innovaion, investments and

governance policies by customizing the service on the basis of several and diverse risks arising from diferent social,

economic, poliical, geographical condiions of the context in which the company works.

The service is aimed at assessing non-payment risk by companies located in a speciic country and, thus, at supporing

the Customer in making informed decisions in the ield of internaional business aciviies, with the aim of helping the

same in internaional growth strategy.

The methodology adopted by INSIDE’s Security Division consists in the analysis of a number of economic indicators,

both quanitaive and qualitaive, in order to provide a comprehensive proile of the economic situaion, the poliical

business environment and potenial commercial and inancial risks.

Globalizaion and internaionalizaion of enterprises entail more and more frequent staf relocaions around the world.

It is therefore necessary that companies ensure the safety and security of travellers, especially when their desinaions

correspond to high-risk areas (e.g. countries subject to terrorist threats, environmental and health emergencies, high

crime rate).

This service will allow you to know, consider and adopt prevenion soluions with regard to the peculiariies of a

paricular country, its poliical, social and geological situaion, its crime rate and health issues, thus supporing you

to plan business trips even thanks to the classiicaion of diferent countries on the basis of their danger degree and,

consequently, the need to provide for protecive measures or not.

Risk Governance

Country Risk Report

Travel Security



40

INSIDE’s Security Division prevents the risk of assaults, kidnapping or hijacking of cargo vessels or passenger ships by

providing protecive measures, especially in areas considered to be at high risk, such as Somali waters.

The service is guaranteed by security teams, dissuasive tools and technologies and crew training, all by respecing the

standards of the industry:

• ISPS Code (Internaional Code for the Safety of Ports and Ships)

• SOLAS (Safety of Life at Sea) regulaion

• United Naions Convenion on Sea Law, 1982

• Internaional Regulaion on flags and ports

• Convenions and agreements of the Internaional Mariime Organizaion (IMO)

The service ensures the protecion of individuals suscepible to atacks and violence, and possibly their families, by

assising them during their trips or simply in the course of ordinary professional aciviies, all without invading their

privacy.

The protecion plan is customised according to the Client’s needs and commensurate with the type and seriousness of

the danger the subject is potenially exposed to by ensuring defence at any ime, during any movement on naional and

internaional territories, roads, airports and ships, at work as well as at home.

To this end, the staf of INSIDE’s Security Division complies with stringent psycho-physical requirements and undergoes

constant physical training as well as updates on new legal-regulatory, technical and psychological-social requirements

of interest.

By resoring to the utmost conideniality, discreion and professionalism, INSIDE’s Security Division ofers driver services

for each speciic need (long-term assignments or one-ime events, personal security needs of managers, poliicians etc.):

trips, transfers from airports or during conferences or exhibiions, transfers (and consequent protecion) of individuals

carrying personal items of value.

The staf is highly qualiied, even thanks to constant and periodic training on safe driving.

Mariime Security

Execuive Protecion

Security Driver



41

INSIDE’s Training Division, aware of the importance of competence and professionalism in the security ield and the

imely and careful assessment of any potenial danger for the people to be protected, holds various specialized courses

for targeted operator training, thus ensuring that the same comply with the psychological, physical and operaional

(but also cultural, such as knowledge of a foreign language, because they oten have to act in an internaional territory,

history, poliics or geographical characterisics of a paricular foreign country) condiions required for efecive crisis

situaions management.

Our courses are held by staf highly skilled in teaching.

Having a gun at home is not enough to ensure personal safety: constant training is essenial to proper use. The course

prepares you to this by simulaing potenially dangerous for you and your families and reproducing that feeling of

panic and helplessness typical of someone who is surprised by the presence of criminals at home, in front of which

the operator can check his/her own reacion ability, perform targeing exercises, improve movements inside rooms,

corridors etc.

Issues concerning all high-risk areas, with paricular regard to techniques ensuring the physical safety of people who, for

various reasons, are located in high-conlict areas, are taken into consideraion.

The course covers the main factors (related to objecive and subjecive aspects) that can afect people protecion, and

aims to train operators on possible soluions against dangerous situaions and possible defensive strategies.

The course aims to prepare professionals to address operaional contexts characterized by public health emergencies,

such as the need to keep a person alive.

Among the subjects: noions of strategic medicine, human body anatomy and physiology, cardiopulmonary resuscitaion

and ariicial respiraion techniques, management of bleeding, burns and fractures, transport of wounded people,

strategic rescue and support, causes of injury and death in case of conflict etc.

Shooing courses for Home Defence

Safety and Protecion in High-risk Situaions

Strategic Security and First Aid



42

The course is aimed at acquiring the basic survival techniques to be used in hosile situaions (mountains, sea, inaccessible

areas): construcion of shelters and rudimentary weapons, rope climbing, ire lighing, inding food resources, emergency

signals, concealment techniques, orientaion without compass etc..

The global situaion is currently characterized by increasingly frequent terrorist acions that might lead to the collapse of

internaional economic environments. The courses held by INSIDE’s Training Division address the issues of terrorism and

aniterrorism and the prevenion and management of such situaions by learning to anicipate the moves of terrorists,

be the lone wolves (a terrorist who acts individually on the basis of available opportuniies and means) or structured

cells (belonging to organizaions of a certain size).

Survival in Hosile Territory

Intelligence and Aniterrorism


Crown House, 72 Hammersmith Rd

Hammersmith, London, W14 8TH

T +44 (0)20 75 59 13 11

F +44 (0)20 35 14 68 50

USA6800 Jericho Turnpike, Suite 120W

Syosset, New York, 11791

T +1 (0)516 393 58 52

F +1 (0)516 393 58 19

RUSSIA31st floor, stroenie 1, bld. 3,

Begovaya str, Moscow, 125284

T +7 (0)499 277 13 03

F +7 (0)499 287 66 00

ITALYVia Monte di Pietà, 21

20121 Milano

T +39 (0)2 86 33 73 42

F +39 (0)2 94 75 26 15

ITALYVia Ludovisi, 35

00187 Roma

T +39 (0)6 42 03 73 97

F +39 (0)6 94 80 17 11

UNITED ARAB EMIRATESBuilding 3, Plot 598-676, Dubai Investment

Park, Green Community, DUBAI, 212880, EAU

T +971 (0)4 80 19 276

F +971 (0)4 80 19 101

HONG KONG25 Westlands Road, Quarry Bay Berkshire

House, Unit 2402-07, 24th HONG KONG

T +852 (0)28 24 85 28

F +852 (0)37 19 81 11

SOUTH AFRICAFirst Floor, Willowbridge Centre, 39

Carl Cronje Dr, Cape Town, 7530

T +27 (0)21 974 6276

F +27 (0)21 974 6101

BRAZILTop Center Paulista, Paulista Avenue, 854

Bela Vista – 10° floor, São Paulo, 01310-913, Brasile

T +55 (0)11 21 86 04 42 F +55 (0)11 21 86 02 99

UNITED KINGDOM

SWITZERLAND

MAIN OFFICE

OFFICES AROUND

Documents

[email protected] · Strategic Security Consuling Humint Intelligence Risk Assessment Risk Percepion Risk Management Risk Governance Country Risk Report Travel Security Mariime Security