Computer Crime and Computer Fraud Computer crime means
- Slides: 43
Computer Crime and Computer Fraud • Computer crime means a crime involving computer resources, including using a computer to commit a crime. • Computer fraud means using computer resources to defraud. EECS 4482 2015 David Chan
Audit Concerns? • Auditors are concerned about computer crimes and frauds because they indicate a breakdown in internal controls • Computer crimes and frauds may cause significant losses or hidden losses which can impair the reliability of financial statements and increase the audit risk; this is of more concern to shareholders’ auditors EECS 4482 2015 David Chan
Examples of Crime Targeted at Computer Resources • • • Hacking. Deliberate virus spreading. Theft of information, software or hardware. Theft of computer resource usage. Denial of computer services by means of malicious software or messages. • Message interception. EECS 4482 2015 David Chan
Examples of Crime Committed with Computers • • • Scams Phishing Defamation of character. Disseminating hate propaganda. Threats Developing, holding or spreading child pornography. EECS 4482 2015 David Chan
Phishing • Using email to entice recipients to give out banking information. • It is going around in the world. • It is a form of identity theft, the sender purports to be from a bank, with intent to defraud. EECS 4482 2015 David Chan
Spear Phishing Spear phishing is an email spoofing fraud attempt that targets a specific organization, seeking unauthorized access to confidential data. Spear phishing attempts are not typically initiated by "random hackers" but are more likely to be conducted by perpetrators out for financial gain, trade secrets or military information. EECS 4482 2015 David Chan
Computer Fraud • Using a computer to defraud. • Fraud is an intentional act to deceive or mislead, convert assets to one’s own benefit, or make intentional false statements or misrepresentations often accompanied by omission, manipulation of documents or collusion. EECS 4482 2015 David Chan
Elements of Fraud • A perpetrator lacking integrity or ethics • Motivation to commit fraud • Opportunity to commit and conceal fraud • False representation to a substantial degree EECS 4482 2015 David Chan
Elements of Fraud • Factor to induce a victim or accomplice to act • Intent to defraud • Injury or loss sustained EECS 4482 2015 David Chan
Computer Fraud • The fraud provisions of the Criminal Code have been used to prosecute people who used computers to commit frauds. • The Internet is increasingly used to perpetrate fraud because of its reach and the impulse responses of Web surfers. EECS 4482 2015 David Chan
Computer Fraud • A complex accounting system raises the potential for “creative accounting” and consequently fraud • The general perception that computerized information is reliable makes computer fraud less susceptible to challenge than fraud committed on paper EECS 4482 2015 David Chan
Examples of Computer Fraud • Manipulating systems or causing glitches to “smooth” quarterly earnings • Employee selling of customer lists to competitors • Fictitious insurance policies to defraud insurers and reinsurers EECS 4482 2015 David Chan
Internet Fraud A scheme that uses one or more components of the Internet - such as chat rooms, e-mail, message boards, or Web sites - to present fraudulent solicitations to prospective victims, to conduct fraudulent transactions, or to transmit the proceeds of fraud to financial institutions or others connected with the scheme. EECS 4482 2015 David Chan
Major types of Internet Fraud • Auction or sales inducing the victim to send money or give out credit card numbers for promised goods • Business opportunity • Work-at-home program EECS 4482 2015 David Chan
Major Types of Internet Fraud • Investment scheme • Stock market manipulation by spreading fictitious news about public companies • Identity theft EECS 4482 2015 David Chan
Equity Funding • A classic case of computer fraud and crime - a billion dollar bubble • Officers and employees of the company set up 64, 000 fake insurance policies and sold them to reinsurers. EECS 4482 2015 David Chan
Equity Funding • To come up with the premium payments which the reinsurers expected to receive, the perpetrators generated more fake policies and sold them to the same and other reinsurers. • The fraud snowballed for 12 years. EECS 4482 2015 David Chan
Equity Funding • The fraud was revealed by a disgruntled employee who had been fired. • The case involved massive collusion. • The computer made it easy to generate the fake policies, which accounted for 70% of the issued policies over a 10 -year period. EECS 4482 2015 David Chan
Barings Bank • Nick Leeson, a rogue trader, concealed trading losses that led to the Bank’s demise. • He used the account code “ 8888” to set up accounts containing secret transactions. Computers and management trust based on chemistry and seniority helped him hide these transactions. EECS 4482 2015 David Chan
Societe Generale Fraud • Societe Generale said that a trader who evaded all its controls to bet $73. 5 billion -- more than the French bank's market worth -- on European markets hacked computers and "combined several fraudulent methods" to cover his tracks. • Kerviel, 31, and a former programmer, carried out unauthorized trades that resulted in 4. 9 billion euros ($7. 1 billion) in losses. EECS 4482 2015 David Chan
Societe Generale Fraud • Even before his massive alleged fraud came to light, Kerviel had apparently triggered 75 alarms at Societe Generale -France's second-largest bank -- with his trading, but not to a degree that led managers to investigate further. • But Kerviel explained away the red flags as trading mistakes. EECS 4482 2015 David Chan
Societe Generale Fraud • Since those bets greatly exceeded the amount of capital he was allowed to put at risk, Kerviel entered fictitious and offsetting trades in Societe Generale's computer system that appeared to minimize the odds of big losses, the bank said. The trades were purposely chosen to avoid detection because they did not require cash contributions and were not subject to margin calls, which would require putting up more money if the fictitious bet soured. EECS 4482 2015 David Chan
Societe Generale Fraud Societe Generale said Kerviel misappropriated other people's computer access codes, falsified documents and employed other methods to cover his tracks -- helped by his previous years of experience when he worked in other offices at the bank that monitor traders. EECS 4482 2015 David Chan
Societe Generale Fraud Kerviel's downfall started in the days before Friday, Jan. 18, when Societe Generale tightened lending restrictions on one of its customers, an unnamed large bank. He had apparently used that bank's name for one or more of his fictitious trades. EECS 4482 2015 David Chan
Controls Against Computer Crime and Fraud • Segregation of duties • Management and independent review • Restricted access • Code of business conduct EECS 4482 2015 David Chan
Controls Against Computer Crime and Fraud • Intrusion detection and prevention systems • Encryption • Security education • Analytical review EECS 4482 2015 David Chan
Controls Against Computer Crime and Fraud • System monitoring • Security check on new hires and contractors • An established process for whistle blowing and investigation • Exemplifying management culture EECS 4482 2015 David Chan
Controls Against Computer Crime and Fraud • Lock laptops when not attended to • Scheduled refreshment of web sites from the backup version to nullify even minor changes by hackers such as changing a key word in the user agreement or a rate EECS 4482 2015 David Chan
External Audit Responsibility • Brainstorming risk of fraud during audit planning • Assess materiality of suspected fraud • Inform management of suspected fraud • Suggest client seek legal opinion EECS 4482 2015 David Chan
During a Fraud Audit • Touch base with management immediately when suspecting a fraud has occurred (consider management independence) • Use encrypted or out-of-band communication EECS 4482 2015 David Chan
During a Fraud Audit • Document everything including time spent • Take screen shots where possible • Preserve the chain of evidence • Store records securely EECS 4482 2015 David Chan
During a Fraud Audit • Involve a minimum number of people • Proceed only with senior management request. • Ask concise and open questions • Be a patient listener • Involve law department EECS 4482 2015 David Chan
During a Fraud Audit • Use forensic tools like Encase to image hard disk remotely or onsite while preserving integrity. • Avoiding shutting down suspect computers using the OS as doing so may compromise audit/crime trail. • Use forensic data analysis software. • Backup evidence and store it securely and safely from environmental damage. • Scan electronic evidence for virus. EECS 4482 2015 David Chan
During a Fraud Audit • Backup evidence and store it securely and safely from environmental damage. • Scan electronic evidence for virus. • Use Discovery Accelerator to analyze deleted and archived email. EECS 4482 2015 David Chan
During a Fraud Audit • Keep management informed • Maintain arms-length relationships with management and people being investigated or interviewed. • Continuously assess the need to involve the police EECS 4482 2015 David Chan
Conclusion • Computer crime and computer fraud on the rise • Sarbanes-Oxley effect still to be seen • Organizations should have chief ethic officers EECS 4482 2015 David Chan
Review Questions • What is the shareholders’ auditors’ responsibility for computer fraud detection? • What is the internal auditors’ responsibility for computer fraud detection? • What are common computer crimes committed against financial institutions and retailers? EECS 4482 2015 David Chan
Review Questions • What computer crimes can result from identity theft? • What internal controls can organizations implement to prevent system alteration? • What are some system controls that can prevent or detect disbursement fraud? . EECS 4482 2015 David Chan
MC Question Which address is most useful in a forensic investigation? A. IP B. MAC C. URL D. Email EECS 4482 2015 David Chan
MC Question If a forensic auditor inspects a computer containing a critical file that is known to be highly encrypted but currently opened, what should the auditor do? • a. Pull the plug on the computer. • b. Perform an orderly shutdown on the computer. • c. Make an immediate shadow volume copy of the entire hard drive. EECS 4482 2015 David Chan • d. Browse the open file.
MC Question Which software tool can undo the effect of applying disk wiping? A. Encase B. Password cracker C. Firewall D. Discovery Accelerator EECS 4482 2015 David Chan
MC Question What computer crime does a firewall mitigate against? A. Hacking B. Identity theft C. Virus spreading D. ATM skimming EECS 4482 2015 David Chan
MC Question Which of the following techniques or tools is most useful to detect a bank load fraud committed by a branch manager? A. Benford analysis B. Firewall C. Segregation of duties D. Discovery Accelerator EECS 4482 2015 David Chan
How do fraud symptoms help in detecting fraud
Redco v sarpong
Computer fraud and abuse techniques
Computer fraud and security
E commerce security and fraud issues and protections
Triangle quadrilateral pentagon hexagon octagon
Meta means change and morph means heat
Ex situ conservation definition
Morphe means in metamorphism
Ibm fams
Fraud and abuse module
E commerce security and fraud protection
E-commerce security and fraud protection
Ethics fraud and internal control
Anti bribery and corruption analytics
Fraud internal control and cash
Ethics and internal controls in accounting
Fraud waste and abuse training answers
Fraud waste and abuse training answers
Difference between fraud and misrepresentation
Controlsbond
Chapter 7 fraud internal control and cash
Chapter 7 fraud internal control and cash
Internal control shield
Bio means 'life
Csi computer crime and security survey
Yazoo land fraud political cartoon
Sfcu medford
Risk assessment fraud
Saul kripke
Section 17 fraud
Risk assessment fraud
Evidence square fraud
Fraud exposure rectangle
Fraud triangle accounting
Fraud exposure rectangle
Missing trader intra-community
Missing trader intra-community fraud
Yazoo land fraud definition
Headright system clipart
Yazoo land fraud political cartoon
Paul r allen mortgage
5.11 quiz fraud
Identity theft 101
