AUSERGUIDE|

CISIncidentResponseGuide

Cyber Investigation Services - Defamation & Brand Attacks Guide

US RGUID ! CISIncidentResponseGuide

CIS Defamation & Brand Division

"pertiseand "perience
CIS Defamation & Brand Division is t#e investigative and response team $it#in Cyber Investigation Services %%C focused on assisting individua&s and professiona&s address t#e ever increasing prob&em $it# digita& attacks t#at impact company brand and persona& reputations' CIS revie$s more t#an ()*++ brand & reputation re&ated in,uiries eac# year' -oday) CIS is uni,ue&y positioned to #e&p many professiona&s and companies respond to and reso&ve a variety of cyber incidents' .ur team members inc&ude internet reputation e"perts as $e&& as e"perienced security professiona&s) $it# career e"perience ranging from internet branding) corporate information security and security researc#) to federa& and &oca& &a$ enforcement' /or reputation & brand) our firm is often #ired as e"pert consu&tants and $itnesses in cases $it# mi&&ions of do&&ars on t#e &ine0 $e are a&so #ired to assist t#e sma&& individua& $it# a &oca& case' 1e understand internet reputation issues) t#e rea&ities of dea&ing $it# t#ose issues) and t#e most cost efficient tec#ni,ues' /urt#er) $e #ave very good $orking re&ations#ips $it# top internet attorneys and internet crisis specia&ists' 2o matter $#at is #appening in your case) $e can assemb&e a&& t#e key components in a team to #e&p you' /rom t#e investigative and tec#nica& side) CIS is a member of /BI Infraguard) and certified as Digita& /orensic "aminers) Certified t#ica& 3ackers 4C 35) Certified 6enetration -esters 4C6-5) Certified "pert 6enetration -ester 4C 6-5) Certified Security Ana&ysts 4 CSA5' .ur advanced training enab&es our response teams to more effective&y respond reactive&y and proactive&y to security incidents' /urt#ermore) CIS is e,uipped to #e&p you in a&& *+ states across t#e USA & Canada'

Brand7ReputationDestroyed8 2o$$#at9
%earning t#at someone is attacking your #ard earned reputation on t#e internet is &ike a kick in t#e gut' Customers) e"-emp&oyees) competitors) and e"-significant ot#ers are no$ uti&i:ing every means possib&e to #arass you and ruin your reputation' C&ear&y t#is is a #uge concern to you' ;ou mig#t fee& vio&ated and maybe even an"ious about doing somet#ing RIG3- 2.1' Rest assured t#atyouarenott#efirstort#e&astpersonto e"periencet#isgro$ingon&ineissue'CIS#as investigated #undreds of t#ese cases and #e&ped c&ients find reso&ution and stop t#eir antagonist' .ur Cyber Investigation -eam is #ere to #e&p'

Understand /irst) React Second

Somet#ing #as triggered you to start &ooking for so&utions today' After #aving $atc#ed so many cases unfo&d) $e kno$ t#at t#e smart approac# is to first strategi:e and t#en second react' 1e can<t te&& you #o$ many times $e #ave #eard 4=I $is# I $ou&d #ave ca&&ed you first>5 from c&ients $#o #ave $asted money on &a$yers) reputation management companies) investigations) or crisis management so&utions t#at eit#er made t#e matters $orse or got no$#ere' 6&ease understand) eac# of t#ese is possib&y t#e rig#t so&ution but t#e e"act detai&s of your case $i&& determine $#ic# are &ike&y to $ork and $#ic# $i&& &ike&y fai&'

US RGUID ! CISIncidentResponseGuide
1#en defamation victims read a &itt&e on t#e internet and t#en se&f-diagnose) it is t#e e,uiva&ent of deciding t#at you need a #eart surgeon because of a fe$ pains' It takes true e"pertise to craft t#e best so&ution based on your specific situation & needs'

1#at -ypes .f Cases Do ;ou 3and&e9

CIS #and&es many different types of cases but in our brand & defamation group) t#ese are t#e most common0 Competitor attacking your reputation for a business advantage?

/a&se defamatory revie$s p&aced against your company? "-emp&oyee) disgrunt&ed emp&oyee) past business partner attacks? " significant ot#ers destroying persona& reputation? B&oggers or ot#er groups destroying your reputation for a cause? Damaging emai&s sent to distribution &ists? Damaging $ebsites set up t#roug# domains by pro"y or simi&ar services? /a&se information distributed t#roug# t#e press? -ota&&y anonymous attacks for no apparent reason? Remova& of embarrassing materia& t#at #as arrived on t#e internet' Given t#e vo&ume) $e can a&most guarantee you t#at $e #ave seen and $orked your e,uiva&ent case many times before'

Common @uestion AB0 Can Anyt#ing Rea&&y Be Done9

In many cases) t#e ans$er is yes) somet#ing can be done' 1#i&e t#at =somet#ing> may vary $i&d&y from case-to-case) it is rare&y our suggestion to &et somet#ing sit and #ope it goes a$ay if damaging to your reputation' Rea&i:e t#at fe$ prob&ems on t#e internet are reso&ved $it# some magica&) =#o&y grai&> type service' 3o$ever) rest assured) $e kno$ every =trick> in t#e book to #e&p you reso&ve your case in t#e most efficient manner possib&e' If $e can<t so&ve it for you) $e can point you to t#e rig#t peop&e $#o can'

Common@uestionAC0 1#at "act&yDo;ouDo&1#at DoesIt Cost9

1#i&e a good ,uestion) t#is is t#e e,uiva&ent of asking your dentist $#at t#ey $i&& do to fi" your prob&em' Unti& t#ey kno$ t#e e"act detai&s of your prob&em) at best t#ey can on&y give you a vague ans$er' -#e same is true for us since $e do so many different t#ings for different peop&e' .nce $e kno$ your case) t#en $e can give you a specific ans$er and ans$er cost issues as $e&&'

Common@uestionA(0 Can;ouRea&&yGet Internet Dateria& Do$n9

;es depending upon t#e e"act circumstances' In t#e 3o$ Do ;ou Rea&&y 3e&p section be&o$) you $i&& find a number of different remova& tec#ni,ues t#at get emp&oyed'

Common @uestion AE0 I Fust 2eed -#e Identity .f Someone Doing -#is8
Identity is one of t#e most common re,uests t#at $e receive and $e perform t#is repeated&y' 3o$ever) it is often one of t#e most difficu&t aspects of a case because of privacy &a$s t#at e"ist' /urt#ermore) un&ike t#e magic seen on -G s#o$s) no databases e"ist t#at a&&o$ us) or anyone e&se for t#at matter) to pus# a fe$ buttons and ID your attacker' If your case is serious and you must get to ID) $e can certain&y #e&p' If you are &ooking for a simp&e) &o$ cost magic so&ution) you may $ant to continue your searc# for t#e #o&y

US RGUID ! CISIncidentResponseGuide
grai& e&se$#ere'

Common@uestionA*0 1#yAreI6AddressesABigDea&9
Internet investigators) bot# private and Government a&ike) getting to a rea& I6 address for an antagonist is a very big dea&' 3o$ever many victims of internet issues cannot ,uite grasp $#y t#is important' -#e s#ort ans$er is t#at $#en an I6 address is captured) $e essentia&&y #ave t#e e&ectronic fingerprint of t#e person A2D I- CA2 B -RAC D' 1#i&e tracing may re,uire subpoenas to get) you kno$ in advance t#at =you #ave t#e bad guy>' /urt#ermore) t#ere is a number of tec#ni,ues to t#en use t#e I6 address to stop a bad situation from getting any $orse'

Common @uestion AH0 Do ;ou) .r -#e Attorneys ;ou 1ork 1it# Accept Contingency9
Rare&y #o$ever it does #appen' /irst) as a non-&a$ firm) $e are not a&&o$ed to accept payments based on outcomes of &ega& actions' Attorneys t#at $e $ork $it# $i&& consider it if t#e case meets specific criterion' As a ru&e-of-t#umb) if t#e person t#at is causing you #arm is not a company) t#en t#e odds are s&im' 6&ease understand t#at $#en somet#ing about you s#o$s up in =Goog&e> for e"amp&e) t#e &a$yers $i&& not

vie$ Goog&e as t#e one causing you #arm but instead t#e person or group t#at provided t#e materia&' .ne common type of contingency case t#at $e see is $#en business competitor<s attack eac# ot#er on t#e internet' If you #ave t#is type of case) $e encourage you to submit it to us to eva&uate furt#er'

3o$ Do I 1ork 1it# ;ou9

1e try to keep t#is as simp&e as possib&e $it# a pay as you need #our&y system' B' Submit your case via instructions be&o$' If $e can #e&p you) you $i&& receive an emai& back $it# some budgetary estimates' If t#is is $it#in budget for you) t#en $e $i&& be #appy to conduct a s#ort) free consu&tation to describe genera& approac# and &et you ask ,uestions' C' As ;our Case vo&ves0 1e simp&y make recommendations of #o$ $e can best #e&p you at eac# stage and time estimates' If you agree) t#en you simp&y fund and $e get to $ork' Rea&i:e $e c#arge e,uiva&ent to ot#er #ig#&y specia&i:ed e"perts but yet $e are very time efficient'

3o$ Can ;ou Rea&&y 3e&p9

%ike any e"pert group) $e #ave deve&oped a set of ski&&s t#at far surpass t#e kno$&edge of many genera&ists' /or e"amp&e) many &oca& attorney<s turn to us to #e&p t#em t#roug# many of t#is issues t#at arise in t#ese cases9 1#y9 Simp&y because as a genera&i:ed attorney) t#ey simp&y do not $ork many cases of t#is type and t#us cannot possib&y kno$ a&& t#e $ays to dea& $it# t#e issues' ven you are considering an attorney) don<t be s#y0 fee& free to ask t#em #o$ many cases &ike t#is did t#ey $ork &ast year' Since our kno$&edge #as taken t#ousands of #ours to accumu&ate and re,uired $atc#ing so many cases p&ay out from start to finis#) many peop&e find our initia& consu&tation inva&uab&e) even if t#at is a&& t#ey use of our services' Be&o$ is a concise &ist of many of t#e different areas $#ere $e can #e&p c&ients and t#eir attorneys' B5 Getting Damaging Dateria& Removed B' Antagonist Gs 1ebsite Gs 3ost Remova&s C' Cease & Desist strategies0 Risk & Re$ards (' 2egotiation remova& tactics E' Sympat#etic $ebsite remova&s *' Court orders & inIunctions for remova&s

US RGUID ! CISIncidentResponseGuide
C' C5 Internet Brand & Reputation Impacts B' @uick impact assessment of damage J S#ou&d you $orry about it9 C' S#ort term versus &ong term considerations (' Casua& versus professiona& background searc#es E' 1i&& on&ine reputation management $ork in your case9 *' "pert testimony on brand7reputation attacks H' "pert reports on c&ean up costs & economic damages (5 Stopping Kno$n & Unkno$n Antagonists B' Uti&i:ing %a$ nforcement0 1#at $i&& and $i&& not $ork' C' Restrictive orders and t#eir c#a&&enges on t#e internet (' Investigative stopping tec#ni,ues E' Attorney cease & desist *' Using I6 addresses to s#ut do$n parties H' Uti&i:ing comp&aints pre-&itigation L' Attorney agreed orders & inIunctions E5 Investigative & %itigation Strategies /or Unkno$n Antagonists B' Cost effective tec#ni,ues for bui&ding a&& circumstantia& cases C' Uti&i:ing $eb) emai&) te"t) and p#one traps (' Rea&istic use of nationa& database searc#es E' I6 address geo-&ocation & strategies *' Discovery tactics for identification H' Computer) 6DA) & 6#one forensics0 1#at to use7not use' L' =Doe In -#e Bo"> Strategies M' Assessment of odds of catc#ing *5 fficient Uti&i:ation .f Attorneys B' %oca& Gersus 2ationa& Attorneys0 ac# #ave t#eir p&ace C' Attorney consu&ting to rapid&y imp&ement identification (' 1i&& attorneys take my case on contingency 4yes) if t#e rig#t type5 E' Attorney screening0 Does your attorney =get it9> *' Cost & bi&&ing oversig#t0 1e understand $#at it s#ou&d cost' H' 2o cost consu&t $it# nations top attorneys $#en appropriate L' -ec#nica&) investigative) & damages consu&ting $it# attorney

('

E'

*'

H'

M' Consu&ting on efficient tec#ni,ues to subpoena internet sites & domestication issues' H5 3ig# 6rofi&e Cases B' 1#en you) or your attorney<s action may substantia& damage you' C' 3o$ to #and&e $#en press) b&oggers) or socia& media are $atc#ing' (' Access to our team of top internationa& attorneys N internet crisis specia&ists'

1#at is t#e ne"t step9

Simp&e' 6&ease send an emai& to infoOcyberinvestigationservices'com $it# t#e fo&&o$ing information' B' B5 2ame and contact C' C5 Case -ype0 Brand7Defamation

US RGUID ! CISIncidentResponseGuide
(5 6rovide &inks to #armfu& materia&' Don<t Iust te&& us it is on some $ebsite but give us t#e &ink to t#e page4s5' E' E5 Give us a brief background suc# as $#en issue started) do you kno$ $#o is be#ind t#is' *' *5 1#at $ou&d you &ike CIS to accomp&is# for you9 Be specific #ere since t#is $i&& rea&&y impact our budget estimates' H' H5 If you are on&y $i&&ing to accept a contingency type re&ations#ip) p&ease indicate t#is c&ear&y' 1e $i&& emai& you back $it# eit#er a yes) $e can #e&p $it# a fe$ detai&s or no) $e cannot #e&p and #ere is $#y' If $e can #e&p) $e $i&& send you instructions on #o$ to set up an initia& consu&tation' ('