Navigating a complex company takeover

For BusinessFor MSP's
Written By Matt O'Kane

A case study on work that Notion Digital Forensics have completed.

Notion Digital Forensics was approached by an Australian company that had recently acquired a foreign website and application with a large user base and significant revenue potential. However, the purchasing business had taken the site offline due to strange behaviors, causing significant financial losses. They sought our help on an emergency basis to determine if a breach had occurred, contain the breach, and get the site back online.

After that, we were instructed to determine if the website/application was breached by insiders or external criminals, and if any negligent actions happened.

Objectives

The objectives of the project were:

  • To investigate the cause of the website’s strange behaviours and determine if a breach had occurred

  • To identify and contain any potential breach rapidly

  • To assist the client in getting the website back online and operating at its maximum potential

Approach

Notion Digital Forensics employed a multi-faceted approach to investigate the case:

  • We examined extensive source code to identify connections to credit card systems

  • We analyzed complex Docker container setups in Amazon Web Services

  • We used historical sources to determine when domain name records were changed

  • We conducted interviews with key stakeholders to gather additional information

Results

Our investigation revealed that the purchasing business had been the victim of malicious actions by some of the acquired company’s previous staff. We discovered that these staff members had emailed customers, falsely informing them that the website was being shut down after the purchase.

We also found that the purchasing company had engaged several poorly qualified consultants, which led to disruptions in their email service for months and part of the website going offline for three months without their knowledge. These issues also prevented customers from contacting them via the Zendesk support system.

Conclusion

Notion Digital Forensics was able to identify the problems, create a detailed timeline, and distinguish between issues caused by poor management, negligence, and malicious or embezzlement actions. Our findings and recommendations helped the client get back on track, and we connected them with professionals who could help optimize their app and website’s operation.

This case study demonstrates our expertise in navigating complex digital forensics investigations and our ability to provide comprehensive solutions to our clients, even in challenging circumstances.

Matt O'Kane
Next

Uncovering unauthorised remote access