Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Cyber Tactics
    • Leadership & Management
    • Security Talk
    • Career Intelligence
    • Leader to Leader
    • Cybersecurity Education & Training
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • The Security Leadership Issue
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
    • Podcasts
    • Polls
    • Photo Galleries
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Continuing Education
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!

Enterprise Theft by Cell Phone

By Joel Liebesfeld
October 1, 2007
After carefully following legal advice and enterprise policies, security can seize the cell phone and extract evidence. Pictured: Dr. Eamon Doherty uses Susteen’s Secure View to download pictures from a Motorola V710 camera phone for examination.


There are a growing number of instances in which an employee or visitor in a corporate facility, factory, research and development lab or business exposition has photographed sensitive information, prototype products or processes using a company or personal cellular phone and sent the data instantly elsewhere. Such actions may be illegal; some are legal; and some corporations have instituted policies and prohibitions on cell phones. This article shows how a chief security officer, working with his or her counsel, can conduct an investigation of a suspected phone. This advice is obviously most relevant to an employee’s cell phone, especially if that phone is provided or service paid by the employer.
– Editor

The extraction and examination of data, photographic pictures and documents stored within a cell phone is not especially difficult.

It is imperative that security or an outside contracted service be properly authorized to proceed before commencing with such an action. The correct “tools” make the actual process a routine exercise. In a corporate setting, for example, an allegation may be made about an employee inappropriately using a camera cell phone to take and send photos to another employee. An authorized requestor (what this article calls the AR) may initiate and lead an investigation as a result of such an allegation.

An employee places his company cell phone on the meeting table near sensitive corporate information. During the meeting, he picks up the cell phone “to check his messages” and captures pictures of the documents and sends them to a co-conspirator instantly.

GET LEGAL ADVICE FIRST

The AR often begins with a call to the general counsel or in-house counsel. This allows the AR to coordinate the process with human resources and telephone services and to make certain that all relevant use policies for the telephone, the computer, the Internet and hand-held devices were signed by the accused. Once counsel gives the authorization to proceed, based upon meeting the legal standard for such an action by the AR, then the incident response team, in coordination with physical security, may then investigate the situation.

The AR is the focal person in the investigation. It may be necessary to ask for or demand that the cell phone, the battery charger and the data transfer cable be surrendered.

Once the phone is collected from the employee, it is necessary to prevent any further wireless, infrared or Bluetooth communication with the device so that evidence is neither added nor deleted. The signal isolation of the cell phone may be accomplished with an aluminum foil pouch or a Faraday Bag. When the phone and apparatus is confiscated, a document called the chain of custody form is immediately filled out. This document will show the trail of the evidence from the time of its surrender or seizure through its processing and storage, and ultimately until its appearance in court.

The authorization stage of the evidence handling as well as its preservation has been thus far covered.

SOFTWARE TOOLS

The next stage of physically collecting the data should be done with a tool that includes a write blocker so that none of the evidence stored in the phone is altered. Device Seizure from Paraben, Secure View from Susteen and the Cell-Dek from Logic Cube are commonly used software tools that have been accepted by the legal system in other investigations that became criminal matters and went to court. These software tools include an assortment of phone cables. The listed software makers commonly send updates for their tools as new and differently formatted phones emerge and come onto the market. It is important to see if the forensic phone tool you choose also recovers deleted pictures and e-mail that has not been, as yet, written over.

In conclusion, as can readily be seen, a cell phone forensics component in the security operation of enterprises can easily be developed. It can be started by training security professionals with some online or in person classes at the Cybercrime Training Lab at Fairleigh Dickinson University or from the SANS Institute. There is a small group of free documents on the National Institute of Standards Web site (http://csrc.nist.gov/publications/nistpubs/800-101/SP800-101.pdf) that address the collection of digital evidence from cell phones. It is worth contacting places such as the Regional Computer Forensics Lab or the Computer Crimes Task Force at a local county prosecutor’s office to arrange for a tour of their facility to see how law enforcement examines phones.

SIDEBAR: Camera Phones as Theft Device

Camera phones share pictures instantly and automatically via a sharing infrastructure integrated with the carrier network. They do not use connecting cables or removable media to transfer pictures. Personal computer intervention is not necessary. Some camera phones use CMOS image sensors, due largely to reduced power consumption compared to CCD type cameras, which are also used. The lower power consumption prevents the camera from quickly depleting the phone’s battery.

Images are usually saved in the JPEG file format, and the wireless infrastructure manages the sharing. The sharing infrastructure is critical and explains the early successes of J-Phone and DoCoMo in Japan as well as Sprint and other carriers in the United States and the widespread success worldwide. Over 1 billion camera phones will be shipped in 2008.

Enterprises are responding to real and potential misuse of camera phones.

For example, more than half of members surveyed by the Society for Human Resources Management have written policies addressing the use of standard cell phones. Fewer have written policies for the use of camera phones.

Illegal use of a cell phone related to corporate espionage can lead to the headache of a federal investigation, indictment and criminal charges.

SIDEBAR: Economic Espionage

Sometimes an enterprise may choose to just dismiss an employee caught spying, often depending on the extent of the real or potential loss. More often visitors, contractors and others may face federal charges.

Economic Espionage (18 U.S.C. § 1831) – In order for one to be convicted of this statute, the government prosecutor, usually an Assistant United States Attorney (AUSA), must prove beyond a reasonable doubt:
  1. That the defendant stole, duplicated, communicated, bought, or otherwise obtained or provided access to trade secrets, without authorization; or

  2. That the defendant conspired with one or more person to commit any of the above mentioned acts; and/or

  3. That the defendant knew or intended for the acts to benefit any foreign government, entity, or agent.
Potential Punishment: Upon conviction, an individual may be fined up to $500,000 and imprisoned for up to 15 years. If the violation of the statute was committed by an organization, that organization may be fined up to $10,000,000. Additionally, 18 U.S.C. § 1834 mandates that the court, in imposing a sentence, shall also seize any property related to the unlawful act.

Theft of Trade Secrets (18 U.S.C. § 1832) -- In order for one to be convicted of this statute, the government prosecutor must prove beyond a reasonable doubt:
  1. That the defendant stole, duplicated, communicated, bought, or otherwise obtained or provided access to trade secrets, without authorization; or

  2. That the defendant conspired with one or more person to commit any of the above mentioned acts;

  3. That the defendant intended to obtain or communicate trade secrets for the economic interests of anyone other than the owner of that product;

  4. That the defendant intended or knew that such an act would in some way injure the owner of that trade secret.
Potential Punishment: Upon conviction, an individual may be fined and imprisoned for up to 10 years. If the violation of the statute were committed by an organization, that organization may be fined up to $5,000,000. Additionally, 18 U.S.C. § 1834 mandates that the court, in imposing a sentence, shall also seize any property related to the unlawful act.

When one is charged under this statute, the AUSA will seek an indictment from a Federal Grand Jury and may include charges for import crimes, export crimes, trading with the enemy, industrial espionage, transnational money laundering or nuclear, biological or chemical weapons, and is likely to couple those charges with lesser included offenses such as false statements or obstruction of justice where applicable. Should the government decide not to immediately seek indictment, one may be held under the material witness statute or, if related to any ongoing war (including the war on terrorism) may be held through combatant detention.

Source: McNabb Associates, a federal criminal defense law firm.

SIDEBAR: Tracking Lost Corporate Cell Phones

There are more instances of corporate or employee cellular phones lost or stolen. But technology exists to trace missing handsets.

One example:

A membership service called CellTrace (celltrace.com) preserves cell phone identities, blacklists missing (lost/stolen/mislaid) handsets, detects identities and facilitates retrieval of blacklisted handsets. This and other services maintain a global cell phone lost registry to facilitate retrieval of a phone, by informing the owner immediately with details, once a blacklisted handset has been detected on the tracing system.

Share This Story

Looking for a reprint of this article?
From high-res PDFs to custom plaques, order your copy today!

Joel Liebesfeld, MA, MAS, is chief executive officer with CounterMeasureSecurity.

Recommended Content

JOIN TODAY
To unlock your recommendations.

Already have an account? Sign In

  • Security's Top Cybersecurity Leaders 2024

    Security's Top Cybersecurity Leaders 2024

    Security magazine's Top Cybersecurity Leaders 2024 award...
    Top Cybersecurity Leaders
    By: Security Staff
  • cyber brain

    The intersection of cybersecurity and artificial intelligence

    Artificial intelligence (AI) is a valuable cybersecurity...
    Security Enterprise Services
    By: Pam Nigro
  • artificial intelligence AI graphic

    Assessing the pros and cons of AI for cybersecurity

    Artificial intelligence (AI) has significant implications...
    Technologies & Solutions
    By: Charles Denyer
Subscribe For Free!
  • Security eNewsletter & Other eNews Alerts
  • eMagazine Subscriptions
  • Manage My Preferences
  • Online Registration
  • Mobile App
  • Subscription Customer Service

More Videos

Sponsored Content

Sponsored Content is a special paid section where industry companies provide high quality, objective, non-commercial content around topics of interest to the Security audience. All Sponsored Content is supplied by the advertising company and any opinions expressed in this article are those of the author and not necessarily reflect the views of Security or its parent company, BNP Media. Interested in participating in our Sponsored Content section? Contact your local rep!

close
  • Crisis Response Team
    Sponsored byEverbridge

    Automate or Fall Behind – Crisis Response at the Speed of Risk

  • Perimeter security
    Sponsored byAMAROK

    Why Property Security is the New Competitive Advantage

  • Duty of Care
    Sponsored byAMAROK

    Integrating Technology and Physical Security to Advance Duty of Care

Popular Stories

Internal computer parts

Critical Software Vulnerabilities Rose 37% in 2024

Coding

AI Emerges as the Top Concern for Security Leaders

Half open laptop

“Luigi Was Right”: A Look at the Website Sharing Data on More Than 1,000 Executives

Person working on laptop

Governance in the Age of Citizen Developers and AI

patient at healthcare reception desk

Almost Half of Healthcare Breaches Involved Microsoft 365

2025 Security Benchmark banner

Events

June 24, 2025

Inside a Modern GSOC: How Anthropic Benchmarks Risk Detection Tools for Speed and Accuracy

For today's security teams, making informed decisions in the first moments of a crisis is critical.

August 27, 2025

Risk Mitigation as a Competitive Edge

In today’s volatile environment, a robust risk management strategy isn’t just a requirement—it’s a foundation for organizational resilience. From cyber threats to climate disruptions, the ability to anticipate, withstand, and adapt to disruption is becoming a hallmark of industry leaders.

View All Submit An Event

Products

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

See More Products

Related Articles

  • Intellectual Property Theft as Blood Sport

    See More
  • Digital Camera Forensics

    See More
  • Phishing Isn’t Fishing

    See More
×

Sign-up to receive top management & result-driven techniques in the industry.

Join over 20,000+ industry leaders who receive our premium content.

SIGN UP TODAY!
  • RESOURCES
    • Advertise
    • Contact Us
    • Store
    • Want More
  • SIGN UP TODAY
    • Create Account
    • eMagazine
    • eNewsletter
    • Customer Service
    • Manage Preferences
  • SERVICES
    • Marketing Services
    • Reprints
    • Market Research
    • List Rental
    • Survey/Respondent Access
  • STAY CONNECTED
    • LinkedIn
    • Facebook
    • YouTube
    • X (Twitter)
  • PRIVACY
    • PRIVACY POLICY
    • TERMS & CONDITIONS
    • DO NOT SELL MY PERSONAL INFORMATION
    • PRIVACY REQUEST
    • ACCESSIBILITY

Copyright ©2025. All Rights Reserved BNP Media.

Design, CMS, Hosting & Web Development :: ePublishing