Bank Crime Investigation Techniques by means of Forensic IT Technological Crime Trends Gina Carletti’s Scotiabank Canada

Agenda Risk Mitigation Prevent, Detect & Respond Focus on Technological Crime and Forensics Technological Crime Trends Business Impact/ Potential Risk Computer Forensics Forensic Tools Technology as an Investigation tool Recommendations Q&A

Technological Crime Investigators: Risk Mitigation Technological Crime Investigators: Understand the value of the business assets. Identify the threats in the environment. Review security measures in place. Mitigate residual risk to an acceptable level.

Prevent, Detect and Respond Strategies Prevent: the act of preventing the unwanted event The best protection Anti-Skimming Devices Monitors Systems Staff and Customer Education, Training/Awareness Detect: the act of detecting the unwanted event Identification of high risk customers and services. Detection of attacks either being planned or in progress. Respond: after the fact investigation Investigations gather facts, reports to business lines with recommendations and risk assessments.

Focus on Technological Crime and Forensics Profile of an Investigator Manage and respond to time sensitive Electronic Crime Investigations. Intelligence analysis used to identify new suspect profiles that may be involved in money laundering, fraud or other criminal activity. The identification of new technological crime trends and exploit vectors. Provide computer forensic support to investigations such as: Defalcation, Irregular practice, Bank Card Fraud, etc. Provide technical assistance in personal security incidents.

Technological Crime Trends Computer crimes have become increasingly common due to the prevalence of computers today. As technology advances and becomes more sophisticated, so does computer-based crime. Computers have been used for embezzlement, money laundering, fraud, organized crime and various other illegal activities, e.g. identity theft. Note: Computer and cyber forensics as well as electronic surveillance are now common tools used to investigate fraud.

Technological Crime Trends - Continue… Phishing - A form of social engineering personal information from victims (customers) via spoofed emails/websites. Pharming – Criminals hack a Domain Name Server, or a user’s computer/wireless router, to direct unsuspecting individuals to a fake website to steal their user ID and password. Crimeware - Malicious software/hardware that can infect the victim’s (customers) computer to capture, record and transmit data to be used fraudulently. e.g. keyloggers, trojans.

Technological Crime Trends - Continue… Online Social Networks – websites that allow people of common interest to share experiences. In the social networking site Myspace, the fraudsters have discovered ways to inject malicious code and deceive users to divulge confidential information. Vishing - Is also a social engineering method that incorporates the use of Voice Over Internet Protocol (VOIP) and traditional phishing tactics to garner confidential personal information. Skimming (ATM/POS) - is where the data in the card's magnetic strip is copied to a duplicate card without the card owner's knowledge

Technological Crime Trends - Continue… Mobile Devices - is a pocket-sized computing device, typically utilizing a small visual display screen for user output and a miniaturized keyboard for user input. May result in confidential information being lost Unsecured data warehouses and/or tape backup delivery channels - Security breach resulting in loss of confidential information, putting consumers and organizations at risk of crimes, such as identity theft. Regulations - Compliance with SOX, AML/ATF, Basil II and others regulatory requirements are driving security improvements and policy.

Business Impact/ Potential Risk Reputation Risk Identity Theft Financial Losses Information leakage and targeted attacks Threat to network security Hinder user productivity Bandwidth Consumption Legal Risk

Computer Forensics The simple definition of computer forensics ... is the art and science of applying computer science to aid the legal process Computer forensics is done in a fashion that adheres to the standards of evidence that are admissible in a court of law e-discovery, requires the proper tools and qualifications to meet the Court's procedural criteria

Digital Media Acquisition & Examination Forensic Tools Digital Media Acquisition & Examination Computer Hard Drive DVD USB Phones Smart phones Servers Email accounts Log analysis: Web logs Systems logs Application logs Telephone logs

Technology as an Investigation tool Types of Investigations: Irregular Practices Insider Threats Fraud Investigations Money Laundering and Terrorist Financing Harassment Inappropriate Internet Use Pornography Privacy Technological Tools: Email Analysis Forensic Analysis of Digital Media Forensic Analysis of Systems Cyber Forensics

Recommendations We need to focus on understanding and mitigating fraud related risks We all need to embrace the idea of becoming “Anti-Fraud Professionals” Employee, customer and police awareness training Security development training Implantation of new technology such as: one time passwords and anti-skimming devices Separation of duties in critical security functions Strict policy restrictions Regular auditing Monitoring systems/trigger programs Adequate logging Encryption

Thank you! Gina Carletti, Bcomm - ITM, CISSP Senior Manager Technological Crime & Forensics Tel: (416) 933-3020 Mobile: (647) 282-7067 Email: gina.Carletti@scotiabank.com