[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

eWatch and CyberSleuth (fwd)

---------- Forwarded message ----------
Date: Fri, 30 Jun 2000 19:01:49 -0400
From: James Love <love@cptech.org>

Given the interest in the Microsoft/Oracle surveillance news stories, 
it might be interesting to look at the activities of eWatch, a firm 
that offers a number of services that include surveillance of activism 
or criticism of a company -- services that are resold through an 
important Microsoft PR consultant.  Through its "CyberSleuth" service, 
eWatch can monitor what people do or say on the web, and respond.

     "On the Internet, there are many communication 
     tools at our disposal. We can post back to the 
     message boards where the original postings 
     appeared to give our side of the story, provide 
     clarification or debunk it. We can email directly 
     those we think were affected by the incident."

Edelman, the PR firm, is a reseller of eWatch services.  This is from
the Edelman Interactive Solutions web page:


"From not-for-profit organizations like Chicago's Shedd Aquarium to
corporate powerhouses like Microsoft, Barnes & Noble and Unilever,
Edelman Interactive Solutions has been fortunate to work with some of
the best companies in the world."

And this is from the eWatch page on its CyberSleuth page:


   eWatach CyberSleuth
   It is unfortunate that companies are being targeted by entities whose
motives are fraudulent, deceptive or criminal. eWatch CyberSleuth will
attempt to identify the entity or entities behind the screen name(s)
which have targeted your organization. eWatch CyberSleuth includes a
30-day subscription to the eWatch All Coverage Bundle (except WebWatch)
with the screen name(s) as the sole criteria. eWatch CyberSleuth
requires 7 to 10 days to complete from the date of submission and costs
$4,995 per screen name. 48-hour turn around is available for an
additional $1,995 per screen name. Results will vary and cannot be
guaranteed. Customers will receive a dossier detailing all information
gathered about the subject during the inquiry. Click here to order. 

   Counteracting Online Anti-Corporate Activism
While the Internet is in fact a new medium, based on our five years of
experience in helping companies monitor the Internet, most of the old
rules with respect to how we respond and react still apply. The biggest
differences are that our actions are more public, the audience is larger
and we're running in real-time. 

   There are six major motivations for online activism. The same
response methodology cannot be used for all of them. It is critical to
understand the motivation or motivations behind online attacks in order
to employ the correct response mechanisms. The six motivations include: 

        Legitimate complaint. 
        Behavior influencing (Environmental group targeting an oil
          company, etc.) 
        Stock manipulation. 
        Mis- or dis-information. 
        Fraud and extortion. 

   Troubleshooting dubious postings need to happen on four fronts (what
we call these the four C's): 


   Before troubleshooting, decide if action is warranted. Let's face 
it, there is a lot of awful content on the Internet about even the best
companies. To take action on every occurrence is impractical.  What are
the key triggers that your company will use to prioritize and classify
online threats?  In our experience, other companies have used these
standards, among others, for online threat assessment: 

        Threats against the safety of employees. 
        Threats against property (physical and intellectual). 
        Decreasing sales. 
        Lowering stock price. 
        Affecting litigation. 
        Affecting negotiations (labor, acquisitions, etc.). 

   If the attack is prioritized for action, then containment is the 
next step.  Containment is a two part endeavor focusing on (1)
Neutralizing the information appearing online, and; (2) Identifying 
the perpetrators behind the postings, rogue website, hack, etc. 
Neutralizing information posted online, if appropriate, is the removal
of the offending messages from where ever they appear in cyberspace. 
This may mean something as simple as removing a posting from a web
message board on Yahoo! to the shuttering of a terrorist web site.  The
objective is to not only stop the spread of incorrect information, but
ensure that what has already spread is also eliminated.  Victims of
verifiable libel and trademark infringement have a much easier time
neutralizing Internet content in our experience.  Non-libelous content
but nonetheless incorrect or offensive content is less likely to be
removed by 3rd party search engines, ISPs, etc. 

   Identifying the perpetrators behind the action requires the kind of
special expertise that we've assembled for out eWatch CyberSleuth
product. Internet attackers attempt to cover their tracks by erasing
identifying personal information from their postings, using anonymous
remailers to strip off network information, posting under assumed names,
etc. Identifying these perpetrators is done using a variety of methods
such as following leads found in postings and web sites, working ISPs,
involving law enforcement, conducting virtual stings, among other

   Depending on the scope of the event, it may become necessary to
communicate to our key audiences about an incident that is occurring
online. Our key audiences may include our employees, vendors, customers,
prospects, regulators, beat journalists, financial analysts and
investors (retail and institutional). The purpose of communicating 
with our key audiences is to signal that we are on top of the situation 
and have, or are working, to resolve it. When our key audiences are
communicating in real-time, so must we. In certain situations, the lack
of a response will be viewed as incompetence or worse, that there is in
fact something to hide. As in other media, perception is reality. 

   On the Internet, there are many communication tools at our disposal.
We can post back to the message boards where the original postings
appeared to give our side of the story, provide clarification or debunk
it. We can email directly those we think were affected by the incident.
We can use our own web site -- or set up a temporary micro site -- to
address the situation in detail.  Micro sites are useful for
communicating a lot of information to a lot of people in a short period
of time...especially journalists. For situations that are or have the
potential to affect a large number people, companies are also using
traditional media tools such as news releases and media relations that
can reach outside the online world more effectively. 

   Regardless of the method used, the targeted company has to evaluate
these tools with great caution. What may appear to a company as a
serious incident may in fact not be to its key audiences. By
communicating even to a small audience we run the risk of creating a
larger problem where one did not exist before. And on the Internet, it
is easy for our adversaries to take our response out of context.
Furthermore, when communicating with our adversaries directly,
everything we send them will more than likely appear online. Depending
on the situation, curt letters from corporate lawyers merely serve to
bolster their claims. 

   Based on the information that is learned about the perpetrator(s),
and given the seriousness of the offense, the appropriate
countermeasures are taken. These may include everything from simply
exposing the individual online all the way to arrest. In some cases, 
the perpetrator is an employee of or contractor to the targeted 
company. In these cases, termination of employment is customary. 

   Counteraction may also include closing loop-holes in computer
networks or developing new security procedures to prevent a recurrence. 

   For more information on eWatch CyberSleuth or to discuss a specific
situation you may be facing, please email info@ewatch.com or call

James Love, Director           | http://www.cptech.org/
Consumer Project on Technology | mailto:love@cptech.org 
P.O. Box 19367                 | voice: 1.202.387.8030
Washington, DC 20036           | fax: