Security "Bits"

Who Leaked that Spreadsheet onto Dropbox?

By Rich Campagna | August 1, 2014 at 9:00 AM

spreadsheet_data_leakageYou can imagine the scenario - somebody finds a particularly sensitive corporate document shared publicly on the Internet, perhaps on a file sharing service like Dropbox. You are tasked with figuring out who leaked that document outside of the company. What do you do?

For one customer, this was a real situation. He responded with what I thought was a logical approach. He was first able to narrow the time period of the potential leak down to just a few days by looking at file version and history. From there, he proceed to (attempt to) find all of the public IPs of Dropbox - not entirely possible given that they are dynamic.

He then took those IP addresses, and his time window, and began pouring through logs of firewalls trying to find potential culprits, knowing the whole time that it was entirely possible that the person leaked the file from outside the firewall on an external network. He proceeded to spend countless hours looking through logs, and then trying to figure out who it could have been, with no idea whether a particular transaction was the one in question because there way to tell when the document was transmitted. 

Reads a bit like a detective novel...

Unfortunately, he never did figure it out. With Bitglass, the file would have been embedded with a unique fingerprint. Solving the mystery would have been as simple as uploading the file to Bitglass, after which the entire history of that file would have been displayed. Here's a sample:




see all