Computer Crime and Computer Fraud Computer crime means a crime involving computer resources, including using a computer to commit a crime. Computer fraud means using computer resources to defraud . EECS4482 2016 David Chan

Examples of Crime Targeted at Computer Resources Hacking. Deliberate virus spreading. Theft of information, software or hardware. Theft of computer resource usage. Denial of computer services by means of malicious software or messages. Message interception. EECS4482 2016 David Chan

Examples of Crime Committed with Computers Scams Phishing Defamation of character. Disseminating hate propaganda. Threats Developing, holding or spreading child pornography. Ransomeware EECS4482 2016 David Chan

Phishing Using email to entice recipients to give out banking information. It is going around in the world. It is a form of identity theft, the sender purports to be from a bank, with intent to defraud. EECS4482 2016 David Chan

Spear Phishing Spear phishing is an email spoofing fraud attempt that targets a specific organization, seeking unauthorized access to confidential data. Spear phishing attempts are not typically initiated by "random hackers" but are more likely to be conducted by perpetrators out for financial gain, trade secrets or military information. EECS4482 2016 David Chan

Ransomware The Locky virus, a new ransomware the encrypts users’ files and demands payments to decrypt them, made an impressive debut in February, locking files in 60,000 computers in Germany and the United States. Anti-virus software can prevent most of such viruses but cannot save your files once infected. David Chan, Nov 2016

Computer Fraud Using a computer to defraud. Fraud is an intentional act to deceive or mislead, convert assets to one’s own benefit, or make intentional false statements or misrepresentations often accompanied by omission, manipulation of documents or collusion. EECS4482 2016 David Chan

Elements of Fraud A perpetrator lacking integrity or ethics Motivation to commit fraud Opportunity to commit and conceal fraud False representation to a substantial degree EECS4482 2016 David Chan

Elements of Fraud Factor to induce a victim or accomplice to act Intent to defraud Injury or loss sustained EECS4482 2016 David Chan

Computer Fraud The fraud provisions of the Criminal Code have been used to prosecute people who used computers to commit frauds. The Internet is increasingly used to perpetrate fraud because of its reach and the impulse responses of Web surfers. EECS4482 2016 David Chan

Examples of Computer Fraud Manipulating systems or causing glitches to “smooth” quarterly earnings Employee selling of customer lists to competitors Fictitious insurance policies to defraud insurers and reinsurers EECS4482 2016 David Chan

Internet Fraud A scheme that uses one or more components of the Internet - such as chat rooms, e-mail, message boards, or Web sites - to present fraudulent solicitations to prospective victims, to conduct fraudulent transactions, or to transmit the proceeds of fraud to financial institutions or others connected with the scheme. EECS4482 2016 David Chan

Major types of Internet Fraud Auction or sales inducing the victim to send money or give out credit card numbers for promised goods Business opportunity Work-at-home program EECS4482 2016 David Chan

Major Types of Internet Fraud Investment scheme Stock market manipulation by spreading fictitious news about public companies Identity theft EECS4482 2016 David Chan

Equity Funding A classic case of computer fraud and crime - a billion dollar bubble Officers and employees of the company set up 64,000 fake insurance policies and sold them to reinsurers. EECS4482 2016 David Chan

Equity Funding To come up with the premium payments which the reinsurers expected to receive, the perpetrators generated more fake policies and sold them to the same and other reinsurers. The fraud snowballed for 12 years. EECS4482 2016 David Chan

Equity Funding The fraud was revealed by a disgruntled employee who had been fired. The case involved massive collusion. The computer made it easy to generate the fake policies, which accounted for 70% of the issued policies over a 10-year period. EECS4482 2016 David Chan

Barings Bank Nick Leeson, a rogue trader, concealed trading losses that led to the Bank’s demise. He used the account code “8888” to set up accounts containing secret transactions. Computers and management trust based on chemistry and seniority helped him hide these transactions. EECS4482 2016 David Chan

Societe Generale Fraud Societe Generale said that a trader who evaded all its controls to bet $73.5 billion -- more than the French bank's market worth -- on European markets hacked computers and "combined several fraudulent methods" to cover his tracks. Kerviel, 31, and a former programmer, carried out unauthorized trades that resulted in 4.9 billion euros ($7.1 billion) in losses. EECS4482 2016 David Chan

Societe Generale Fraud Even before his massive alleged fraud came to light, Kerviel had apparently triggered 75 alarms at Societe Generale -- France's second-largest bank -- with his trading, but not to a degree that led managers to investigate further. But Kerviel explained away the red flags as trading mistakes. EECS4482 2016 David Chan

Societe Generale Fraud Since those bets greatly exceeded the amount of capital he was allowed to put at risk, Kerviel entered fictitious and offsetting trades in Societe Generale's computer system that appeared to minimize the odds of big losses, the bank said. The trades were purposely chosen to avoid detection because they did not require cash contributions and were not subject to margin calls, which would require putting up more money if the fictitious bet soured. EECS4482 2016 David Chan

Societe Generale Fraud Societe Generale said Kerviel misappropriated other people's computer access codes, falsified documents and employed other methods to cover his tracks -- helped by his previous years of experience when he worked in other offices at the bank that monitor traders. EECS4482 2016 David Chan

Societe Generale Fraud Kerviel's downfall started in the days before Friday, Jan. 18, when Societe Generale tightened lending restrictions on one of its customers, an unnamed large bank. He had apparently used that bank's name for one or more of his fictitious trades. EECS4482 2016 David Chan

Controls Against Computer Crime and Fraud Segregation of duties Management and independent review Restricted access Code of business conduct EECS4482 2016 David Chan

Controls Against Computer Crime and Fraud Intrusion detection and prevention systems Encryption Security education Analytical review EECS4482 2016 David Chan

Controls Against Computer Crime and Fraud System monitoring Security check on new hires and contractors An established process for whistle blowing and investigation Exemplifying management culture EECS4482 2016 David Chan

Controls Against Computer Crime and Fraud Lock laptops when not attended to Scheduled refreshment of web sites from the backup version to nullify even minor changes by hackers such as changing a key word in the user agreement or a rate EECS4482 2016 David Chan

During a Fraud Investigation Touch base with management immediately when suspecting a fraud has occurred (consider management independence) Use encrypted or out-of-band communication EECS4482 2016 David Chan

During a Fraud Investigation Document everything including time spent Take screen shots where possible Preserve the chain of evidence Store records securely EECS4482 2016 David Chan

During a Fraud Investigation Involve a minimum number of people Proceed only with senior management request. Ask concise and open questions Be a patient listener Involve law department EECS4482 2016 David Chan

During a Fraud Investigation Use forensic tools like Encase to image hard disk remotely or onsite while preserving integrity. Avoiding shutting down suspect computers using the OS as doing so may compromise audit/crime trail. Use forensic data analysis software. Backup evidence and store it securely and safely from environmental damage. Scan electronic evidence for virus. EECS4482 2016 David Chan

During a Fraud Investigation Backup evidence and store it securely and safely from environmental damage. Scan electronic evidence for virus. Use Discovery Accelerator to analyze deleted and archived email. EECS4482 2016 David Chan

During a Fraud Investigation Keep management informed Maintain arms-length relationships with management and people being investigated or interviewed. Continuously assess the need to involve the police EECS4482 2016 David Chan

Conclusion Computer crime and computer fraud on the rise Organizations should have chief ethic officers EECS4482 2016 David Chan

Review Questions What computer crimes can result from identity theft? What internal controls can organizations implement to prevent system alteration? What are some system controls that can prevent or detect disbursement fraud? . EECS4482 2016 David Chan

MC Question Which address is most useful in a forensic investigation? A. IP B. MAC C. URL D. Email EECS4482 2016 David Chan

MC Question If a forensic investigator inspects a computer containing a critical file that is known to be highly encrypted but currently opened, what should the auditor do? a. Pull the plug on the computer. b. Perform an orderly shutdown on the computer. c. Make an immediate shadow volume copy of the entire hard drive. d. Browse the open file. EECS4482 2016 David Chan

MC Question Which software tool can undo the effect of applying disk wiping? A. Encase B. Password cracker C. Firewall D. Discovery Accelerator EECS4482 2016 David Chan

MC Question What computer crime does a firewall mitigate against? A. Hacking B. Identity theft C. Virus spreading D. ATM skimming EECS4482 2016 David Chan

MC Question Which of the following techniques or tools is most useful to detect a bank loan fraud committed by a branch manager? A. Benford analysis B. Firewall C. Segregation of duties D. Discovery Accelerator EECS4482 2016 David Chan