www.inside.agency [email protected]
INTELLIGENCE & SECURITY INVESTIGATIONS
www.inside.agency [email protected]
SUMMARY
About Us
INSIDE Due Diligence & Compliance
GRC – Governance, Risk Management & Compliance
Reputaional Risk ManagementMonitoring Check
Compliance Check
Web Intelligence ReputaionProviders & Compliance Business InformaionLiigaion Invesigaive Report
INSIDE Invesigaions ItalyInvesigaion of Employee AbsenteeismInvesigaion into Corporate InidelityUnfair Compeiion Invesigaions
INSIDE Foreign IntelligenceCredit Risk Check
Dossier Due Diligence InvesigaionINSIDE Cyber Security
Services
INSIDE Digital & Mobile ForensicsMode of Delivery of the Service
INSIDE Electronic DebuggingAni-surveillance Intervenion Methodology
INSIDE Security
Strategic Security Consuling Humint Intelligence
Risk Assessment
Risk PercepionRisk Management
Risk Governance
Country Risk ReportTravel SecurityMariime SecurityExecuive ProtecionSecurity Driver
INSIDE Training
Shooing courses for Home DefenceSafety and Protecion in High-risk SituaionsStrategic Security and First AidSurvival in Hosile TerritoryIntelligence and Aniterrorism
1
2
3
3
4
4
5
7
9
10
10
10
11
12
12
13
15
16
27
28
31
32
37
37
37
38
38
38
39
39
39
40
40
40
41
41
41
41
42
42
INTELLIGENCE & SECURITY INVESTIGATIONS
www.inside.agency [email protected]
1
ABOUT US
INSIDE gathers informaion, at a naional and internaional level, that is useful to companies for risk management, in
compliance with regulaions, professional ethics and corporate governance standards. The informaion is used to assess
the economic, inancial and reputaional risks of organisaions and individuals with whom the company may establish
business relaions.
This series of informaion allows strategies and techniques to be prepared to counteract the dangers inherent in various
market sectors (pharmaceuicals, automobiles, insurance, inance, government...), which can afect small businesses as
well as larger companies.
Reports can also be prepared on poliically exposed persons (PEPs), who hold or have previously held public oice, and
are therefore more exposed to the risk of commiing certain crimes, such as corrupion, bribery or money laundering.
INSIDE helps organisaions to know their business partners, guiding their acivity towards more informed decisions,
through a range of services that ensure regulatory compliance and fulilment of legal and audiing requirements
(regulaions of the Foreign Corrupt Pracices Act - FCPA, the UK Bribery Act, Ani-Money Laundering – AML controls, the
USA PARTRIOT Act and Countering the Financing of Terrorism – CFT controls); the research conducted - which can cover
all market sectors and any organisaion, regardless of its size - provides a thorough check on potenial business relaions,
highlighing any risks of corrupion arising from a geopoliical analysis of the case.
The reports provide all informaion on a company and its directors, aciviies, history, administraion, conflicts of interest,
inancial liabiliies, legal and judicial afairs (compliance risk), and reputaional risk. They also include veriicaion of
statements by the administrators, compliance with ani-money laundering (AML) rules, ani-corrupion controls, FCPA
and UKBA rules, sancions against Iran, and Internaional and US due diligence procedures.
INSIDE reports are generally recommended for veriicaion of inancial crimes, but are not limited to this: the research
by INSIDE provides a valid soluion in situaions of geopoliical risk (high-risk countries) regarding a transacion or
an individual involved in it, for supply chain and due diligence checks, before major investments such as mergers or
acquisiions, and for an integrated compliance programme.
INSIDE conducts the invesigaions itself, thereby maintaining a high level of quality and eiciency, with access to a large
number of operators located across ive coninents and speaking over 60 internaional languages; it also uses naive
speaker professionals, who can grasp language nuances that are oten incomprehensible to those outside of a paricular
culture. The informaion and “open source” data collected is abundant and of high quality, as the various sources used
are constantly updated with foreign oicial informaion.
INTELLIGENCE & SECURITY INVESTIGATIONS
www.inside.agency [email protected]
2
Through these services, INSIDE supports its Clients in the assessment of the value and inancial health of potenial
business partners, as well as the professionalism of employees or candidates for employment, in order to allow an
aware and informed decision, and thus a posiive conclusion to transacions, avoiding economic risks and associated
inancial and reputaional damage. It is highly important to examine the proile of a company that may present risk
factors or operate in a dangerous environment (ensuring compliance with current regulaions: AML, KIC, FCPA), and the
professional and personal proiles of its directors.
The research aciviies are carried out by specialised staf (including former police oicers, journalists and professional
experts capable of uncovering the most hidden informaion), operaing both in Italy and abroad and including naive
speakers of the most widely used internaional languages.
The team employed consults a huge range of informaion channels, databases and public registers in various languages.
These are, however, public sources and, as such, accessible to anyone (therefore veriiable) and compliant with the laws
of the country concerned. They can be used to create a detailed proile of clients or business partners, and highlight their
records, properies, involvement in lawsuits and regulatory violaions.
In countries where the possibility of accessing certain types of informaion is limited, INSIDE integrates its Due Diligence
& Compliance Invesigaion dossier with indings from on-the-spot invesigaions.
INSIDE provides the requested reports with highly compeiive delivery imes and costs. They oten concern cases
involving maters of corrupion and money laundering, or preparatory invesigaions for operaions such as mergers, joint
ventures, acquisiions, private equity and investments in general. Given the large commitment in terms of movement of
capital in such transacions, due diligence aciviies to proile the paries involved become essenial.
The service therefore brings to light any risks involved in the transacions (inancial relaionships are oten not
consolidated, so there is no real knowledge of the other party), allowing the Client to address them in advance, thus
contribuing to their success or convincing him/her to reject them.
More speciically, the service allows informaion to be obtained on inancial and operaional track records, reputaional,
business and personal backgrounds, liigaion, inancial management, corporate problems, unrealisic expectaions,
liabiliies not reflected in the inancial statements and overstated proits.
INTELLIGENCE & SECURITY INVESTIGATIONS
www.inside.agency [email protected]
3
This contains all informaion from external sources concerning legal eniies.
The focus of the assessment is the level of risk exposure of legal persons or eniies, and therefore that of their
representaives; a study is made of their operaional history (operaional risk) and background in terms of reputaion
(reputaional risk), economic condiions and compliance risk (legal-judicial afairs).
It also includes an indicaion of all the commercial afairs in which the enity has been involved over the past 5-10 years
(judicial proceedings, protests, bankruptcy procedures, and legal entries and registraions), asset veriicaions and, for
joint-stock companies, an analysis of the inancial indicators resuling from a comparison of the items in the recent
inancial statements.
The company’s public legal data is then supplemented by indings gathered on-site and indicaions from economic
operators in that speciic ield. The dossier concludes with a reliability assessment (an opinion on the credit that may
be granted).
The addiion of a new professional igure to its structure (for example, a new manager), is considered a major investment
for a company. A choice made too hasily, without the necessary precauions, could place a strategic role in the wrong
hands, with the risk, over ime, of major logisical and economic/inancial repercussions, as well as harm to the company’s
reputaion.
INSIDE provides senior management required to choose a new igure with a series of invesigaive aciviies, fully
compliant with the provisions of Art. 8 of Law 300/70 (Workers’ Statute), for assessing the suitability of the candidate.
More speciically, it ofers a “customised” invesigaive dossier on the individual and/or business partner, aimed at
determining their reliability as a partner for business relaions and/or professional and/or corporate assignments.
An examinaion is made of all the indicators of the individual’s competence and reliability, as well as informaion collected
on-the-spot concerning any detrimental business and/or personal aspects.
GRC - Governance, Risk Management & Compliance
Reputaional Risk management
Company Reputaion Dossier
Personal Reputaion Dossier
COMPLETION TIME
15/20 days
COMPLETION TIME
15/20 days
INTELLIGENCE & SECURITY INVESTIGATIONS
www.inside.agency [email protected]
4
This service allows coninuous monitoring of a business (and its representaives) to verify any events that may afect
the Client’s commercial risk over ime, and promptly indicate their occurrence through an alert system that permits
immediate updaing.
This service allows you to check your clients, speciically verifying their inclusion in paricular
databases, indicated below:
COUNTER-TERRORISM LISTS
Lists drawn up by legislators and insituions from various countries;
ITALIAN ANTI-MONEY LAUNDERING LISTS
Containing more than 400,000 names of individuals and eniies involved in crimes of this type in Italy, in accordance
with the provisions of internaional law;
PIL LISTS
Containing the names of Local Italian Poliicians (regional, provincial and municipal);
INTERNATIONAL PEP LISTS
Containing more than 400,000 names of Poliically Exposed Persons from over 240 countries, ideniied based on the
ani-money laundering direcives of the Financial Acion Task Force (FATF) and relevant global legislaion;
LISTS OF ILLEGAL GAMBLING SITES
Indicaing redirect sites and internaional companies that own sites without authorisaion from the Autonomous
Administraion of State Monopolies (AAMS);
BLACKLISTS & WATCHLISTS
Containing the names of persons sought by naional or internaional invesigaion authoriies, such as the DIA, FBI
and Interpol, as well as governments, persons included in the lists of judicial authoriies or government agencies, and
persons served with orders issued by inancial authoriies, such as FINMA, or supervisory authoriies.
Monitoring Check
Compliance Check
Annual Monitoring of Customers & Suppliers
COMPLETION TIME
24H
INTELLIGENCE & SECURITY INVESTIGATIONS
www.inside.agency [email protected]
5
There is no doubt about the beneits provided by the Web, paricularly for companies: it allows the disseminaion of commercial informaion so that products and services can be adverised or sold. Moreover, because the Internet gives a reliable percepion of reality, any business can analysis the informaion published online to assess how it is perceived by the market, and this can provide a strong compeiive advantage: companies can used online research to enhance their image in terms of markeing or to simply improve the quality and features of their products.
A NEW METHOD OF DATA ANALYSISA computer is a machine with ariicial intelligence and can therefore perform funcions and operaions similar to those of the human mind. In order to facilitate the analysis of texts, PCs would have to be given the capacity of study and interpretaion that individuals develop during their school years.
The data comprehension process involves analysis of a text on four diferent levels:
1) grammaical analysis: this allows a grammaical sense (verb, adjecive, noun, aricle...) to be given to each segment of the text, thereby removing lexical ambiguity;
2) logical analysis: this recognises the role that groups of words play within the text and answers quesions such as where? how? when? and who?;
3) semanic analysis: this allows a meaning to be assigned to the right syntacic structure and, consequently, to the linguisic expression, eliminaing semanic ambiguiies;
4) analysis of seniment: this allows the polarity of the content regarding an individual, a product or a brand to be determined (posiive, neutral, negaive).
Clustering techniques are then used to classify various types of comments into groups (e.g. complaints or suggesions), thus creaing new keys for interpretaion of the data.
KNOWLEDGE MINING: A NEW METHODOLOGICAL APPROACH
This new approach to the interpretaion of data consists of two phases:
1) a mining phase: examining relevant texts as if they were a mine to be explored;
2) a knowledge phase: idenifying the informaion of real importance and any connecions that were iniially hidden.
The approach involves the use of a crawler, sotware that analyses the content of the network methodically and automaically, placing it in an index: it then analyses all the data collected and subdivides it according to relevance and importance in order to understand its meaning. The importance of one item of informaion compared to another is not ideniied on the basis of certain keywords: everything depends on the contextualisaion of the informaion and its automaic comprehension.
The knowledge mining process, which allows the data online to be found and interpreted in terms of quality, quanity and reputaional seniment, can be summarised as follows:
Study of the context, in order to select data on the Web in line with the object of the search;
Exploring the web with a crawler: study of the content, separaion and classiicaion of what is relevant;
Interpretaion of content in terms of quanity and quality;
Decoding the polarisaion: evaluaion of data collected in terms of quality, through the recogniion of expected and unexpected results.
Web Intelligence Reputaion
Analyical Descripion
INTRODUCTION
•
•
•
•
INTELLIGENCE & SECURITY INVESTIGATIONS
www.inside.agency [email protected]
6
Sources consulted: open sources (Internet, major search engines, social networks).
Output:
- Negaive: “No informaion of interest regarding the subject was found”.
- Posiive: a short collecion of the evidence found in graphical format with links to the source.
Sources consulted:
- open sources (Internet, major search engines, social networks);
- press records from over 4,000 naional and local newspapers published in a period of up to ten years (e.g. 2004-2014).
Output:
- Negaivo: “No informaion of interest regarding the subject was found”.
- Posiive:
• a collecion of the evidence found in graphical format with links to the source;
• a copy of the aricle/s and details of the publicaion.
Sources consulted:
- open sources (Internet, major search engines, social networks);
- press records from over 4,000 naional and local newspapers published in a period of up to ten years;
- detrimental factors of a conidenial nature from intelligence aciviies (combined with journalisic interviews, if available).
Output:
- Negaivo: “No informaion of interest regarding the subject was found”.
- Posiive:
• a collecion of the evidence found in graphical format with links to the source;
• a copy of the aricle/s and details of the publicaion.
• clear indicaions of the types of detrimental factors that have emerged.
Web Intelligence Reputaion
Level of Detail
SMALL Report
MEDIUM Report
LARGE Report
COMPLETION TIME
3/5 days
COMPLETION TIME
8/12 days
COMPLETION TIME
5/7 days
All the informaion collected in the report, resuling from the analysis of posts in blogs, forums, social networks and news aricles, is publicly available and, as such, is accessible to anyone.
NOTES ON THE CONFIDENTIALITY OF INFORMATION
INTELLIGENCE & SECURITY INVESTIGATIONS
www.inside.agency [email protected]
7
suitable for assessment and ceriicaion of high-end partners and individuals external or internal to the company.
Oicial data, raing, score, payment experiences and check on negaive informaion (protests, detrimental aspects, bankruptcy proceedings) in a format that allows immediate ideniicaion of the areas of risk (company, representaives), together with details, where appropriate. Data on representaives and local units. The inancial statements secion is based on the last three years, both for the balance sheet highlights and the indicators. Market informaion and number of queries. Summary comment. For an agreed monthly fee, alerts can be received in the event of changes in the reliability assessment or the corporate structure.
suitable for assessment and ceriicaion of high-end suppliers, partners and franchisees.
Oicial data, raing, score, payment experiences and credit. For raing and score: industry comparison and trend analysis. Check on negaive data (protests, detrimental factors, bankruptcy proceedings) in a format that allows immediate ideniicaion of the areas of risk (company, representaives or partners), together with details, where relevant. Data on representaives, family history, partners, past joint investments, board of directors and local units. The inancial statements secion should be based on the last three years, both for the balance sheet highlights and the indicators. Market news, press releases, CIGS (extraordinary redundancy fund) and the number of queries. Media, crime and web reputaion. Analysts’ comments. For an agreed monthly fee, alerts can be received in the event of changes in the reliability assessment or the corporate structure.
suitable for assessment and ceriicaion of high-end suppliers, partners and franchisees.
Oicial data, raing, score, payment experiences and credit. All industry comparison and trend analysis data, geographical breakdown. Check on negaive data (protests, detrimental factors, bankruptcy proceedings) in a format that allows immediate ideniicaion of the areas of risk (company, representaives, ailiated companies, subsidiaries or partners), together with details, where relevant. Data on representaives, family history, partners, past joint investments, board of directors, past shareholdings and local units. The inancial statements secion should be based on the last three years, both for the balance sheet highlights and the indicators. Market news, press releases, CIGS (extraordinary redundancy fund) and the number of queries. Reputaion (media, crime and web) and online and oline seniment, intelligence context, analyical and predicive scenarios. Ideniicaion of buildings with maps and satellite photos, photo ideniicaion of the individuals, in-depth evaluaion by analysts based on intelligence sources. Possible invesigaive acivity on site.
Providers & Compliance Business Informaion
Analyical Descripion
STANDARD Report
PREMIUM Report
ADVANCE Report
COMPLETION TIME
1/3 days
COMPLETION TIME
5/9 days
COMPLETION TIME
12/16 days
INTELLIGENCE & SECURITY INVESTIGATIONS
www.inside.agency [email protected]
8
Providers & Compliance Business Informaion
Levels of Detail
SecionOicial Data
Partners
Immediate ideniicaion of areas of risk
Balance Sheet Indicators
Credit
Local units
Partners
Number of queries
Ideniicaion of properies with maps and satellite photos
Score
Board of Directors
Representaives
Press Reports
Intelligence Context
Geographical subdivision
Balance Sheet Highlights
Informaion on Representaives
Analysts’ comments
In-depth assessment by analysts based on intelligence sources
Raing
Past joint ventures
Company
Market Informaion
Industry comparison and trend analysis data
Annual Financial Statements
Details of Risk Areas (where relevant)
Reputaion (media, crime and web)
Photo ideniicaion of individuals
Payment Experiences
Past shareholdings
Ailiates, subsidiaries
CIGS (extraordinary redundancy fund)
Analyic and Predicive Scenarios
Check on Negaive Informaion (Protests, Detrimental aspects, Legal Proceedings)
Consolidated Balance sheet
Family History
Online and oline seniment
Possible on-site invesigaive aciviies
STANDARD
Report
3
PREMIUM
Report
3
ADVANCE
Report
5
INTELLIGENCE & SECURITY INVESTIGATIONS
www.inside.agency [email protected]
9
Liigaion Invesigaive Report
This service is recommended when a dispute arises and allows the debtor’s actual inancial and asset situaion to
be assessed before taking legal acion, which, in the event of conirmed desituion or other limitaions, may prove
unsuccessful.
The following data is provided for INDIVIDUALS: • Tracing of personal details and addresses• Search for newly listed telephone connecions in addiion to those already provided• Ideniicaion and conirmaion of work acivity (employee/self-employed/reired) • Informaion from inspecion• Veriicaion of the subject’s involvements in companies in Italy • Research into the individual’s shareholdings in joint-stock companies in Italy • Search for assets in the naional real estate register• Search for real estate on locaion• Tracing of registered cars/motorcycles • Check for disputes and detrimental aspects (Courts and Land Registry)• Bank References• Final assessment of recoverable credit
The following data is provided for LEGAL ENTITIES: • Legal ideniicaion of the enity through the General Register of Companies • Conirmaion of efecive operaion on site and/or tracing of any new locaion/s • Informaion from conidenial local sources • Search for newly listed telephone connecions in addiion to those already provided by the debtor • Registered residence and domicile of the legal representaive• Tracing of registered cars/motorcycles • Search for assets in the naional real estate register• Search for real estate on locaion• Search for contract awards• Search for disputes and detrimental aspects of other types concerning the enity and its
legal representaive, with relevant details• Bank references• Final assessment of recoverable credit
360° CREDIT RECOVERY INVESTIGATION
COMPLETION TIME
15/20 days
COMPLETION TIME
15/20 days
Informaion dossier containing the informaion provided from service “360° Credit Recovery
Invesigaion” and integrated with Financial Informaion originated from the acivity of Humint
Intelligence, that is from a gathering informaion from insitutes of credit, aimed at idenifying
eventual banking relaionships of individual or legal eniies searched.
360° CREDIT RECOVERY INVESTIGATION WITH FINANCIAL INFORMATION
INTELLIGENCE & SECURITY INVESTIGATIONS
www.inside.agency [email protected]
10
Art. 2119 of the Italian Civil Code provides for the possibility of withdrawing from a contract “before the expiry of the
term, if the contract is for a ixed period, or without noice, if the contract is for an indeinite period, if a cause arises that
does not allow the coninuaion of the relaionship, even temporarily”.
Oten, however, employers experience great diiculty in assering their rights in the absence of real and documented
evidence.
INSIDE conducts targeted invesigaion aciviies to ind and document all evidence that can be used to legiimise
the dismissal of an ofending employee, paricularly with regard to ideniicaion of the causes of absence and/or
opportunisic behaviour incompaible with the employment relaionship, to demonstrate:
• Whether employees are performing two jobs;
• Whether the employee’s sick leave is genuine or to be considered unjusiied;
• Whether parental leave, regulated by Law no. 104/1992, or trade union leave has been taken for genuine reasons;
• Whether employees in temporary redundancy are working for other companies and receiving hidden earnings,
in circumvenion of the law.
Inidelity in the workplace has its legal basis in Art. 2105 of the Italian Civil Code, according to which “the employee
may not conduct business, on his/her own behalf or that of third paries, in compeiion with the employer, nor divulge
informaion concerning the company’s organisaion and producion methods or use it to the detriment of the company”.
Current legislaion is therefore aimed at protecing companies against any kind of paricularly disloyal aitude by
employees or partners that could harm the company or place it at a disadvantage, such as acts of corporate espionage
and/or sabotage and/or otherwise professionally improper acts by partners or directors.
In cases of suspected corporate inidelity, INSIDE iniiates a series of invesigaion procedures concerning the partner or
employee aimed at highlighing and documening all behaviours considered improper and harmful to the company and
which violate the above-menioned obligaion of professional loyalty.
Invesigaion of Employee Absenteeism
Invesigaion into Corporate Inidelity
INTELLIGENCE & SECURITY INVESTIGATIONS
www.inside.agency [email protected]
11
Cases of unfair compeiion and counterfeiing of products/brands are becoming increasingly common occurrences in
Italy, due in part to the unregulated growth of Asian countries, paricularly the People’s Republic of China, which place
products in our markets with disregard for all internaional standards.
It is worth clarifying that according to the Italian Civil Code (Art. 2598), without prejudice to the provisions concerning
the protecion of brands and patents, “acts of unfair compeiion” are perpetrated by whoever:
• uses names or idenifying characterisics likely to be confused with names or logos used legiimately by others,
or slavishly imitates the products of a compeitor, or performs acions with any other means likely to create
confusion with the products and the acivity of a compeitor;
• disseminates news and assessments of the products and acivity of a compeitor that can bring them into
discredit, or appropriates qualiies of the products or business of a compeitor;
• directly or indirectly uses any other means inconsistent with the principles of professional propriety that can
damage the company of another.
Ater careful analysis of the case, INSIDE will implement a series of invesigaion aciviies combined with expert opinions
aimed at verifying the occurrence of unfair compeiion and/or counterfeiing of products that has caused damage
inancially and in terms of image to the company that owns the trademark and related know-how.
Unfair Compeiion Invesigaions
INTELLIGENCE & SECURITY INVESTIGATIONS
www.inside.agency [email protected]
12
In the current business scenario, characterised by serious misconduct such as corrupion, money laundering and fraud,
it is essenial for companies to subject their suppliers and business partners to greater scruiny, not only for reasons of
reputaion, but also in consideraion of the potenial economic damage they may incur.
Therefore, to enable its customers to “cerify” their suppliers, INSIDE ofers global screening services: it collects and
veriies all useful and relevant informaion about third paries and assesses the main risks, using the latest technology,
which can integrate data collected in the due diligence process, and creaing points of contact between the Client’s
internal staf and that of INSIDE.
This is all done in the strictest compliance with ani-corrupion regulaions and those of the various industrial sectors,
of which the professionals involved in the research acivity have expert knowledge.
This service allows prompt access to all the main legal informaion on foreign companies and also provides a
comprehensive overview of their economic, inancial and administraive situaion.
It is provided in English, with Italian provided on request, and is available worldwide. Algorithms and proven evaluaion
systems are applied to determine the risk level of the company examined, together with a maximum recommended
credit limit.
The informaion in the foreign report is obtained through cross-consultaion of oicial public databases in foreign
countries.
The service is provided in oline mode throughout the world, with a speciic quotaion depending on the country
concerned.
With regard to the advantages obtained, it allows informaion to be gathered on foreign companies that is otherwise
diicult to obtain, together with risk and solvency indicators.
Credit Risk Check
COMPLETION TIME
Normal 12 days Urgent 5 days Flash 3 days
INTELLIGENCE & SECURITY INVESTIGATIONS
www.inside.agency [email protected]
13
INSIDE’s intelligence acivity is capable of detecing risks in business and interpersonal relaionships at a global
level, and possible risks regarding business dealings due to past events with which those concerned are associated;
the data collected is used to compose highly detailed proiles.
Due diligence control provides organisaions with a safeguard against reputaional and inancial damage. It allows
background checks to be made on individuals or eniies worldwide to provide companies with greater knowledge of
their business partners, thanks to specialists based around the world who speak more than 60 languages (including
naive speakers, familiar with linguisic nuances that are oten impercepible to those outside the culture of a given
country).
The focus is varied: checks on corrupion or money laundering, preliminary veriicaions for transacions such
as mergers, acquisiions or joint ventures, checks on supply chains, due diligence checks on agents, consultants,
distributors and immigrant investors (tax residence applicaions), on individuals connected with high-risk countries,
on high-net-worth-individuals...
The invesigaions cover more than 240 countries, with hundreds of agents acive 24 hours a day, 7 days a week.
The research also covers individuals or eniies included in all lists of groups subject to sancions, watchlists, and
lists of supervisory authoriies and law enforcement agencies regarding maters of inancial crimes, terrorism and
organised crime in general.
Cases oten arise of people already involved in criminal proceedings but not yet convicted, and the reputaional
damage that may result can be even more harmful than any inancial sancions imposed on them as a result of
breach of compliance obligaions.
The research aciviies also meet the due diligence requirements of the KYC (Know Your Customer), AML (Ani
Money Laundering), CFT (Countering the Financing of Terrorism) and PEP (Poliically Exposed Persons) procedures.
The informaion collected and contained in the dossier, which is coninuously updated and subject to quality control,
is of public origin:
• global media (over 100,000 sources);
• data from local and internaional public records;
• speciic sources for each country and industry;
• data sources in foreign languages;
• data stored in our databases;
• global compliance informaion sources;
• informaion that is publicly available but diicult to ind;
• negaive reports from internaional media;
• around 400 lists of groups and individuals subject to sancions, watchlists and lists compiled by supervisory
authoriies and law enforcement agencies (INSIDE invesigaions oten idenify persons at high risk even
before they appear in the oicial lists).
Due Diligence Invesigaion Dossier
INTELLIGENCE & SECURITY INVESTIGATIONS
www.inside.agency [email protected]
14
The data is analysed in detail, separated and matched together (oten a huge amount of data has to be processed)
through advanced screening procedures and accurate search processes, and subjected to strict quality controls. This
allows compliance processes to be simpliied, saving costs in terms of ime spent resolving diiculies, and thereby
acceleraing the pace of operaions.
Some funcions are provided that allow speciic informaion to be obtained for AML and CFT screening aciviies:
• penalies in real ime: this is a soluion for compliance with payment procedures; it allows bodies that
carry out checks on ime-sensiive cash transfers to obtain updated informaion on penalies;
• Iran Economic Interest (IEI): this allows companies to track customers, employees and business partners
in general, in order to detect the risk of breaches of trade sancions against Iran;
• Country-check intelligence: this provides global informaion on economic, poliical and criminal aspects
in support of AML due diligence aciviies;
• IHS mariime vessel data: reveals the idenity, ownership structure (current and historical) and locaion
of vessels and details on all sea-going, self-propelled merchant ships of 100 GT and above;
• US SAM (System for Award Management): provides informaion on organisaions that are either
restricted or prohibited from doing business with the US government.
The dossier provides a complete risk overview: informaion on organisaions, their properies, directors, links with
poliics and organised crime, and conflicts of interest.
It is drated in English within a short ime period (10 to 15 days) and at a limited cost (since INSIDE is personally
involved in its preparaion).
The service is provided in tabular format: the tables facilitate understanding of the informaion and assessment of
the risks involved; the links through which the data was collected are also given to allow veriicaion.
As a conclusion, a summary sheet and business intelligence secion can be provided.
The methods used are geared towards total discreion: the individuals covered by the research are not aware of the
ongoing invesigaions.
The more speciic reports include:
• ani-money laundering (AML) compliance;
• veriicaion of statements by administrators;
• ani-corrupion checks and veriicaion of compliance with the ani-corrupion laws in the USA (FCPA)
and the UK (UKBA);
• sancions against Iran;
• Internaional and American due diligence. COMPLETION TIME
15/20 days
INTELLIGENCE & SECURITY INVESTIGATIONS
www.inside.agency [email protected]
15
INSIDE’s Cyber Security Division is aimed at combaing computer crime and provides assistance not only in support
of law enforcement aciviies but also to companies.
Atenion to Informaion Security is increasing rapidly,
since it is impossible to think of managing business
aciviies today without the help of computer systems,
which are now essenial tools in the producion processes
of companies.
It is therefore important to ind professional help for
defence against computer atacks that could seriously
threaten your most important asset: your know-how.
INSIDE’s Cyber Security Division can detect the level
of vulnerability of your systems and perform a careful
diagnosic analysis to idenify the appropriate steps for
ensuring the safety of your informaion property.
The main objecive of the INSIDE Cyber Security Division, with its experience acquired in the industry, its high quality
and safety standards, and the support of its highly qualiied technical staf, is to analyse and strengthen the security
of your company’s IT infrastructure, for which it has developed a series of speciic services.
Ater each acivity, the INSIDE Cyber Security Division issues a report containing details of all the operaions carried
out and providing all the necessary soluions for the total security of your company.
INTELLIGENCE & SECURITY INVESTIGATIONS
www.inside.agency [email protected]
16
The services ofered by the INSIDE Cyber Security Division are designed to achieve the following objecives:
VULNERABILITY ASSESSMENT AND MITIGATION• Assessment of the strength of the security system in use• Ideniicaion of known vulnerabiliies• Implementaion of countermeasures
PENETRATION TEST
• Assessment of the strength of the security system in use• Ideniicaion of the weaknesses of the plaform through a simulated atack
WEB APPLICATION PENETRATION TESTING• Ideniicaion of vulnerabiliies in web applicaions• Resoluion of the problems detected
THREAT DETECTION & ANALYSIS• Ideniicaion and analysis of hosile hardware or sotware devices
ETHICAL HACKING• Ideniicaion of the exposure risk of the computer system to hosile technological and/or human
events
CODE REVIEW• Detecion of vulnerabiliies in the source code
SECURITY EVALUATION• Assessment of the security level of hardware and sotware applicaions, processes and plaforms
IT RISK MANAGEMENT• Ideniicaion of risks from corporate IT investments• Deining strategies to govern them
SECURITY AUDIT
• Accurate ideniicaion of vulnerabiliies in the computer system• Increasing the capacity for assessment of the risks it contains
HIGH LEVEL SECURITY CONSULTING• Provision of advice on computer security issues
The following secion of this document describes the methods used and the characterisics of the acivity carried
out, together with the procedures followed regarding the delivery of the inal report to the Client.
1. AREA OF INTERVENTION
The intervenion requested will focus on the technology structure used by the Client, namely:• the computer system• internal and external infrastructure• networks• hardware/sotware devices• web applicaions used by the Client
Services
INTELLIGENCE & SECURITY INVESTIGATIONS
www.inside.agency [email protected]
17
2. METHODOLOGY
The INSIDE Cyber Security Division has a group of experts specialised in the ield, with a series of internaionally
accredited ceriicaions.
More speciically, it carries out its professional acivity in the strictest compliance with the following standards:
• ISO/IEC 19011:2003 – Guidelines for quality and/or environmental management
• ISO/IEC 20000-1:2005 – Service management – Part 1: Speciicaion
• ISO/IEC 27002:2005 – Code of pracice for informaion security management
• ISO/IEC27004:2009 – Informaion security management – Measurement
• ISO/IEC 27005:2008 – Informaion security risk management
• BS25999-2:2007 – Business coninuity management – Speciicaion
• COBIT v4.1 – Control Objecives for Informaion and related Technologies
• OSSTMM v3 – Open Source Security Tesing Methodology Manual
• OWASP Tesing Guide v3 – Open Web applicaion Security Project Tesing Guide
• CC v3.1 – Common Criteria
• CEM v3.1 – Common Methodology for Informaion Technology Security Evaluaion
• ITIL v3 – Informaion Technology Infrastructure Library
• PCI-DSS v2.0 – Payment Card Industry Data Security Standard
• Basilea2 – Internaional Convergence of Capital Measurement and Capital Standards
• SOX of 2002 – Public Company Accouning Reform and Investor Protecion Act
• Legislaive Decree 231/2001 – Administraive liability of legal persons, companies and associaions
without legal personality
• Legislaive Decree 196/2003 – Personal data protecion code
• Legislaive Decree 262/2005 – Protecion of savings and regulaion of inancial markets
• Legislaive Decree 81/2008 – Protecion of health and safety in the workplace;
Image 1. Main internaional standards
INTELLIGENCE & SECURITY INVESTIGATIONS
www.inside.agency [email protected]
18
2.1 METHODOLOGICAL REFERENCES
2.1.1 OSSTMM
2.1.2 OWASP
The OSSTMM (Open Source Security Tesing Methodology Manual) is a ceriicaion
provided by ISECOM (the Insitute for Security and Open Methodologies), an internaional
community for research and collaboraion on security, established in January 2001.
It is a peer-reviewed methodological approach used in the ield of computer security
systems and is based on performing security tests and analysis on infrastructure and IT
assets to arrive at veriied facts; these facts provide useful informaion in measurable
terms for the improvement of operaional security.
The use of the OSSTMM standard, in compliance with relevant regulaions, allows the
achievement of consistent and repeatable results, providing an understanding of the
countermeasures to be implemented, the extent to which the system is exposed to
possible atacks, and therefore how to achieve maximum security.
The OWASP Tesing Guide is a framework for tesing the security of applicaions and
network infrastructure developed by OWASP (The Open Web Applicaion Security
Project), a non-proit foundaion whose aciviies are centred on the producion of
resources, aricles and material related to informaion security issues.
OWASP has compiled a classiicaion of the security threats considered most criical:
• SQL Injecion
• Broken Authenicaion and Session Management
• Cross Site Scriping
• Insecure Direct Object Reference
• Security Misconiguraion
• Sensiive Date Exposure
• Missing Funcion Level access Control
• Cross Site Request Forgery
• Using Components with Known Vulnerabiliies
• Unvalidated Redirects and Forwards
INTELLIGENCE & SECURITY INVESTIGATIONS
www.inside.agency [email protected]
19
2.2.1 PROACTIVE SECURITY SERVICES
Through the services of the INSIDE Cyber Security Division, we can assess the vulnerability of your systems and perform
careful diagnosic analysis to determine the appropriate measures to ensure the security of your informaion property.
PENETRATION TEST
The Penetraion Test is a service for assessing the security of a system or network through the simulaion of an external
or internal atack by a threat agent. The aim is to highlight the weaknesses of the plaform, providing the greatest
amount of informaion on the technological vulnerabiliies that have enabled unauthorised access: it essenially involves
puing ourselves in the shoes of the hacker, who exploits detected vulnerabiliies to obtain informaion required for
access to the computer infrastructure.
VAM – VULNERABILITY ASSESSMENT AND MITIGATION
The Vulnerability Assessment and Miigaion (VAM) method adopted by the INSIDE Cyber Security Division consists of a
series of non-invasive aciviies aimed at evaluaing the efeciveness and strength of the security systems used by your
company, and idenifying known vulnerabiliies in case of a cyber atack. These iniial intervenion phases are followed
by the adopion of countermeasures aimed at improving the security of your systems.
VAM should be implemented in various stages throughout the year, since the technology is constantly developing, as
are the tools used to atack systems.
The INSIDE Cyber Security Division develops the following levels of VAM:
• Database: our analysis focuses in paricular on the DBs mostly commonly used by companies (Microsot SQL
Server, Oracle, SYBASE Server, etc.). The assessment is done using highly sophisicated tools and sotware,
and includes an automaic scan of these databases to idenify and analyse weak points that are prone to
atack. All companies “store” their business informaion in these types of databases, which, being constantly
reorganised for beter use, are exposed to atacks by paries with malicious intent, such as compeitors.
• Telephone Network: an atack on a telephone network is commonly known as ‘war dialling’. It is a frequently
used form of computer atack, as the telephone network is more vulnerable due to the presence of bugs.
The atack involves automaic scanning of an enire telephone network, including switchboards, modems
and telephone equipment.
2.2 MODES OF DELIVERY
INTELLIGENCE & SECURITY INVESTIGATIONS
www.inside.agency [email protected]
20
WEB APPLICATION PENETRATION TESTING
With the advent of e-commerce, companies are increasingly using the web to promote and sell their products and/or
services. The INSIDE Cyber Security Division conducts prevenion and safety aciviies on all the web applicaions used
by companies.
The process involves scanning and monitoring all the secions of the web applicaion, with paricular atenion to areas
protected by usernames and passwords, which, when entered, allow access to the services ofered through HTTP or
HTTPS protocols.
The work involves the following security ields:
• Scanning of sensiive data sent via the applicaion and exposed to risk of intercepion by malicious paries,
through an examinaion of the HTML code, scripts or other informaion that can be obtained through
debugging mechanisms;
• Thorough analysis of interacive ields between the applicaion and the user to idenify any gaps created by
(in)voluntarily input;
• Authenicaion procedures;
• Resoluion of issues related to a speciic session, such as imeouts, logouts, hijacking, logins using unveriied
addresses, etc.
• Validaion and alterability of data;
• Execuion of commands in unexpected areas of the applicaion, for example, through speciic SQL strings,
which can lead to the direct manipulaion of the database, with the possibility of acquiring, modifying and
deleing stored data;
• Incorrect or inappropriate interacions with the operaing system (shell escape).
THREAT DETECTION & ANALYSIS
Through its Threat Detecion & Analysis procedure, the INSIDE Cyber Security Division can detect and analyse any hosile
hardware or sotware devices (such as viruses) that are potenially capable of damaging or exporing sensiive data in
computer systems afected by threats.
ETHICAL HACKING
Ethical Hacking consists in the simulaion of an internal or external malicious atack, depending on the type of exposure
risk ideniied in the computer system, and includes human as well as technological aspects, for example, the Social
Engineering method.
Social Engineering is a series of psychological techniques used by a Social Engineer to deceive the recipient into
performing certain acions (such as issuing access codes, or opening malicious atachments or site containing diallers,
etc.).
The atack includes an iniial phase, known as footprining, consising in the collecion of informaion about the vicim
(e-mail address, phone numbers, etc.) and the subsequent assessment of its reliability. Once the vicim has fallen into the
trap, through the false sense of conidence induced by the Social Engineer, the computer system can then be accessed
and violated.
INTELLIGENCE & SECURITY INVESTIGATIONS
www.inside.agency [email protected]
21
No paricular computer skills are needed to perform this acivity, as knowledge of the person’s psychology is suicient
(normal computer intrusion tools may already have been tried, unsuccessfully): the Social Engineer exploits certain
impressions of the vicim, such as guilt, innocence or ignorance.
CODE REVIEW
Through its Code Review service, the INSIDE Cyber Security Division detects vulnerabiliies in source code, thus limiing
the costs due to producion of the program.
The acivity consists of an iniial analysis of the applicaion, using tools to simulate execuion of the code and detect any
vulnerabiliies that may be present. A second phase searches for vulnerabiliies that may not have been ideniied in the
iniial analysis.
SECURITY EVALUATION
For its Security Evaluaion service, the INSIDE Cyber Security Division uses highly skilled technicians working in a
laboratory environment to evaluate the safety levels of hardware and sotware applicaions, processes and, plaforms
by idenifying any vulnerabiliies that are present and implemening exising security procedures.
IT RISK MANAGEMENT
Through its IT Risk Management process, the INSIDE Cyber Security Division ideniies risks (vulnerabiliies, threats, etc.)
due to corporate IT investments (Risk Assessment) and deines the best strategies for governing them (Risk Treatment),
thereby increasing the level of security required by IT infrastructure.
SECURITY AUDIT
The Security Audit service provides a technical assessment of an organisaion’s security policy based on a combinaion
of Penetraion Tesing and Risk Assessment aciviies. It basically involves accurate ideniicaion of vulnerabiliies in
the computer system through precise opimisaion of the execuion of technological checks, thereby strengthening its
risk assessment capacity.
HIGH LEVEL SECURITY CONSULTING
The specialised staf of the INSDE Cyber Security Division ofer consuling services on any computer security issues that
may not be covered by the services described above.
INTELLIGENCE & SECURITY INVESTIGATIONS
www.inside.agency [email protected]
22
2.2.2 ATTACK VECTORS - for the Penetraion Test and Web Applicaion Penetraion Test services
The Cyber Security Division uses the atack vector technique – of which there are several, depending on the device for
which the service is intended – to simulate the aciviies of a threat agent that accesses an IT system in an unauthorised
manner.
Some of the atack vectors used are listed below:
• Infrastructure: IP, VPN, Wi-Fi, SCADA, etc.
• Applicaions: Web, Database, Client-Server, etc.
• Telephony: PBX, RAS, APN, BlackBerry, VoIP, etc.
• Others: Human, Physical, Video Surveillance, Biometrics, etc.
In some cases we prefer to run tests from a privileged posiion, using standard access credenials, to evaluate the
possibility of circumvening the authenicaion and authorisaion mechanisms in use.
Firewall
Wi-Fi
Modem
www
FTP
Blackberry DataBase
PBX
VOIP
LAN
DMZVPN
Internet
web
Remote
User
Remote Site
Domain
Telephones
Image 2. Main atack vectors
INTELLIGENCE & SECURITY INVESTIGATIONS
www.inside.agency [email protected]
23
2.2.3 APPROACH
The approach developed by the INSIDE Cyber Security Division, always geared towards the assessment of the security
level of the Client’s IT infrastructure, operates in blind mode, through the simulaion of a “blind” atack, i.e. without
knowledge of the implementaion details of the infrastructure.
2.2.5 DENIAL OF SERVICE
This project does not include tesing for Denial of Service (DoS) atacks, unless speciically requested by the Client. These
consist of malfuncions due to cyber atacks in which the resources of an IT system providing a service are deliberately
exhausted so that it is no longer able to provide the service.
2.2.4 TOOLS
The INSIDE Cyber Security Division uses the atack tools most commonly used in the market or those developed by the
Security Advisory Team, included in the categories listed below:
• Vulnerability Scanning (Nessus, NeXpose, OpenVAS, etc.)
• Network Scanning (Nmap, Unicornscan, Singsing, Arp-scan, Ike-scan, p0f, etc.)
• Web Tesing (Burp suite, Zed Atack Proxy, w3af, Skipish, Nikto, etc.)
• Wireless Tesing (Aircrack-ng, Kismet, Karmetasploit, etc.)
• Phone Tesing (Minicom, WarVOX, Ward, THC-SCAN, etc.)
• Packet Forging (hping, Scapy, VoIP Hopper, Yersinia, ISIC, Netcat, etc.)
• Network Sniing (Wireshark, Cain & Abel, Etercap, etc.)
• Password Cracking (John, Rcrack, fgdump, THC-Hydra, Medusa, etc.)
• Exploitaion (Metasploit framework, Exploit-db, private exploits, etc.)
Zero-day exploits, computer atacks that are paricularly harmful to the integrity of a website and the proper funcioning
of an internet node, may also be used, but only at the Client’s explicit request.
Only proprietary hardware and sotware is used, and at the conclusion of each project a saniisaion procedure is carried
out to delete any data remaining from the operaion.
INTELLIGENCE & SECURITY INVESTIGATIONS
www.inside.agency [email protected]
24
3.1 Preparaion of the aciviies
In the iniial phase of the project, the Security Advisory Team has to interface with the Client to gather all the informaion
required for the task and to arrange the schedule and intervenion method for each paricular security operaion.
3.2 EXTERNAL WEB CHECKS - for web applicaion penetraion tesing
The purpose of this acivity is the analysis of web applicaions, using a range of various technologies (ASP.NET, PHP, JSP,
etc.), to test the security of the applicaion components and prevent any threat agents from the Internet from gaining
access to sensiive data possessed by the Client.
3.3 EXTERNAL IP CHECKS - for Penetraion Tests
The purpose of this acivity is to analyse systems exposed to threat from the Internet in order to assess the security of
the overall network infrastructure and prevent unauthorised access or removal of conidenial informaion.
3.4 INTERNAL IP CHECKS - for Penetraion TestsThe purpose of this acivity is to analyse the systems on the Client’s private network to assess the security of the ove-
rall network infrastructure and prevent unauthorised access or removal of conidenial informaion.
3. ACTIVITY PLAN
Firewallbrowser DataBase
Server
Application
Server
Web
Server
Application Application Database
Protection ofSensitive Data
Manipulationof Parameter
Sessions and Cookie
Authenticated User
User
Threat
Agent
User Authentication
Input Validation
Exception Generation
Secure Configuration
Encryption or Hashing of Sensitive data
Recording andAudit of Activity
Protection ofSensitive data
Encryption or Hashing of Sensitive data
Image 3. Architecture of a web applicaion and security measures
INTELLIGENCE & SECURITY INVESTIGATIONS
www.inside.agency [email protected]
25
A series of informaion is given below regarding the inal document delivered to the Client at the conclusion of the
project.
4.1 TEST REPORT
On compleion of all the aciviies, the INSIDE Cyber Security Division issues a strictly conidenial report containing
details of all the operaions carried out and the necessary soluions for the total security of your company.
The document consists of two levels of analysis:
• Execuive Summary: an introductory secion that provides the Client with a broad overview of the main
informaion on the security level of the structure examined, together with an indicaion of the risks ideniied,
foreseeable damage and the measures to be taken to resolve problems;
• Technical Report: the true inal document, containing a technical descripion of the operaions performed,
the criical aspects detected and details of the measures to be implemented.
The graph shows the ime taken to provide the requested services.
The aciviies described in this ofer shall be carried out at the INSIDE headquarters or, in the case of an agreement
between the paries in this regard, on the Client’s own premises.
4. DELIVERABLE
5. DELIVERY TIMES
Activity Week 4Week 1 Week 2 Week 3
Organisation of activities and Project Management
External Web Checks
Follow-up check
Presentation of results
INTELLIGENCE & SECURITY INVESTIGATIONS
www.inside.agency [email protected]
26
The INSIDE Cyber Security Division includes highly specialised experts with a range of awards and ceriicaions for
security tesing that vouch for their technical and professional competence and ethical values:
• CISSP (Ceriied Informaion System Security Professional)
• CISA (Ceriied Informaion Security Auditor)
• CISM (Ceriied Informaion Security Manager)
• OPSA (OSSTMM Professional Security Analyst)
• OPST (OSSTMM Professional Security Tester)
• OWSE (OSSTMM Wireless Security Expert)
• GCFA (GIAC Ceriied Forensics Analyst)
• ITV3F (ITIL Foundaion v3)
• ISFS (Informaion Security based on ISO/IEC 27002)
• ISO/IEC 27001:2005 Lead Auditor (various schemes)
• PCI-QSA (Payment Card Industry Qualiied Security Assessor)
• PCI-ASV (Payment Card Industry approved Scanning Vendor)
6.1 SENIOR SECURITY ADVISOR
This igure has ive years of technical and organisaional experience in the ield of security and thus possesses the
necessary requirements to idenify the work acivity and plan the strategies that the customer needs.
He/she possesses thorough knowledge of the security services and procedures to be implemented for the soluion of
all security problems; thanks to these skills and constant updaing, he/she is able to intervene dynamically in training
and research aciviies.
6.2 SECURITY ADVISOR
This igure has three years of technical and organisaional experience in the ield of security. He/she is capable of assising
the Client in the choice the services to be carried out to ensure company security; he/she directs the aciviies of the
Security Expert and plays an acive role in training and research projects.
6.3 SECURITY EXPERT
The Security Expert, with two years of technical and organisaional experience in the ield of security, has developed the
capacity to ofer advice and assistance, and provide support for the work of the Security Advisor. He/she is regularly
involved in updaing and research aciviies.
6. PROFESSIONAL FIGURES
INTELLIGENCE & SECURITY INVESTIGATIONS
www.inside.agency [email protected]
27
INSIDE ofers professional IT and technology services, skilfully combining considerable advanced business skills with
proven experience in the recruitment and training of its specialists.
To provide the best possible support to its Clients (companies and lawyers, as well as private individuals who feel the
need to monitor their children more closely), INSIDE has brought together the best experise in the ield of security in
a special ranges of services known as IT Security.
The Service Line operates throughout Italy; the area of intervenion of the INSIDE Forensics Division is described below:
Forensic Analysis and Incident Management (FOR-SEC): INSIDE’s intervenion in this area is normally in response to
errors, accidents, intrusions or legal acion. The advice provided covers forensic analysis of digital media, secure deleion
of data, the recovery of data from damaged digital storage media and the deiniion and implementaion of technological
processes and procedures for proper incident management. The staf that operate in this ield hold GCFA and GCIH
ceriicaion (SANS ceriicaions) and follow the guidelines laid down by the US Department of Jusice for the seizure
and preservaion of digital crime evidence.
Intervenions can be carried out on a series of devices:
• computers and storage devices - Computer Forensics;
• electronic devices that use mobile technology - Mobile Forensics: mobile phones, smartphones, tablets and
SIM cards, of any make and model;
• “closed” equipment - Embedded Forensics: game consoles, skimmers used for the cloning of credit cards,
PDAs, organisers, Mp3 players, databanks and closed circuit systems;
• Internet - Network Forensics: e-mail; social networks (Facebook, Linkedin, Twiter, MySpace...), data
exchange systems (FTP, Peer to Peer...), VoIP (Skype is the best known), Virtual Private Networks (VPN);
• sotware - Sotware Forensics: sotware illicitly possessed and marketed with a signiicant economic return
for the perpetrator; encrypion sotware, pirated video games; sotware designed to bypass security systems
(password cracking).
The Service Line not only manages INSIDE’s own experise, but also provides for the coninuous training of its consultants
and clients, with speciic events ranging from seminars to safety courses organised internally or externally. The Service
Line also includes SANS instructors who can give specialised courses with ceriicaion accredited under standard ISO
17024, such as perimeter security, incident management and web applicaion security.
INSIDE considers it essenial for the staf of the Service Line to be part of the development and innovaion in the ield
of ICT Security, with acive paricipaion on the boards of SANS, OWASP and OSSTMM, as well as internal development
projects ranging from advanced forensic analysis of digital signals to the deiniion of analyical systems for digital fraud
prevenion (pre-crime).
INTELLIGENCE & SECURITY INVESTIGATIONS
www.inside.agency [email protected]
28
INSIDE provides its Clients with its own experise in the ield of IT security, and is commited to the providing speciic
consultancy through its own IT Consultants for the execuion of the following forensic analysis aciviies, with
provision of documentaion:
• Forensic analysis of the content of the Client’s phone to detect any malicious sotware direcing calls to
unauthorised numbers or at higher rates;
• Data recovery from digital media (deleted data and/or hidden data) on devices owned by the Client and
transfer of the data to an external device (USB - CD ROM).
The analysis of the informaion extracted from the device will be based on keywords provided by the Client (names,
addresses, phone numbers, etc.) and the consultant’s experience in responding to any quesions raised by the Client.
Please note that the Client is required to provide all necessary informaion to ensure access to the device to be
analysed (e.g. passwords, PIN numbers, etc.). If these are not known, INSIDE will apply analysis and/or acquisiion
methods that may not, however, be exhausive or complete.
1. DATA RECOVERY INTERVENTION METHODOLOGY
INSIDE’s Forensics Division is able to handle all data losses caused by human error, sabotage or events of various
kinds.
During the data recovery process, the IT personnel work on the broken or malfuncioning device or disk with the aim
of temporarily restoring its funcionality and extracing the data. The extracted informaion is then reconstructed
and saved in a format accessible to the user.
• Prognosis: once they receive the damaged data storage media, the IT Consultants of the INSIDE Forensics
Division begin the prognosis (technical analysis) phase to idenify the problem and understand which
iles can be recovered. When this analysis is completed, the Client is provided with a list of recoverable
iles, including a descripion of the state of integrity of each one.
• Data Recovery: once the restoraion of the recoverable iles has been authorised, the data recovery
phase begins, ater which the iles are stored on the Client’s external backup media.
• Data Resituion: the backup media with the recovered data is sent to the Client by express courier. To
ensure greater security, the data is encrypted and the password is sent by e-mail.
Descripion and Mode of Delivery of the Service
INTELLIGENCE & SECURITY INVESTIGATIONS
www.inside.agency [email protected]
29
2. FORENSIC ANALYSIS INTERVENTION METHODOLOGY
We describe below the sequence used by the INSIDE Forensics Division for carrying out data analysis aciviies, from
the assignment of the task to the inal report:
• Ideniicaion: to begin with, all potenial sources of data that can provide valid evidence presentable in
court are ideniied and an appropriate work plan is devised.
• Acquisiion: digital data should never be accessed without proper tools and procedures, due to the
risk of invalidaion or inadmissibility of the evidence presented in court. Digital informaion is fragile
and can easily and/or inadvertently be altered by unqualiied persons, even merely by switching on the
device on which is stored. The intervenion methodology used by the INSIDE Forensics Division ensures
that the data is acquired without any alteraion and/or damage. A duplicate forensic copy of the data is
made and its integrity is checked using hash funcions. All the operaions are adequately documented
to ensure a proper chain of custody.
• Extracion: INSIDE works on the forensic copy acquired to extract the data and informaion contained
in this perfect copy of the storage medium under analysis. Our extracion process ensures the recovery
of deleted iles, hidden iles, temporary iles, ile fragments and other informaion stored on various
devices such as personal computers, servers, mobile phones, smart phones and navigaion systems.
• Data analysis: once the informaion has been extracted, it is analysed to reconstruct the aciviies
carried out with the digital device. A inal report is then prepared containing all relevant informaion,
which can be used for internal appraisals within the company or in court.
3. TOOLS USED
The INSIDE Forensics Division uses the best professional equipment available.
Forensic copies are made using professional equipment that is ceriied and accredited for legal use.
The tools we mainly use include the following:
• LOGICUBE FORENSIC FALCON: for making forensic copies of hard disks;
• UFED: for the extracion and analysis of data from mobile devices;
• CAINE and SLEUTH KIT - AUTOPSY: for analysis of the data;
• Other tools similarly recognised and established in the ield of forensics.
The exclusive use of sotware tools alone, however, is not suicient to obtain a saisfactory result, which also
requires the signiicant experience and knowledge of the staf assigned by INSIDE to use them. For this reason,
careful and thorough manual checks are also carried out to assess the vulnerabiliies found and detect any further
security breaches.
INTELLIGENCE & SECURITY INVESTIGATIONS
www.inside.agency [email protected]
30
4. DOCUMENTATION DELIVERED TO THE CLIENT
On compleion of the analysis aciviies, the Client is provided with two separate documents containing the
informaion recovered from the devices that were analysed, and the complete analysis procedure that was
performed, to ensure the repeatability of the analysis.
The documentaion is provided on standard INSIDE document forms, or on templates provided by the Client,
without prejudice to the possibility of the structure being modiied by INSIDE staf to provide the most complete
documentaion possible of the analysed material.
5. SERVICE PROVISION LOCATIONS
The aciviies described above shall be carried out in the forensics laboratory at the INSIDE headquarters, according
to the work plan agreed with the technical manager assigned by the Client.
The aciviies shall be carried out using laptop computers owned by INSIDE, on which all of the tools used shall be
installed and duly licensed. These computers shall also have updated anivirus programs and personal irewalls.
6. DELIVERY TIMES
The aciviies shall be completed within 15-20 working days (unless scheduled otherwise).
This ime schedule may be changed based on decisions taken while the aciviies are in progress and raiied during
project progress meeings.
7. CONTROL STRUCTURE
The aciviies of the INSIDE Cyber Security Division technicians are supervised by a Service Line Manager who is
exclusively responsible for the aciviies, has sole authority to receive all formal communicaions from the Client and
is delegated to paricipate in the project control phases.
INTELLIGENCE & SECURITY INVESTIGATIONS
www.inside.agency [email protected]
31
INSIDE believes that the protecion of
corporate data is vital for the development
and growth of your business; being able
to protect your projects, the names of
your customers and suppliers, and your
producion and markeing strategies means
having an edge over your compeitors.
Our electronic debugging services can
be requested by anyone with a suspicion
of being spied on, whether privately or
professionally, or by those who simply wish
to ensure their privacy.
The INSIDE Electronic Debugging Division provides individuals and companies with electronic debugging services for
oices/premises through the use of highly professional digital/analogue equipment.
Our staf, on call 24 hours a day, can quickly reach any locaion, whether in Italy or abroad, and are constantly
updated on legal and regulatory developments and ani-surveillance techniques.
INTELLIGENCE & SECURITY INVESTIGATIONS
www.inside.agency [email protected]
32
The intervenion procedure followed by the technicians of the INSIDE Electronic Debugging Division complies with
internaional standard procedures, and ensures efecive bug sweeping and the ideniicaion of any surveillance
devices.
It is recommended to carry out site and phone bug sweeping operaions periodically, or at least whenever privacy
concerns arise.
Ater an iniial inspecion, together with a representaive of the Client, performing an external radio frequency scan
and a visual check on the outer perimeter, the staf of our Division then begin the debugging, which involves the
following operaions:
• Installaion of measures to block bugs, GPS trackers and microphone capsules, if necessary;
• Analysis of frequencies from 10 kHz to 6GHz;
• Thermal imaging analysis of the spaces and objects to be cleared: thanks to this type of innovaive
analysis, the locaion of the most sophisicated bugs that are diicult to detect can be determined;
• Infrared analysis to detect laser microphones and/or micro-cameras;
• Inspecion of all objects with unusual features;
• Inspecion of PCs and mobile phones;
• Removal of detected devices, if agreed;
• Final meeing with delivery of the report on the aciviies carried out.
The intervenion procedure consists of a passive search phase, using the equipment at our disposal, to inadvertently
idenify any surveillance systems in the area/device inspected, and an acive and physical search phase, which
allows inaccessible places to be examined to trace any hidden devices.
If requested by the Client, the INSIDE Electronic Debugging Division technicians are able to install security seals on
false ceilings, juncion boxes, raised floors, etc.
Ani-surveillance Intervenion Methodology
INTELLIGENCE & SECURITY INVESTIGATIONS
www.inside.agency [email protected]
33
1. SOME EXAMPLES OF SURVEILLANCE DEVICES
• Spy sotware, for monitoring aciviies on a PC, and spy phone sotware, for monitoring aciviies on
mobile phones;
• Audio/video bugs, easily hidden anywhere;
• Laser microphone, enables remote listening and can detect sound vibraions through glass;
• Micro digital audio recorder, can be concealed anywhere, even in a vehicle;
• GPS detector, installed on the inside or outside of a vehicle to provide the posiion of the vehicle in real
ime and can track the route taken, including stops;
• GPS detector and audio bug, for satellite tracking and transmission of conversaions from inside vehicles;
• Phone tapping;
• Audio/video recorders, can be concealed on the person talking to us.
2. DETECTION EQUIPMENT
The staf of the INSIDE Electronic Debugging Division use highly professional equipment to idenify, locate and
remove any kind of listening device that threatens your privacy.
OSCOR GREEN SPECTRUM ANALYSER
OSCOR Green was designed to idenify illegal signals, perform inspecions for communicaion systems, analyse radio
frequency (RF) emissions and invesigate misuse of the RF spectrum.
The OSCOR Green Spectrum Analyser can scan all frequencies from 10 kHz up
to 24 GHz in less than a second, enabling rapid detecion of hidden electronic
transmiing devices in a room or a vehicle.
This highly professional equipment has numerous possibiliies of use, but the
OSCOR Green mainly allows the following:
• Analysis of the electromagneic spectrum from 10 kHz to 24 GHz in less
than a second, capturing more than 2,000,000 data points per second;
• Three hours of coninuous use, allowing the clearance of large rooms
and/or industrial structures;
• Rapid ideniicaion and locaion of any type of RF transmission.
INTELLIGENCE & SECURITY INVESTIGATIONS
www.inside.agency [email protected]
34
CPM-700
The CPM-700 is a professional device designed for detecing and locaing all major types of electronic devices used
in surveillance operaions, including radio frequency bugs, micro-cameras, GSM micro-bugs, video transmiters,
micro-recorders and laser direcional microphones.
Devices such as the CPM-700 are important and efecive
tools for professional counter surveillance teams, government
security personnel and private ciizens with security needs.
The CPM-700 is highly efecive for the rapid detecion and
locaion of transmited signals.
Mulifuncional Interfaces
Probes can be used to detect RF transmiters (audio and video) and inducion transmiters on electrical circuits and
the phone systems. There are also probes to detect infra-red transmiters and recorders.
Wideband coverage
From 200Hz to over 3GHz.
Monitor Mode
During bug sweeping, the monitor mode (silent or audible) warns of possible remote control devices.
Auxiliary audio input
This allows users to listen to telephones or test unknown wires that can conceal wired microphones in the cable
ducing of their homes or oices.
MDS-4001
The MDS-4001 is a highly professional device designed to detect and
locate electronic equipment used in surveillance operaions, such
as radio frequency bugs, micro-cameras, video transmiters, micro-
recorders and direcional microphones.
INTELLIGENCE & SECURITY INVESTIGATIONS
www.inside.agency [email protected]
35
RAKSA
The RAKSA iDet Selecive RF Detector allows you to idenify and locate a
wide variety of radio transmiters normally used to gain unlawful access to
conidenial informaion in a given area.
Below is a list of some of the devices ideniied by RAKSA:
• Mobile phones of GSM 900/1800, UMTS(3G), CDMA 450 (453-458
MHz), UMTS 900 standards
• Cordless handsets
• Bluetooth and Wi-Fi devices
• Wireless video cameras
• Radio transmiters (AM, FM, PM, FSK, PSK, etc.)
Thanks to its compact size, the device permits the utmost discreion.
CAM-105
The CAM-105w is an essenial device for preliminary analysis of areas to be swept
for bugging devices. This instrument detects GSM (2G), UMTS (3G) and 4G (LTE)
mobile phones, smartphones, GPS, SMS communicaions, streaming video on 3G/4G
frequencies and Wi-Fi & Bluetooth devices.
The CAM-105W is designed to detect and locate transmissions from devices based
on mobile telephony modules, such as mobile phones, PDAs and smartphones, GPS/
GSM tracking bugs and concealed 3G/4G wireless cameras.
It can be used to check for hidden devices in rooms used for conidenial meeings, examinaion halls, hospitals or
prisons, and to locate hidden tracking devices in vehicles.
The CAM-105W also has a separate 2400 Mhz band detector to deal with the fast-growing threat from Wi-Fi/
Bluetooth/video devices. The detected signal is analysed by complex algorithms to determine its nature and type.
The wireless detecion mode (2.4 Ghz) records the last 24 hours of acivity, which can then be viewed later for more
detailed analysis.
INTELLIGENCE & SECURITY INVESTIGATIONS
www.inside.agency [email protected]
36
THERMAL CAMERA
The thermal imaging camera is a special camera sensiive to
infrared radiaion that takes thermographic pictures and video.
Once the radiaion has been measured, it provides temperature
maps of exposed surfaces, which are oten used for scieniic or
military purposes.
Thermal imaging cameras can measure the temperature of
each individual point of the image examined, ater entering the
temperature and emissivity parameters in the instrument (or the
image analysis sotware during post processing).
The device rapidly “reads” the energy value stored by each pixel and generates an image of the object observed,
either in black and white or false colours.
This allows us to unmistakably disinguish all technical devices hidden in inaccessible places, such as crawlspaces,
plasterboard walls or any other space suitable for hiding an audio or video micro-bug.
The possibility of comparing data from the ordinary equipment used in electronic debugging allows us to idenify
and locate any type of device used for audio and video surveillance with absolute certainty.
The INSIDE Electronic Debugging Division reserves the right to use whatever equipment it deems most suitable for
each paricular case.
INTELLIGENCE & SECURITY INVESTIGATIONS
www.inside.agency [email protected]
37
Today’s global economic environment makes it essenial for every company to face security issues.
INSIDE’s Security Division team, highly skilled and able to act quickly in every part of the world, provides the appropriate
means to prevent potenial risks for a company and idenify and consequently manage crisis situaions that may be
met, thus ensuring resources and infrastructures security.
INSIDE’s Security Division provides customised services (based on business goals or risk protecion) related to the
safety of goods and resources involved in business processes, thus providing the right business strategy on risk control:
efecive data protecion considerably contributes to the safe conduct of producive aciviies and, consequently, to the
company’s success.
Strategic consuling services for security allow for knowledge and assessment of the level of compliance with the
regulatory framework; it will also allow you to analyse and manage physical, logical, organizaional and business
coninuity safety risks and improve informaion security processes.
This is an intelligence acivity consising in collecing informaion through interpersonal contacts and, therefore,
informaion provided by human sources (e.g. conversaions with people who possess or are able to access relevant
informaion: observaions from refugees or war prisoners; informaion on maters speciically known by the contact
person; news concerning interpersonal relaionships and interest networks).
Humint is a bulwark in the ield of espionage and in obtaining informaion, which may be performed by contacing a rival
company’s employee or unrelated subjects who, nonetheless, may be able to easily access data of interest.
When a new case is assigned, the Humint analyst working in INSIDE’s Security Division irst locates the desired informaion
goal, then assesses the candidate’s loyalty and propensity to treason in order to trace a full proile (all subject’s features,
such as character, ideology, behaviour, habits and social context, are taken into account).
An essenial preliminary acivity for Humint’s informaion gathering is the selecion of sources, their precise ideniicaion
as well as the subsequent cross-check of collected data.
Strategic Security Consuling
Humint Intelligence
INTELLIGENCE & SECURITY INVESTIGATIONS
www.inside.agency [email protected]
38
It helps determine quanitaive and qualitaive risks arising from potenial sources of danger, in probabilisic terms,
by mapping your security device (deined as the set of technologies, people, processes and infrastructures used for
security), by evaluaing each analysed area and analysing the gap between the current device and the one you expect to
be supplied with, namely, once the threat analysis has been carried out, it is possible to measure the gap between the
device currently in use and the needed to face the threat, with appropriate suggesions for miigaing or transferring risk.
This is achieved by always balancing eiciency, efeciveness and sustainability, and in compliance with the
ISO/IEC 27002 standard on informaion security.
INSIDE’s Security Division is able to idenify, through the hearing of corporate subjects (managers) in charge of criical
processes, how individuals perceive potenially dangerous events by not only considering risk assessment reliability, but
also future expectaions deriving from the choices that have been made. The service has, therefore, the dual purpose of
evaluaing management and assessment choices and inclinaion to risk.
It consists in the development of new business management methods that take into account risks and disasters under
which normal aciviies should result to be inadequate, and include those efects that might result from uncertain
situaions, in view of a proper use of risk miigaion policies.
Risk Assessment
Risk Percepion
Risk Management
INTELLIGENCE & SECURITY INVESTIGATIONS
www.inside.agency [email protected]
39
INSIDE’s Security Division carries out analysis capable of understanding and evaluaing the origins of various governances,
risk governance efeciveness and eiciency, implicaions in terms of technological innovaion, investments and
governance policies by customizing the service on the basis of several and diverse risks arising from diferent social,
economic, poliical, geographical condiions of the context in which the company works.
The service is aimed at assessing non-payment risk by companies located in a speciic country and, thus, at supporing
the Customer in making informed decisions in the ield of internaional business aciviies, with the aim of helping the
same in internaional growth strategy.
The methodology adopted by INSIDE’s Security Division consists in the analysis of a number of economic indicators,
both quanitaive and qualitaive, in order to provide a comprehensive proile of the economic situaion, the poliical
business environment and potenial commercial and inancial risks.
Globalizaion and internaionalizaion of enterprises entail more and more frequent staf relocaions around the world.
It is therefore necessary that companies ensure the safety and security of travellers, especially when their desinaions
correspond to high-risk areas (e.g. countries subject to terrorist threats, environmental and health emergencies, high
crime rate).
This service will allow you to know, consider and adopt prevenion soluions with regard to the peculiariies of a
paricular country, its poliical, social and geological situaion, its crime rate and health issues, thus supporing you
to plan business trips even thanks to the classiicaion of diferent countries on the basis of their danger degree and,
consequently, the need to provide for protecive measures or not.
Risk Governance
Country Risk Report
Travel Security
INTELLIGENCE & SECURITY INVESTIGATIONS
www.inside.agency [email protected]
40
INSIDE’s Security Division prevents the risk of assaults, kidnapping or hijacking of cargo vessels or passenger ships by
providing protecive measures, especially in areas considered to be at high risk, such as Somali waters.
The service is guaranteed by security teams, dissuasive tools and technologies and crew training, all by respecing the
standards of the industry:
• ISPS Code (Internaional Code for the Safety of Ports and Ships)
• SOLAS (Safety of Life at Sea) regulaion
• United Naions Convenion on Sea Law, 1982
• Internaional Regulaion on flags and ports
• Convenions and agreements of the Internaional Mariime Organizaion (IMO)
The service ensures the protecion of individuals suscepible to atacks and violence, and possibly their families, by
assising them during their trips or simply in the course of ordinary professional aciviies, all without invading their
privacy.
The protecion plan is customised according to the Client’s needs and commensurate with the type and seriousness of
the danger the subject is potenially exposed to by ensuring defence at any ime, during any movement on naional and
internaional territories, roads, airports and ships, at work as well as at home.
To this end, the staf of INSIDE’s Security Division complies with stringent psycho-physical requirements and undergoes
constant physical training as well as updates on new legal-regulatory, technical and psychological-social requirements
of interest.
By resoring to the utmost conideniality, discreion and professionalism, INSIDE’s Security Division ofers driver services
for each speciic need (long-term assignments or one-ime events, personal security needs of managers, poliicians etc.):
trips, transfers from airports or during conferences or exhibiions, transfers (and consequent protecion) of individuals
carrying personal items of value.
The staf is highly qualiied, even thanks to constant and periodic training on safe driving.
Mariime Security
Execuive Protecion
Security Driver
INTELLIGENCE & SECURITY INVESTIGATIONS
www.inside.agency [email protected]
41
INSIDE’s Training Division, aware of the importance of competence and professionalism in the security ield and the
imely and careful assessment of any potenial danger for the people to be protected, holds various specialized courses
for targeted operator training, thus ensuring that the same comply with the psychological, physical and operaional
(but also cultural, such as knowledge of a foreign language, because they oten have to act in an internaional territory,
history, poliics or geographical characterisics of a paricular foreign country) condiions required for efecive crisis
situaions management.
Our courses are held by staf highly skilled in teaching.
Having a gun at home is not enough to ensure personal safety: constant training is essenial to proper use. The course
prepares you to this by simulaing potenially dangerous for you and your families and reproducing that feeling of
panic and helplessness typical of someone who is surprised by the presence of criminals at home, in front of which
the operator can check his/her own reacion ability, perform targeing exercises, improve movements inside rooms,
corridors etc.
Issues concerning all high-risk areas, with paricular regard to techniques ensuring the physical safety of people who, for
various reasons, are located in high-conlict areas, are taken into consideraion.
The course covers the main factors (related to objecive and subjecive aspects) that can afect people protecion, and
aims to train operators on possible soluions against dangerous situaions and possible defensive strategies.
The course aims to prepare professionals to address operaional contexts characterized by public health emergencies,
such as the need to keep a person alive.
Among the subjects: noions of strategic medicine, human body anatomy and physiology, cardiopulmonary resuscitaion
and ariicial respiraion techniques, management of bleeding, burns and fractures, transport of wounded people,
strategic rescue and support, causes of injury and death in case of conflict etc.
Shooing courses for Home Defence
Safety and Protecion in High-risk Situaions
Strategic Security and First Aid
INTELLIGENCE & SECURITY INVESTIGATIONS
www.inside.agency [email protected]
42
The course is aimed at acquiring the basic survival techniques to be used in hosile situaions (mountains, sea, inaccessible
areas): construcion of shelters and rudimentary weapons, rope climbing, ire lighing, inding food resources, emergency
signals, concealment techniques, orientaion without compass etc..
The global situaion is currently characterized by increasingly frequent terrorist acions that might lead to the collapse of
internaional economic environments. The courses held by INSIDE’s Training Division address the issues of terrorism and
aniterrorism and the prevenion and management of such situaions by learning to anicipate the moves of terrorists,
be the lone wolves (a terrorist who acts individually on the basis of available opportuniies and means) or structured
cells (belonging to organizaions of a certain size).
Survival in Hosile Territory
Intelligence and Aniterrorism
www.inside.agency [email protected]
Crown House, 72 Hammersmith Rd
Hammersmith, London, W14 8TH
T +44 (0)20 75 59 13 11
F +44 (0)20 35 14 68 50
USA6800 Jericho Turnpike, Suite 120W
Syosset, New York, 11791
T +1 (0)516 393 58 52
F +1 (0)516 393 58 19
RUSSIA31st floor, stroenie 1, bld. 3,
Begovaya str, Moscow, 125284
T +7 (0)499 277 13 03
F +7 (0)499 287 66 00
ITALYVia Monte di Pietà, 21
20121 Milano
T +39 (0)2 86 33 73 42
F +39 (0)2 94 75 26 15
ITALYVia Ludovisi, 35
00187 Roma
T +39 (0)6 42 03 73 97
F +39 (0)6 94 80 17 11
UNITED ARAB EMIRATESBuilding 3, Plot 598-676, Dubai Investment
Park, Green Community, DUBAI, 212880, EAU
T +971 (0)4 80 19 276
F +971 (0)4 80 19 101
HONG KONG25 Westlands Road, Quarry Bay Berkshire
House, Unit 2402-07, 24th HONG KONG
T +852 (0)28 24 85 28
F +852 (0)37 19 81 11
SOUTH AFRICAFirst Floor, Willowbridge Centre, 39
Carl Cronje Dr, Cape Town, 7530
T +27 (0)21 974 6276
F +27 (0)21 974 6101
BRAZILTop Center Paulista, Paulista Avenue, 854
Bela Vista – 10° floor, São Paulo, 01310-913, Brasile
T +55 (0)11 21 86 04 42 F +55 (0)11 21 86 02 99
UNITED KINGDOM
SWITZERLAND
MAIN OFFICE
OFFICES AROUND