HOW TO PLUG UP AND INVESTIGATE INFORMATION LEAKS
By CJ Bastrup And The Gator Gazzette

If You Like What You See, Click Here For Information On How To Subscribe To Gator Gazzette, A Newsletter For Private Investigators

Recently in the news we have seen a rash of new government and corporate
scandals and insider information being leaked to the press. Corporate security personnel are
having a tough time trying to figure out who leaked the documents to the press in the first place. This
leaves a great opportunity for the professional investigator for two reasons. One, security personnel often
have no idea how to detect the culprit and two, there is no way of knowing who is involved, so management
may be wise to bring in an outside (disinterested) party. This is especially important if the company
is involved in bidding wars and being consistently beat out by a narrow margin by their competitors.
The first level of investigation is to find out who had access to the information inside the
organization. Then a list of names is compiled and those persons are targeted by the investigator.
A successful ploy often utilized by capable investigators to stop documents from being passed
around is to put them on restricted distribution lists. These are lists of names or positions that are
authorized to view and/or access the document on a need to know basis. Individuals not on the list, do not
get the document.

Two outcomes result from this tactic. First, the document is restricted,
making it harder for the opponent to get the document. Second, should the document be leaked to the
media or opponents, the investigators will have a ready made list of suspects with which to start
their inquiries. The next time a leak occurs, the investigation team will attempt to locate
the source of the leak by using any method at their disposal. These methods may include questioning of
employees, background screening, etc. What we are attempting is to do is set up traps for the leak
to reveal itself. Once the restricted distribution list is compiled, it is further broken
down into sub-lists. In each case a segment of the original list will be used until all of the
individuals are listed on different lists in a unique combination. Then each of the individuals on the sub-lists
are "fed" documents that the target would want to leak (misinformation). The source is then found by cross-referencing the documents that are actually leaked with the distribution lists. Moderation is required here as the source may become suspicious when multiple lists are created and when valuable "information" starts appearing in above average quantities. Also, nothing guarantees that the source will leak all of the documents sent to it. Another procedure used is the creation of "trap" documents. In this method each document is carefully crafted to catch the leak. The original document is written using a word processing program which utilizes a thesaurus. The program then uses synonyms to replace some words in the document. Punctuation (placement of commas, quotation marks, hyphens, etc.) is also altered as well as the header style and paragraph formatting. Using a combination of these techniques, a unique document is made for each person it is to be sent to, while keeping the essence of the message intact. Should the source discuss the message with another person on the document's distribution list, suspicion is not aroused as the central idea remains the same.

Then, the document is released to the individuals on all of the lists. If the document is shown on
television or published in the newspaper, the investigator will be able to determine who leaked the
document. However, the media have caught on to this and some only quote part of the document.
However, due to the wording and punctuation, the source can usually be found. It is advisable for
corporations and government entities to incorporate these procedures on regular a basis with a new
version of the document created each time it is requested. This technique is not all-conclusive evidence of
the leak; as the source could always have stolen a colleague's copy and leaked that version of the
document. Thus the source may be someone who was not on any of the lists, but the investigation will at
least be able to determine where the material is originating from and who had access to it. A final approach is to
have documents released in massive quantities to the individuals, but each with a small discrepancy (typos,
figures off by $28, wrong dates, etc.). The misinformation in the document is low-level while still being confidential. Normally someone willing to leak large quantities of low-level information will also be willing to leak high-level information.The process is repeated until an individual source can be pinpointed. Don't wait for the clients to come to you. Next time you see a document on the local news or quoted in the newspaper, look at this as an entity that needs your help.

If You Like What You See, Click Here For Information On How To Subscribe To Gator Gazzette, A Newsletter For Private Investigators

RETURN TO NAIS NEWSLETTER