Sit back and listen to a story about Justin Scott, a lawyer who admitted to spying on his former firm with TeamViewer. This is eCrimeBytes.com S 2 E 5-2 – Lawyer Spies On Former Firm – Act 2: The Investigation.
For the background, please listen to the prior acts:
00:00:10:00 – 00:00:12:03
Hey, welcome back to eCrimeBytes
00:00:12:03 – 00:00:35:07
Season two Episode five Now Act two, the investigation. So to catch you up, if you’re too stubborn to go back and listen to the background in Act One is we have Justin Scott, who is an attorney who, for whatever reason, either left or was fired from the Bratton Law Group, which Charles Bratton was his former partner.
00:00:35:07 – 00:00:43:22
A year goes by and a computer that Justin Scott used to use in the Bratton Law Group all of a sudden has this connection to it called Teamviewer.
00:00:43:22 – 00:00:54:22
And we sort of left in that little cliffhanger of what was going to come next. So if we could jump right back into the story, why don’t you tell us what happened next Seth?
00:00:54:24 – 00:01:30:15
All right. So on September 20th of 2019, at around 8 p.m. at the store at the Bratton Law Group, and keep in mind, Mr. Scott has been gone or about a year, associate Bravette testified that when he searched for Teamviewer on his work computer, it had a connection named Justin Scott. So that’s odd, right? So you get a guy who is associated with a remote control tool that is not supposed to be on his machine.
00:01:30:18 – 00:02:00:26
Suddenly, it is on his machine and it’s associated with Justin Scott. And as a caveat, Bravette’s actual work computer use to be assigned to Justin Scott. So first, I got to ask you, Dr. Jones, wouldn’t it make sense for any kind of repurposed laptop to be generally wiped and kind of reset, you know, for various reasons, right. You know, not only for privacy reasons and generally general cleanliness, but, you know, a new a new version of the OS has to be added and whatnot.
00:02:00:29 – 00:02:17:25
I know at my corporation they will reuse a machine if it’s new enough, but they definitely will reset it, you know, not just kind of transfer. I guess the you know, the not say the ownership, but I guess the profile.
00:02:17:27 – 00:02:31:19
Yeah, I you hit on something that I thought when I was researching this and that was it were it, if they would have wiped this desktop clean we probably would not be having this podcast episode because Teamviewer wouldn’t be on there.
00:02:31:19 – 00:02:32:06
Would it be Right.
00:02:32:07 – 00:02:38:00
Scott wouldn’t have access to it so far. So yeah, that’s you hit on the same thing.
00:02:38:02 – 00:02:39:12
Yeah, we’re on the same page.
00:02:39:12 – 00:02:41:07
So anyway, so Bravette notified
00:02:41:07 – 00:02:43:20
Charles Bratton, you know, the head of the firm of what had happened.
00:02:43:20 – 00:03:12:27
And he also noted that he didn’t use Teamviewer, he didn’t know what Teamviewer was. And until that evening he didn’t know it was even installed on his computer. And I’m talking about Bravette. So at this point, there’s this remote control application that’s registered to Justin Scott on Bravette’s computer and there’s access happening. And if you don’t know anything else at this point, you might say, Oh, might be a hacker out there that’s just using this to get in.
00:03:12:27 – 00:03:29:26
And yeah, it might be true, but you’re going to find out later on how this program works, where it’s pretty specific, where Justin’s Scott is likely the or he was because he admitted it but he was the one behind the connections. Now
00:03:29:26 – 00:03:41:18
when this happens, like any law firm, I imagine when something strange happens they go to their I.T. firm and say, Hey, something strange is happening with this computer.
00:03:41:20 – 00:04:13:24
Can you tell us what’s going on? And the I.T. firm in this case is named Able Technology, and you’re going to hear us say the word able throughout here. That’s who we’re talking about. It’s just the IT firm to the law firm. So when they engaged, Able, Able came back to Bratton and said Teamviewer is installed and has been accessed several times on this computer and because of this, we think you should go out and get a computer forensics firm to take a look at it.
00:04:13:26 – 00:04:31:23
They said, you know, and I’ll explain what a computer forensics firm is here in a second. But beyond that, Able then said, I was able to tell the software was set up and registered to Justin Scott, and the access to it has been made from that Justin Scott account several times.
00:04:31:23 – 00:04:39:01
So a computer forensics firm is a firm that will specialize in reconstructing what happens on a computer.
00:04:39:01 – 00:05:08:26
So probably everybody’s familiar with plane crashes and after a plane crash, someone goes find the flight recorder and they put it together and they put a picture of what happened on that plane up until the crash, computer forensic firms sort of do the same thing for computers to let you figure out what happened on a computer. And it’s usually used for investigative purposes like this where you think somebody may have had unauthorized access to your data.
00:05:08:26 – 00:05:35:13
So the law firm engages a computer forensics firm. And when they did their investigation, they found that there were six access to the computer. And I’ll just read you the data in case you’re curious. It’s June 9th, 2019 September 9th, 2019. September 10th, 18th and 20th of 2019. So once in June and then four times in September of 2019.
00:05:35:13 – 00:05:56:02
Now, what I thought was interesting, I’m going to just make a real quick nerd pause here is I didn’t find anything in the court paperwork that says how they tied the connection specifically to Justin Scott. A lot of times you have to tie it to IP addresses, and IP addresses have to get tied to physical addresses and stuff like that.
00:05:56:02 – 00:06:02:02
That wasn’t in the court paperwork. So I don’t really have that picture that I can answer for you. Unfortunately.
00:06:02:02 – 00:06:25:28
So here’s the thing. The Bratton firm did allow for remote work. However, the remote work application wasn’t Teamviewer. Bratton himself later testified that it was not used. He never authorized its use at the firm, and that Bratton testified that he believes that Justin Scott had specifically installed Teamviewer on his own computer. Which begs the question. Jones did he?
00:06:25:28 – 00:06:47:19
And assuming that we take that as sacrosanct, which we learned later, that is true did Justin Scott install Teamviewer and knowingly violating his own computer company’s policy or knowing that it was not a tool they were supposed to be using because the existing remote application wasn’t good enough, or because he kind of feels like I may be on my way out of here.
00:06:47:26 – 00:07:05:12
This is a nice way for me to kind of take a look see, because that would divulge to me a significant ulterior motive and, you know, kind of pre thought, right. You know, to do this, which gets into criminal intent kind of thing, which seems like it’s out of scope for purposes of what they ultimately want to do with the guy.
00:07:05:12 – 00:07:31:05
But it’s certainly kind of sketchy, Right. You know, and also, I can tell you in my space, you know, it is a scary thought to think that there’s such a huge, let’s call it spectrum of what levels of security are applied to, like, you know, your AM law, top ten firms, the biggest firms in the world and some random smaller firms who, you know, basically have very, very de minimis security protocols on on their systems.
00:07:31:05 – 00:07:39:09
I’m sure there’s I know there’s a huge spectrum. And it’s kind of scary because they all all those lawyers are subject to the same ethical and professional requirements.
00:07:39:09 – 00:08:01:11
Yeah. And I think some of the questions you asked are going to get answered, and I’m not going to spoil it right now because we’re at the end of Act two, because at this point the investigation is pretty much well under way. They have a pretty good ideait might be this individual named Justin Scott, because as freaking name was in there and it used to be his computer.
00:08:01:14 – 00:08:23:21
And now tomorrow we’re going to walk you through Justin Scott coming clean and telling you exactly what it was that he did. And that’s going to paint more of a picture of this electronic crime. So if you enjoyed anything in this act, please, whatever app you’re watching or listening to us on, give us a like give us a subscribe.
00:08:23:21 – 00:08:43:29
So that way you know of these new episodes that come out. And specifically if you’re on Apple Podcasts, if you could give us a five star review that really helps us move us up the charts so new people find out about us on there and Apple Podcasts tends to be about half of our audio listeners. So that would help us out a lot.
00:08:44:02 – 00:08:52:05
And we really appreciate it. So with that, do come back, we’re going to get right into Justin Scott coming clean tomorrow. Thanks.
#ecrimebytes #cybersecurity #computer #electronic #truecrime #podcast #security #hacker #humor #funny #comedy #lawyer #spy #spies #teamviewer