To print: Click here or Select File and then Print from your browser's menu

This story was printed from silicon.com, located at http://www.silicon.com/

Story URL: http://www.silicon.com/research/specialreports/compliance/0,3800003180,39123338,00.htm

IM the prime suspect in City leaks
But computer forensics is on the case...

By Ron Coates

Published: Friday 20 August 2004

The use of instant messaging is booming in the City and so is its use to evade the long arm of compliance regulation.

Despite the imminent arrival of tighter legislation such as Sarbanes-Oxley, many traders and financial workers appear to still be 'making hay while the sun shines' - or rather leaking data while the holes exists to do so.

Adrian Palmer, UK managing director of data recovery specialist KrollOntrack, said: "It's been a progressive trend. We are getting cases where confidential information is being leaked and the most likely form is MSN Messenger or another IM system. Company officials are looking for support that something was said to a particular person at a particular time."

People working at financial institutions who have phone calls and emails monitored may think IM is invisible to management. But everything leaves a trace, according to Kroll senior forensic engineer Robert Weston.

He said: "We can look at the register and we can recover fragments of the text. We are getting an increased number of requests to do this. But, of course, the more people use it, the more people will use it as a device to do something they shouldn't.

IT staff can set up sophisticated data capture devices on servers to keep track of IM and record it. There are various techniques for monitoring traffic and most involve a keyword search. According to Palmer, this can be tailored to the individual and Weston points out that keyword lists can be very "dynamic" - that is, frequently updated.

In the UK, employers are obliged to notify employees if they have this sort of monitoring system - and post compliance deadline all will need to - or they will need to outlaw any IM applications which cannot be archived and audited.

Although IM can be a security risk, banning it is not the answer, said Weston.

"Organisations which have tried to ban it can see a loss of efficiency. It makes a great difference when you can see that a colleague is on line, ask the question you need to and get an answer. With email, you may never get one.

"But while most people are aware of the vulnerability of email [to surveillance] and prefer IM, they will find that it might come back and bite them."