Phil Graham on 13 Jul 2000 17:52:19 -0000

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

<nettime> CyberSleuth will identify entities

[moderator note: the business week just ran an article on eWatch

From: Naomi Sunderland <
To: "''" <
Subject: [bioexchange] FW: CyberSleuth will identify entities targeting
Date: Thu, 13 Jul 2000 14:03:57 +1000

The bio-exchange

Check out the terminology used the article below on cybersleuthing services
now available to help companies identify and "eliminate" on-line activists
working against them. See in particular:

threat assessment
rogue websites
"shuttering of a terrorist web site"
"objective not only to stop spread of incorrect information but also to
ensure that what has already spread is eliminated"

What are we talking about here - online activism or nuclear fallout?!

This is all quite disturbing. Question is, are we dealing with "warfare" or
is it merely in the description? Or both?

Naomi Sunderland

Biotech Activists (    Posted: 07/12/2000  By

eWatch CyberSleuth

Wednesday, July 12, 2000

It is unfortunate that companies are being targeted by entities whose
motives are fraudulent, deceptive or criminal.

  eWatch CyberSleuth will attempt to identify the entity or entities behind
the screen name(s) which have targeted your organization.

  eWatch CyberSleuth includes a 30-day subscription to the eWatch All
Coverage Bundle (except WebWatch) with the screen name(s) as the sole

  eWatch CyberSleuth requires 7 to 10 days to complete from the date of
submission and costs $4,995 per screen name. 48-hour turn around is
available for an additional $1,995 per screen name. Results will vary and
cannot be guaranteed. Customers will receive a dossier detailing all
information gathered about the subject during the inquiry. Click here to


While the Internet is in fact a new medium, based on our five years of
experience in helping companies monitor the Internet, most of the old
rules with respect to how we respond and react still apply. The biggest
differences are that our actions are more public, the audience is larger
and we're running in real-time.

There are six major motivations for online activism. The same response
methodology cannot be used for all of them. It is critical to understand
the motivation or motivations behind online attacks in order to employ the
correct response mechanisms. The six motivations include:

  Legitimate complaint.
  Behavior influencing (Environmental group targeting an oil company, etc.)
  Stock manipulation.
  Mis- or dis-information.
  Fraud and extortion.

Troubleshooting dubious postings need to happen on four fronts (what we
call these the four C's):



  Before troubleshooting, decide if action is warranted. Let's face it,
there is a lot of awful content on the Internet about even the best
  To take action on every occurrence is impractical. What are the
key triggers that your company will use to prioritize and classify online
  In our experience, other companies have used these standards,
among others, for online threat assessment:

  Threats against the safety of employees.
  Threats against property (physical and intellectual).
  Decreasing sales.
  Lowering stock price.
  Affecting litigation.
  Affecting negotiations (labor, acquisitions, etc.).


  If the attack is prioritized for action, then containment is the next
step. Containment is a two part endeavor focusing on (1.) Neutralizing the
information appearing online, and; (2.) Identifying the perpetrators
behind the postings, rogue website, hack, etc.

  Neutralizing information posted online, if appropriate, is the removal of
the offending messages from where ever they appear in cyberspace. This may
mean something as simple as removing a posting from a web message board on
Yahoo! to the shuttering of a terrorist web site.
  The objective is to not only stop the spread of incorrect information,
but ensure that what has already spread is also eliminated. Victims of
verifiable libel and trademark infringement have a much easier time
neutralizing Internet content in our experience.
  Non-libelous content but nonetheless incorrect or offensive content is
less likely to be removed by 3rd party search engines, ISPs, etc.

  Identifying the perpetrators behind the action requires the kind of
special expertise that we've assembled for out eWatch CyberSleuth product.
  Internet attackers attempt to cover their tracks by erasing identifying
personal information from their postings, using anonymous remailers to
strip off network information, posting under assumed names, etc.
  Identifying these perpetrators is done using a variety of methods such as
following leads found in postings and web sites, working ISPs, involving
law enforcement, conducting virtual stings, among other tactics.


  Depending on the scope of the event, it may become necessary to
communicate to our key audiences about an incident that is occurring
online. Our key audiences may include our employees, vendors, customers,
prospects, regulators, beat journalists, financial analysts and investors
(retail and institutional).
  The purpose of communicating with our key audiences is to signal that we
are on top of the situation and have, or are working, to resolve it. When
our key audiences are communicating in real-time, so must we. In certain
situations, the lack of a response will be viewed as incompetence or
worse, that there is in fact something to hide. As in other media,
perception is reality.

  On the Internet, there are many communication tools at our disposal. We
can post back to the message boards where the original postings appeared
to give our side of the story, provide clarification or debunk it. We can
email directly those we think were affected by the incident. We can use
our own web site -- or set up a temporary micro site -- to address the
situation in detail.
  Micro sites are useful for communicating a lot of information to a lot of
people in a short period of time...especially journalists. For situations
that are or have the potential to affect a large number people, companies
are also using traditional media tools such as news releases and media
relations that can reach outside the online world more effectively.

  Regardless of the method used, the targeted company has to evaluate these
tools with great caution. What may appear to a company as a serious
incident may in fact not be to its key audiences.
  By communicating even to a small audience we run the risk of creating a
larger problem where one did not exist before. And on the Internet, it is
easy for our adversaries to take our response out of context. Furthermore,
when communicating with our adversaries directly, everything we send them
will more than likely appear online. Depending on the situation, curt
letters from corporate lawyers merely serve to bolster their claims.


  Based on the information that is learned about the perpetrator(s), and
given the seriousness of the offense, the appropriate countermeasures are
  These may include everything from simply exposing the individual online
all the way to arrest. In some cases, the perpetrator is an employee of or
contractor to the targeted company. In these cases, termination of
employment is customary.

  Counteraction may also include closing loop-holes in computer networks or
developing new security procedures to prevent a recurrence.

  For more information on eWatch CyberSleuth or to discuss a specific
situation you may be facing, please email or call


*** NOTICE: In accordance with Title 17 U.S.C. Section 107, this material
is distributed without profit to those who have expressed a prior interest
in receiving the included information for research and educational
purposes. Feel free to distribute widely but PLEASE acknowledge the
source. ***

How to Use this Mailing List

You received this e-mail as a result of your registration on the
biotech_activists mailing list.

To unsubscribe, please send an email to In the body of
the message type:
unsubscribe biotech_activists

For a list of other commands and list options, please send email to
In the body of the message type:

Please direct content questions about this list to:

Please direct technical questions about this service to:

To unsubscribe, write to

Start Your Own FREE Email List at

Opinions expressed in this email are my own unless otherwise stated.
Phil Graham
Lecturer (Communication)
Graduate School of Management
University of Queensland
617 3381 1083

#  distributed via <nettime>: no commercial use without permission
#  <nettime> is a moderated mailing list for net criticism,
#  collaborative text filtering and cultural politics of the nets
#  more info: and "info nettime-l" in the msg body
#  archive: contact: