Presentation is loading. Please wait.

Presentation is loading. Please wait.

Computer Crime and Computer Fraud

Published byLillian Russell Modified over 6 years ago

Similar presentations

Presentation on theme: "Computer Crime and Computer Fraud"— Presentation transcript:

1 Computer Crime and Computer Fraud
Computer crime means a crime involving computer resources, including using a computer to commit a crime. Computer fraud means using computer resources to defraud . EECS David Chan

2 Examples of Crime Targeted at Computer Resources
Hacking. Deliberate virus spreading. Theft of information, software or hardware. Theft of computer resource usage. Denial of computer services by means of malicious software or messages. Message interception. EECS David Chan

3 Examples of Crime Committed with Computers
Scams Phishing Defamation of character. Disseminating hate propaganda. Threats Developing, holding or spreading child pornography. Ransomeware EECS David Chan

4 Phishing Using to entice recipients to give out banking information. It is going around in the world. It is a form of identity theft, the sender purports to be from a bank, with intent to defraud. EECS David Chan

5 Spear Phishing Spear phishing is an spoofing fraud attempt that targets a specific organization, seeking unauthorized access to confidential data. Spear phishing attempts are not typically initiated by "random hackers" but are more likely to be conducted by perpetrators out for financial gain, trade secrets or military information. EECS David Chan

6 Ransomware The Locky virus, a new ransomware the encrypts users’ files and demands payments to decrypt them, made an impressive debut in February, locking files in 60,000 computers in Germany and the United States. Anti-virus software can prevent most of such viruses but cannot save your files once infected. David Chan, Nov 2016

7 Computer Fraud Using a computer to defraud.
Fraud is an intentional act to deceive or mislead, convert assets to one’s own benefit, or make intentional false statements or misrepresentations often accompanied by omission, manipulation of documents or collusion. EECS David Chan

8 Elements of Fraud A perpetrator lacking integrity or ethics
Motivation to commit fraud Opportunity to commit and conceal fraud False representation to a substantial degree EECS David Chan

9 Elements of Fraud Factor to induce a victim or accomplice to act
Intent to defraud Injury or loss sustained EECS David Chan

10 Computer Fraud The fraud provisions of the Criminal Code have been used to prosecute people who used computers to commit frauds. The Internet is increasingly used to perpetrate fraud because of its reach and the impulse responses of Web surfers. EECS David Chan

11 Examples of Computer Fraud
Manipulating systems or causing glitches to “smooth” quarterly earnings Employee selling of customer lists to competitors Fictitious insurance policies to defraud insurers and reinsurers EECS David Chan

12 Internet Fraud A scheme that uses one or more components of the Internet - such as chat rooms, , message boards, or Web sites - to present fraudulent solicitations to prospective victims, to conduct fraudulent transactions, or to transmit the proceeds of fraud to financial institutions or others connected with the scheme. EECS David Chan

13 Major types of Internet Fraud
Auction or sales inducing the victim to send money or give out credit card numbers for promised goods Business opportunity Work-at-home program EECS David Chan

14 Major Types of Internet Fraud
Investment scheme Stock market manipulation by spreading fictitious news about public companies Identity theft EECS David Chan

15 Equity Funding A classic case of computer fraud and crime - a billion dollar bubble Officers and employees of the company set up 64,000 fake insurance policies and sold them to reinsurers. EECS David Chan

16 Equity Funding To come up with the premium payments which the reinsurers expected to receive, the perpetrators generated more fake policies and sold them to the same and other reinsurers. The fraud snowballed for 12 years. EECS David Chan

17 Equity Funding The fraud was revealed by a disgruntled employee who had been fired. The case involved massive collusion. The computer made it easy to generate the fake policies, which accounted for 70% of the issued policies over a 10-year period. EECS David Chan

18 Barings Bank Nick Leeson, a rogue trader, concealed trading losses that led to the Bank’s demise. He used the account code “8888” to set up accounts containing secret transactions. Computers and management trust based on chemistry and seniority helped him hide these transactions. EECS David Chan

19 Societe Generale Fraud
Societe Generale said that a trader who evaded all its controls to bet $73.5 billion -- more than the French bank's market worth -- on European markets hacked computers and "combined several fraudulent methods" to cover his tracks. Kerviel, 31, and a former programmer, carried out unauthorized trades that resulted in 4.9 billion euros ($7.1 billion) in losses. EECS David Chan

20 Societe Generale Fraud
Even before his massive alleged fraud came to light, Kerviel had apparently triggered 75 alarms at Societe Generale -- France's second-largest bank -- with his trading, but not to a degree that led managers to investigate further. But Kerviel explained away the red flags as trading mistakes. EECS David Chan

21 Societe Generale Fraud
Since those bets greatly exceeded the amount of capital he was allowed to put at risk, Kerviel entered fictitious and offsetting trades in Societe Generale's computer system that appeared to minimize the odds of big losses, the bank said. The trades were purposely chosen to avoid detection because they did not require cash contributions and were not subject to margin calls, which would require putting up more money if the fictitious bet soured. EECS David Chan

22 Societe Generale Fraud
Societe Generale said Kerviel misappropriated other people's computer access codes, falsified documents and employed other methods to cover his tracks -- helped by his previous years of experience when he worked in other offices at the bank that monitor traders. EECS David Chan

23 Societe Generale Fraud
Kerviel's downfall started in the days before Friday, Jan. 18, when Societe Generale tightened lending restrictions on one of its customers, an unnamed large bank. He had apparently used that bank's name for one or more of his fictitious trades. EECS David Chan

24 Controls Against Computer Crime and Fraud
Segregation of duties Management and independent review Restricted access Code of business conduct EECS David Chan

25 Controls Against Computer Crime and Fraud
Intrusion detection and prevention systems Encryption Security education Analytical review EECS David Chan

26 Controls Against Computer Crime and Fraud
System monitoring Security check on new hires and contractors An established process for whistle blowing and investigation Exemplifying management culture EECS David Chan

27 Controls Against Computer Crime and Fraud
Lock laptops when not attended to Scheduled refreshment of web sites from the backup version to nullify even minor changes by hackers such as changing a key word in the user agreement or a rate EECS David Chan

28 During a Fraud Investigation
Touch base with management immediately when suspecting a fraud has occurred (consider management independence) Use encrypted or out-of-band communication EECS David Chan

29 During a Fraud Investigation
Document everything including time spent Take screen shots where possible Preserve the chain of evidence Store records securely EECS David Chan

30 During a Fraud Investigation
Involve a minimum number of people Proceed only with senior management request. Ask concise and open questions Be a patient listener Involve law department EECS David Chan

31 During a Fraud Investigation
Use forensic tools like Encase to image hard disk remotely or onsite while preserving integrity. Avoiding shutting down suspect computers using the OS as doing so may compromise audit/crime trail. Use forensic data analysis software. Backup evidence and store it securely and safely from environmental damage. Scan electronic evidence for virus. EECS David Chan

32 During a Fraud Investigation
Backup evidence and store it securely and safely from environmental damage. Scan electronic evidence for virus. Use Discovery Accelerator to analyze deleted and archived . EECS David Chan

33 During a Fraud Investigation
Keep management informed Maintain arms-length relationships with management and people being investigated or interviewed. Continuously assess the need to involve the police EECS David Chan

34 Conclusion Computer crime and computer fraud on the rise
Organizations should have chief ethic officers EECS David Chan

35 Review Questions What computer crimes can result from identity theft?
What internal controls can organizations implement to prevent system alteration? What are some system controls that can prevent or detect disbursement fraud? . EECS David Chan

36 MC Question Which address is most useful in a forensic investigation?
A. IP B. MAC C. URL D. EECS David Chan

37 MC Question If a forensic investigator inspects a computer containing a critical file that is known to be highly encrypted but currently opened, what should the auditor do? a. Pull the plug on the computer. b. Perform an orderly shutdown on the computer. c. Make an immediate shadow volume copy of the entire hard drive. d. Browse the open file. EECS David Chan

38 MC Question Which software tool can undo the effect of applying disk wiping? A. Encase B. Password cracker C. Firewall D. Discovery Accelerator EECS David Chan

39 MC Question What computer crime does a firewall mitigate against?
A. Hacking B. Identity theft C. Virus spreading D. ATM skimming EECS David Chan

40 MC Question Which of the following techniques or tools is most useful to detect a bank loan fraud committed by a branch manager? A. Benford analysis B. Firewall C. Segregation of duties D. Discovery Accelerator EECS David Chan

Download ppt "Computer Crime and Computer Fraud"

Similar presentations

Introduction and Overview of Digital Crime and Digital Terrorism

Introduction and Overview of Digital Crime and Digital Terrorism
Computer Fraud Chapter 5.

Computer Fraud Chapter 5.
Computer Fraud Chapter 5.

Computer Fraud Chapter 5.
1 Non-Cash Assets Chapter 9. 2 List the five categories of tangible non-cash misappropriations discussed in this chapter. Discuss the data on non-cash.

1 Non-Cash Assets Chapter 9. 2 List the five categories of tangible non-cash misappropriations discussed in this chapter. Discuss the data on non-cash.
The Third International Forum on Financial Consumer Protection & Education “Fostering Greater Consumer Protection & Education” Preventing Identity Theft.

The Third International Forum on Financial Consumer Protection & Education “Fostering Greater Consumer Protection & Education” Preventing Identity Theft.
1 Identity Theft and Phishing: What You Need to Know.

1 Identity Theft and Phishing: What You Need to Know.
Chapter 5 Computer Fraud Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 5-1.

Chapter 5 Computer Fraud Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 5-1.
Identity Theft By: Tory Childs, Lucas Doyle, Kaitlyn Davidson, Trevor Godwin and Chad Sponseller.

Identity Theft By: Tory Childs, Lucas Doyle, Kaitlyn Davidson, Trevor Godwin and Chad Sponseller.
Chapter 5 Computer Fraud Copyright © 2012 Pearson Education 5-1.

Chapter 5 Computer Fraud Copyright © 2012 Pearson Education 5-1.
1 Identity Theft: What You Need to Know. 2 Identity Theft Identity theft is a crime of stealing key pieces of someone’s identifying information, such.

1 Identity Theft: What You Need to Know. 2 Identity Theft Identity theft is a crime of stealing key pieces of someone’s identifying information, such.
Chapter 9 Information Systems Ethics, Computer Crime, and Security

Chapter 9 Information Systems Ethics, Computer Crime, and Security
Malicious Attacks By Chris Berg-Jones, Ethan Ungchusri, and Angela Wang.

Malicious Attacks By Chris Berg-Jones, Ethan Ungchusri, and Angela Wang.
Chapter 9 Information Systems Ethics, Computer Crime, and Security

Chapter 9 Information Systems Ethics, Computer Crime, and Security
Presented by Manager, MIS.  GRIDCo’s intentions for publishing an Acceptable Use Policy are not to impose restrictions that are contrary to GRIDCo’s.

Presented by Manager, MIS.  GRIDCo’s intentions for publishing an Acceptable Use Policy are not to impose restrictions that are contrary to GRIDCo’s.
Issues Raised by ICT.

Issues Raised by ICT.
Copyright © 2014 Pearson Education, Inc. 1 IS Security is a critical aspect of managing in the digital world Chapter 10 - Securing Information Systems.

Copyright © 2014 Pearson Education, Inc. 1 IS Security is a critical aspect of managing in the digital world Chapter 10 - Securing Information Systems.
Cyber Crime & Security Raghunath M D BSNL Mobile Services,

Cyber Crime & Security Raghunath M D BSNL Mobile Services,
Cyber Crimes.

Cyber Crimes.
1.Too many users 2.Technical factors 3.Organizational factors 4.Environmental factors 5.Poor management decisions Which of the following is not a source.

1.Too many users 2.Technical factors 3.Organizational factors 4.Environmental factors 5.Poor management decisions Which of the following is not a source.
Fraud and Forensic Auditing Chapter Ten. Definition of Fraud “…any act involving the use of deception to obtain an illegal advantage.” (ISACA Irregularities.

Fraud and Forensic Auditing Chapter Ten. Definition of Fraud “…any act involving the use of deception to obtain an illegal advantage.” (ISACA Irregularities.

Similar presentations

Ads by Google