Forensic Files: The Case of the Suspiciously Flawless Investigation

When business security is spotless, look to third parties for errors.

By: David Ellis

The following post is a segment in my Forensic Files series. I’ve found the best way to inspire better security practices is to show examples of true security blunders. Hopefully the security failures I’ve seen while investigating compromised businesses will help you realize some actions you should take to ensure your own business’ security.

What happens when forensic investigators can’t find evidence of a compromise? In a recent forensic investigation of an ecommerce ticketing site, we were placed in this exact scenario. As far as we could tell, the ticketing site was PCI compliant and showed no sign of vulnerability.

Eventually, we discovered that this ecommerce vendor licensed many third parties to sell tickets to their events. It dawned on us that the breach could have been caused by a third party.

Although the original ticketing site was secure, one of their resellers was not. The close shave inspired them to exercise extra diligence when selecting partners in the future.

View the Slideshare.



Was this post informative? If so, please share!


David Ellis (GCIH, QSA, PFI, CISSP) is Director of Forensic Investigations at SecurityMetrics with over 25 years of law enforcement and investigative experience. Check out his other blog posts.