Imagine opening your email account at work and receiving a message that threatens violence against your family. Or walking back to your desk and finding a printed message with similar threatening contents.
Intimidation at work may not be widespread in the Republic but, at a security seminar in Dublin yesterday, a group of about 65 IT security mangers heard that this is exactly what happened to one senior executive working at an Irish company.
"Our initial suspicions were that it was someone inside the firm because of the personal detail in the email message," says Mr Paddy Roberts, president of the Information Systems Security Association Ireland (ISSA), a division of the global organisation of information security professionals, which helps firms solve computer crime.
But the IP address - the unique identifier that is attached to every host computer connected to the internet - showed that the email had been sent to the executive from a computer at another company in Dublin.
Mr Roberts, who also works as director of IT security at Elan Corporation, contacted the company where the email originated and the Garda to help track down the perpetrator.
He also checked the names of staff members who had worked previously with the executive at the firm against an employee list from the company where the intimidating email was originally sent from.
This procedure turned up the name of a contractor who had worked in both companies. By the time the Garda had arrived, the perpetrator had confessed to sending the intimidating email and the complaint to the Garda was subsequently withdrawn by the executive.
Increasingly, crime against firms is perpetrated by people on the inside using technology, says Mr Roberts, who was recently involved in a successful prosecution in Northern Ireland of a person who used email to try to extort cash from another firm.
"Technology isn't the problem; it is people. It comes down to educating your workforce and a realisation that it takes a lot to get rid of bad habits in the workforce, such as swapping log-in passwords," he says. "Firms have to learn the lesson of organisation."
No statistics are available on the extent of computer-based crime in the Republic but anecdotal evidence suggests that it is on the rise. And judging by the interest in the computer crime seminar organised by the Dublin-based IT security consultancy Espion, firms are beginning to take it more seriously.
The run of redundancies in the technology sector is also creating a pool of angry former employees with a deep knowledge of their company's internal computer systems.
Many firms refuse to let employees log on to their computers when they are informed of their redundancy.
Prevention is probably the best method of protecting computer systems but, increasingly, firms are using sophisticated computer forensics techniques to monitor, track and gather evidence on employees' use of their systems and various criminal activity that uses technologies.
At a seminar in the National Concert Hall yesterday, Espion demonstrated how it is helping firms deploy a range of powerful software tools to detect and analyse computer use.
"We install software which protects systems from external hackers and can monitor whether internal staff members are trying to open certain files," says Mr Colman Morrissey, managing director of Espion. "There has been a big increase in interest expressed by companies recently as the onus is now on executives to protect their data."
Espion offers firms a range of security software, such as Counterpane - a product that offers 24- hour, seven days a week monitoring of any network device and can deliver alerts to IT security personnel when suspicious activity is taking place.
It also offers firms a software package called EnCase, a forensic suite of products that enables investigators to take a mirror image of a computer's hard drive.
This mirror image will include details of all deleted files and enable investigators to organise and interrogate the hard drive without compromising any of the data.
"Forensics can be used to trace back an action. To determine categorically what a particular computer was used for and where an email was sent from," says Mr Morrissey, who used this software last week to solve a case where an employee of a firm was breaking into his ex-girlfriend's email account to read messages.
But identifying the misuse of company equipment or computer crime is only the first step. To deter people from taking part in these activities, increasingly firms will need to prosecute people, according to Det Sgt John Finan, a founding member of the Garda Bureau of Fraud Investigation's computer crime unit.
"People are starting to realise that this is not some sort of blight on their character if they get attacked," he says. "They have an obligation to tell us."
There has not been a successful conviction for pure computer crime yet in the Republic but the computer crime unit has used computer forensics to assist in a range of criminal operations.
"What supports a criminal investigation is evidence," says Det Sgt Finan. "Digital evidence consists of electromagnetic pulses interpreted by the computer's operating system and applications to produce a visual or printed image. . . It is the hard drive which is the real evidence."
This is the area where the EnCase software comes into it own. It is already used by almost all the major law enforcement agencies, including Scotland Yard and the Garda Bureau of Fraud Investigation's computer crime unit. It also played a pivotal role in the Garda's recent successful investigation into child pornography in the Republic, Operation Amethyst.
Guidance Software, the company that developed EnCase, says one of its crucial strengths is that it does not write on the hard drive itself, which means it does not alter evidence that may have to be used in a court of law. Even if a hostile user attempts to wipe evidence on the hard drive by using special deleting software, EnCase should be able to read the deleted material, according to Ms Bonnie Banerjee, Guidance Software's enterprise business manager.
"The only way to destroy evidence which is stored on a hard drive is by atomising the hard drive," she adds.
Private firms are increasingly purchasing this type of powerful software to conduct internal investigations, says Espion. But the company admits there is still a question mark over the legality of using it to investigate an employee's computer.
"The modern employer must realise he is not a public prosecutor and must seek the help of the Garda," says Mr John Mark Downey, a partner with Patrick F O'Reilly Solicitors. "Constant random monitoring and one-off investigation of employees is not allowed under Irish law."
In the US, 74 per cent of major firms record and review their staff's communications but under European law employees have a legitimate right to privacy in their working life, says Mr Downey.
The proposed Data Protection (Amendments) Bill 2002 is unlikely to change this significantly. Therefore, investigations conducted by private firms, even if they use the most sophisticated forensic software, may not stand up in an Irish court.
