hapter 5 l.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
HAPTER 5 PowerPoint Presentation
Download Presentation
HAPTER 5

Loading in 2 Seconds...

play fullscreen
1 / 138

HAPTER 5 - PowerPoint PPT Presentation


  • 195 Views
  • Uploaded on

HAPTER 5. Computer Fraud and Security. INTRODUCTION. Questions to be addressed in this chapter: What is fraud, and how are frauds perpetrated? Who perpetrates fraud and why? What is computer fraud, and what forms does it take?

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'HAPTER 5' - nanji


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
hapter 5

HAPTER 5

Computer Fraud and Security

introduction
INTRODUCTION
  • Questions to be addressed in this chapter:
    • What is fraud, and how are frauds perpetrated?
    • Who perpetrates fraud and why?
    • What is computer fraud, and what forms does it take?
    • What approaches and techniques are used to commit computer fraud?
introduction3
INTRODUCTION
  • Information systems are becoming increasingly more complex and society is becoming increasingly more dependent on these systems.
    • Companies also face a growing risk of these systems being compromised.
    • Recent surveys indicate 67% of companies suffered a security breach in the last year with almost 60% reporting financial losses.
introduction4
INTRODUCTION
  • Companies face four types of threats to their information systems: AIS threatsالتهديدات التي تواجه نظم المعلومات المحاسبية
    • Natural and political disasters
  • Include:
    • Fire or excessive heat
    • Floods
    • Earthquakes
    • High winds
    • War and terrorist attack
  • When a natural or political disaster strikes, many companies can be affected at the same time.
    • Example: Bombing of the World Trade Center in NYC.
  • The Defense Science Board has predicted that attacks on information systems by foreign countries, espionage agentsالتجسس) ), and terrorists will soon be widespread.
introduction5
INTRODUCTION

2. Software errors and equipment malfunction (it fails to work properly) فشل في العمل كما ينبغي

  • Include:
    • Hardware or software failures (فشل
    • Software errors or bugs علة او اخطاء
    • Operating system crashes تحطم نظام التشغيل
    • Power outages and fluctuations الفترة الزمنية التي يتطلبها تشغيل الكهرباء
    • Undetected data transmission errors اخطاء غير مكتشفة في عملية نقل البيانات
  • Estimated annual economic losses due to software bugs = $60 billion.
  • 60% of companies studied had significant software errors in previous year 2005.
introduction6
INTRODUCTION

3. Unintentional acts افعال غير مقصودة

  • Include
    • Accidents caused by:
      • Human carelessness
      • Failure to follow established procedures
      • Poorly trained or supervised personnel
    • Innocent errors or omissions مثلا في عملية ادخال البيانات
    • Lost, destroyed, or misplaced data
    • Logic errors مثلا البرنامج المصمم لا يلبي احتياجات الشركة
    • Systems that do not meet needs or are incapable of performing intended tasks
  • Information Systems Security Association. estimates 65% of security problems are caused by human error.
introduction7
INTRODUCTION

4. Intentional acts (computer crime) الافعال المقصودة(جرائمالكمبيوتر)

  • Include:
    • Sabotage عملية التخريب المتعمد (مثلا اثناء المظاهرات)
    • Computer fraud الخداع (corruption) الفساد
    • Misrepresentation, false use, or unauthorized disclosure of data خطا في التمثيل او الاستخدام او التصريح ببيانات غير مصرح بها
    • Misappropriation of assetsاستخدام الموارد بدون اذن او استخدموها لأهدافخاصة.
    • Financial statement fraud خداع القوائم المالية
  • Information systems are increasingly vulnerable to these malicious attacks. انظمة المعلومات اصبحت هشة بشكل متزايد لهذا التخريب المقصود
introduction8
INTRODUCTION
  • In this chapter we’ll discuss:
    • The fraud process
    • Why fraud occurs
    • Approaches to computer fraud الطرق امؤدية الى غش الكمبيوتر
    • Specific techniques used to commit computer fraud
    • Ways companies can deter and detect computerfraud

الطرق التي تمكن الشركات لتحول دون حدوث غش الكمبيوتر اواكتشافه.

the fraud process
THE FRAUD PROCESS
  • Fraudis any and all means a person uses to gain an unfair advantage over another person.
  • In most cases, to be considered fraudulent, an act must involve: الافعال التي تعتبر افعال غش , أي فعل يتضمن
    • A false statement (oral or in writing)
    • About a material fact حول حقائق مادية
    • Knowledge that the statement was false when it was uttered (which implies an intent to deceive)

لديك علم تام بأن المعلومة المقدمة كانت خطأ, هذا تلميح بأنة لديك نية للخداع.

    • A victim relies on the statement الضحية اعتمد في قراراته على هذه المعلومة
    • And suffers injury or loss as a result
the fraud process10
THE FRAUD PROCESS
  • Since fraudsters don’t make journal entries to record their frauds, we can only estimate the amount of losses caused by fraudulent acts افعال احتيالية:
    • The Association of Certified Fraud Examiners (ACFE) estimates that total fraud losses in the U.S. run around 6% of annual revenues or approximately $660 billion in 2004.
      • More than we spend on education and roads in a year.
      • 6 times what we pay for the criminal justice system.
    • Income tax fraud (the difference between what taxpayers owe and what they pay to the government) is estimated to be over $200 billion per year.
    • Fraud in the healthcare industry is estimated to exceed $100 billion a year.
the fraud process11
THE FRAUD PROCESS
  • Fraud against companies may be committed by an employee or an external party.
    • Former and current employees (called knowledgeable insiders) are much more likely than non-employees to perpetrate frauds (and big ones) against companies.
      • Largely owing to their understanding of the company’s systems and its weaknesses, which enables them to commit the fraud and cover their tracks.
    • Organizations must utilize controls to make it difficult for both insiders and outsiders to steal from the company.
the fraud process12
THE FRAUD PROCESS
  • Fraud perpetrators are often referred to as white-collar criminals.
    • Distinguishes them from violent criminals, although some white-collar crime can ultimately have violent outcomes, such as:
      • Perpetrators or their victims committing suicide.
      • Healthcare patients killed because of alteration of information, etc., that can result in their deaths.
the fraud process13
THE FRAUD PROCESS
  • Three types of occupational fraud:

1. Misappropriation of assets

  • Involves theft, embezzlement الاختلاس, or misuse of company assets for personal gain.
  • Examples include billing schemes, check tampering, skimming, and theft of inventory.
  • In the 2004 Report to the Nation on Occupational Fraud and Abuse, 92.7% of occupational frauds involved asset misappropriation at a median cost of $93,000.
the fraud process14
THE FRAUD PROCESS
  • Three types of occupational fraud:

2. Corruption

  • Corruption involves the wrongful use of a position, contrary to the responsibilities of that position, to procure a benefit.
  • Examples include kickback schemes and conflict of interest schemes.
  • About 30.1% of occupational frauds include corruption schemes at a median cost of $250,000.
the fraud process15
THE FRAUD PROCESS
  • Three types of occupational fraud:

3. Fraudulent statements

  • Financial statement fraud involves misstating the financial condition of an entity by intentionally misstating amounts or disclosures in order to deceive users.
  • Financial statements can be misstated as a result of intentional efforts to deceive or as a result of undetected asset misappropriations that are so large that they cause misstatement.
  • About 7.9% of occupational frauds involve fraudulent statements at a median cost of $1 million. (The median pales in comparison to the maximum cost.)
the fraud process16
THE FRAUD PROCESS
  • A typical employee fraud has a number of important elements or characteristics:
    • The fraud perpetrator must gain the trust or confidence of the person or company being defrauded in order to commit and conceal the fraud.
    • Instead of using a gun, knife, or physical force, fraudsters use weapons of deceit and misinformation.
    • Frauds tend to start as the result of a perceived need on the part of the employee and then escalate from need to greed. Most fraudsters can’t stop once they get started, and their frauds grow in size.
    • The fraudsters often grow careless or overconfident over time.
    • Fraudsters tend to spend what they steal. Very few save it.
    • In time, the sheer magnitude of the frauds may lead to detection.
    • The most significant contributing factor in most employee frauds is the absence of internal controls and/or the failure to enforce existing controls.
the fraud process17
THE FRAUD PROCESS
  • The National Commission on Fraudulent Financial Reporting (aka, the Treadway Commission) defined fraudulent financial reporting as intentional or reckless conduct, whether by act or omission, that results in materially misleading financial statements.
  • Financial statements can be falsified to:
    • Deceive investors and creditors
    • Cause a company’s stock price to rise
    • Meet cash flow needs
    • Hide company losses and problems
the fraud process18
THE FRAUD PROCESS
  • Fraudulent financial reporting is of great concern to independent auditors, because undetected frauds lead to half of the lawsuits against auditors.
  • In the case of Enron, a financial statement fraud led to the total elimination of Arthur Andersen, a premiere international public accounting firm.
the fraud process19
THE FRAUD PROCESS
  • Common approaches to “cooking the books” include: تغير ارقام او سجلات مكتوبة
    • Recording fictitious revenues
    • Recording revenues prematurely
    • Recording expenses in later periods
    • Overstating inventories or fixed assets (WorldCom)
    • Concealing losses and liabilities
the fraud process20
THE FRAUD PROCESS
  • The Treadway Commission recommended four actions to reduce the possibility of fraudulent financial reporting:
    • Establish an organizational environment that contributes to the integrity of the financial reporting process.
    • Identify and understand the factors that lead to fraudulent financial reporting.
    • Assess the risk of fraudulent financial reporting within the company.
    • Design and implement internal controls to provide reasonable assurance that fraudulent financial reporting is prevented.
the fraud process21
THE FRAUD PROCESS
  • SAS 99: The Auditor’s Responsibility to Detect Fraud
    • In 1997, SAS-82, Consideration of Fraud in a Financial Statement Audit, was issued to clarify the auditor’s responsibility to detect fraud.

SAS: Statement on Auditing Standards

the fraud process22
THE FRAUD PROCESS
  • A revision to SAS-82, SAS-99, was issued in December 2002. SAS-99 requires auditors to:
    • Understand fraud
  • Auditors can’t effectively audit something they don’t understand.
  • SAS-99 also indicated that auditors are not lawyers and “do not make legal determinations of whether fraud has occurred.”
  • The external auditor’s interest specifically relates to acts that result in a material misstatement of the financial statements.
  • Note that SAS-99 relates to external auditors. Internal auditors will have a more extensive interest in fraud than just those that impact financial statements.
the fraud process23
THE FRAUD PROCESS
  • A revision to SAS-82, SAS-99, was issued in December 2002. SAS-99 requires auditors to:
    • Understand fraud
    • Discuss the risks of material fraudulent misstatements
  • While planning the audit, members of the audit team should discuss how and where the company’s financial statements might be susceptible to fraud.
the fraud process24
THE FRAUD PROCESS
  • A revision to SAS-82, SAS-99, was issued in December 2002. SAS-99 requires auditors to:
    • Understand fraud
    • Discuss the risks of material fraudulent misstatements
    • Obtain information
  • The audit team must gather evidence about the existence of fraud by:
    • Looking for fraud risk factors
    • Testing company records
    • Asking management, the audit committee, and others if they know of any past or current fraud or of fraud risks the organization faces.
  • Special care needs to be exercised in examining revenue accounts, since they are particularly popular fraud targets.
the fraud process25
THE FRAUD PROCESS
  • A revision to SAS-82, SAS-99, was issued in December 2002. SAS-99 requires auditors to:
    • Understand fraud
    • Discuss the risks of material fraudulent misstatements
    • Obtain information
    • Identify, assess, and respond to risks
  • Use the gathered information to identify, assess, and respond to risks.
  • Auditors can respond by varying the nature, timing, and extent of auditing procedures they perform.
  • They should also carefully evaluate risks related to management override of controls.
the fraud process26
THE FRAUD PROCESS
  • A revision to SAS-82, SAS-99, was issued in December 2002. SAS-99 requires auditors to:
    • Understand fraud
    • Discuss the risks of material fraudulent misstatements
    • Obtain information
    • Identify, assess, and respond to risks
    • Evaluate the results of their audit tests
  • Auditors must assess the risk of fraud throughout the audit.
  • When the audit is complete, they must evaluate whether any identified misstatements indicate the presence of fraud.
  • If so, they should determine the impact on the financial statements and the audit.
the fraud process27
THE FRAUD PROCESS
  • A revision to SAS-82, SAS-99, was issued in December 2002. SAS-99 requires auditors to:
    • Understand fraud
    • Discuss the risks of material fraudulent misstatements
    • Obtain information
    • Identify, assess, and respond to risks
    • Evaluate the results of their audit tests
    • Communicate findings
  • Auditors communicate their fraud findings to management, the audit committee, and others.
the fraud process28
THE FRAUD PROCESS
  • A revision to SAS-82, SAS-99, was issued in December 2002. SAS-99 requires auditors to:
    • Understand fraud
    • Discuss the risks of material fraudulent misstatements
    • Obtain information
    • Identify, assess, and respond to risks
    • Evaluate the results of their audit tests
    • Communicate findings
    • Document their audit work
  • Auditors must document their compliance with SAS-99 requirements.
the fraud process29
THE FRAUD PROCESS
  • A revision to SAS-82, SAS-99, was issued in December 2002. SAS-99 requires auditors to:
    • Understand fraud
    • Discuss the risks of material fraudulent misstatements
    • Obtain information
    • Identify, assess, and respond to risks
    • Evaluate the results of their audit tests
    • Communicate findings
    • Document their audit work
    • Incorporate a technology focus
  • SAS-99 recognizes that technology impacts fraud risks and notes opportunities that auditors have to use technology-oriented tools and techniques to design fraud auditing procedures.
introduction30
INTRODUCTION
  • In this chapter we’ll discuss:
    • The fraud process
    • Why fraud occurs
    • Approaches to computer fraud
    • Specific techniques used to commit computer fraud
    • Ways companies can deter and detect computer fraud
who commits fraud and why
WHO COMMITS FRAUD AND WHYمن يرتكب الخداع ولماذا؟
  • Researchers have compared the psychological and demographic characteristics of three groups of people:
    • White-collar criminals
    • Violent criminals
    • The general public
  • They found:
    • Significant differences between violent and white-collar criminals.
    • Few differences between white-collar criminals and the general public.
who commits fraud and why32
WHO COMMITS FRAUD AND WHY
  • White-collar criminals tend to mirror the general public in: انعكاس للعامة
    • Education
    • Age
    • Religion
    • Marriage
    • Length of employment
    • Psychological makeup التركيبة او البنية النفسية
who commits fraud and why33
WHO COMMITS FRAUD AND WHY
  • Perpetrators of computer fraud tend to be younger and possess more computer knowledge, experience, and skills.
  • Hackers and computer fraud perps tend to be more motivated by:
    • Curiosityالفضول
    • A quest for knowledge باحث عن المعرفة
    • The desire to learn how things work
    • The challenge of beating the system
who commits fraud and why34
WHO COMMITS FRAUD AND WHY
  • They may view their actions as a game rather than dishonest behavior.
  • Another motivation may be to gain stature in the hacking community.
  • Some see themselves as revolutionaries spreading a message of anarchy and freedom.
  • But a growing number want to profit financially. To do so, they may sell data to:
    • Spammers
    • Organized crime
    • Other hackers
    • The intelligence community
who commits fraud and why35
WHO COMMITS FRAUD AND WHY
  • Some fraud perpetrators are disgruntled and unhappy with their jobs and are seeking revenge against their employers.
  • Others are regarded as ideal, hard-working employees in positions of trust.
  • Most have no prior criminal record.
  • So why are they willing to risk everything?
who commits fraud and why36
WHO COMMITS FRAUD AND WHY
  • Criminologist Donald Cressey, interviewed 200+ convicted white-collar criminals in an attempt to determine the common threads in their crimes. As a result of his research, he determined that three factors were present in the commission of each crime. These three factors have come to be known as the fraud triangle.
    • Pressure
    • Opportunity
    • Rationalization
slide37

The “Fraud Triangle”مثلث الخداعDonald Cressey

Pressure الضغط

Opportunity الفرصة

Rationalizationالتبرير

who commits fraud and why38
WHO COMMITS FRAUD AND WHY
  • Pressure
    • Cressey referred to this pressure as a “perceived non-shareable need.”
    • The pressure could be related to finances, emotions, lifestyle, or some combination.
  • The most common pressures were:

1. Not being able to pay one’s debts, nor admit it to one’s employer, family, or friends (which makes in non-shareable)

  • May be associated with vices, such as drugs, gambling, mistresses, etc.
who commits fraud and why39
WHO COMMITS FRAUD AND WHY
  • The most common pressures were:

2. Fear of loss of status because of a personal failure

  • Example would be mismanagement of a personal investment or retirement fund.
who commits fraud and why40
WHO COMMITS FRAUD AND WHY
  • The most common pressures were:

3. Business reversals

4. Physical isolation

  • Not many people can walk away from a failing business.
  • When an individual is isolated, physically or psychologically, almost any pressure becomes non-shareable.
who commits fraud and why41
WHO COMMITS FRAUD AND WHY
  • The most common pressures were:

5. Status gaining

  • Many frauds are motivated by nothing more than a perceived need to keep up with the Joneses.
  • The problem is that there is always a richer “Jones” down the street and the pressure continues to mount, as do the resulting thefts.
who commits fraud and why42
WHO COMMITS FRAUD AND WHY
  • The most common pressures were:

6. Difficulties in employer-employee relations

  • May create pressure to get revenge, take the money you feel is rightfully owed to you, etc.
who commits fraud and why43
WHO COMMITS FRAUD AND WHY
  • What’s important here is the perception of the pressure.الاهمية هنا هي ادراك الضغوطات
    • There might be a number of people who could and would help a tentative fraudster out of his financial woes.
    • But as long as he perceives that he cannot share his burden, the pressure is present.
    • Research has also found that an individual’s propensity to commit fraud is more related to how much he worries about his financial position than his actual position.
    • The millionaire who frets a lot about his financial condition is more likely to commit fraud than the guy who doesn’t have two dimes to rub together but isn’t worried about it.
who commits fraud and why44
WHO COMMITS FRAUD AND WHY
  • Financial statement fraud is distinct from other types of fraud in that the individuals who commit the fraud are not the direct beneficiaries.
    • The company is the direct beneficiary.
    • The perpetrators are typically indirect beneficiaries.
who commits fraud and why45
WHO COMMITS FRAUD AND WHY
  • In the case of financial statement frauds, common pressures include:
    • To prop up earnings or stock price so that management can:
      • Receive performance-related compensation.
      • Preserve or improve personal wealth held in company stock or stock options.
      • Keep their jobs.
    • To cover the inability to generate cash flow.
    • To obtain financing.
    • To appear to comply with bond covenants or other agreements.
    • May be opposite of propping up earnings in cases involving income-tax motivations, government contracts, or regulation.
who commits fraud and why46
WHO COMMITS FRAUD AND WHY
  • Opportunity is the opening or gateway that allows an individual to:
    • Commit the fraud
    • Conceal the fraud
    • Convert the proceeds
who commits fraud and why47
WHO COMMITS FRAUD AND WHY
  • Committing the fraud might involve acts such as:
    • Misappropriating assets.
    • Issuing deceptive financial statements.
    • Accepting a bribe in order to make an arrangement that is not in the company’s best interest.
  • Concealing the fraud often takes more time and effort and leaves more evidence than the actual theft or misrepresentation.
  • Examples of concealment efforts:
    • Charge a stolen asset to an expense account or to an account receivable that is about to be written off.
who commits fraud and why48
WHO COMMITS FRAUD AND WHY
  • Concealing the fraud often takes more time and effort and leaves more evidence than the actual theft or misrepresentation.
  • Examples of concealment efforts:
    • Charge a stolen asset to an expense account or to an account receivable that is about to be written off.
    • Create a ghost employee who receives an extra paycheck.
    • Lapping.
  • Steal a payment from Customer A.
  • Apply Customer B’s payment to Customer A’s account so Customer A won’t get a late notice.
  • Apply Customer C’s payment to Customer B’s account, so Customer B won’t get a late notice, etc.
who commits fraud and why49
WHO COMMITS FRAUD AND WHY
  • Kiting.
  • Creates “cash” by transferring money between banks.
  • Requires multiple bank accounts.
  • Basic scheme:
    • Write a check on the account of Bank A.
    • Bank A doesn’t have sufficient funds to cover the check, so write a check from an account in Bank B to be deposited in Bank A.
    • Bank B doesn’t have sufficient funds to cover the check, so write a check from an account in Bank C to be deposited in Bank B, etc.
who commits fraud and why50
WHO COMMITS FRAUD AND WHY

Convert the proceedsتحويل العائد

  • Unless the target of the theft is cash, then the stolen goods must be converted to cash or some form that is beneficial to the perpetrator.
    • Checks can be converted through alterations (التحويل ), forged endorsements (تزوير التوقيع), check washing شيكات مموهه, etc.
    • Non-cash assets can be sold (online auctions are a favorite forum) or returned to the company for cash.
who commits fraud and why51
WHO COMMITS FRAUD AND WHY
  • If the fraud is a financial statement fraud, then the gains received may include: في حالة خداع القوائم المالية, المكاسب المستلمة ممكن ان تشمل
    • I got to keep my job.
    • The value of my stock or stock options rose.
    • I got a raise, promotion, or bonus.
    • I got power.
  • There are many opportunities that enable fraud. Some of the most common are: هناك عدة فرص تؤدي الى الاحتيال
    • Lack of internal controls قصور في نظام الرقابة الداخلي
    • Failure to enforce controls (the most prevalent reason) الفشل في فرض الرقابة
    • Excessive trust in key employees الافراط في الثقة
    • Incompetent supervisory personnel اشراف غير كفؤ على الافراد
    • Inattention to details عدم اعطاء اعتبار للتفاصيل
    • Inadequate staff موظفين غير كفؤيين او غير مناسبين
who commits fraud and why52
WHO COMMITS FRAUD AND WHY
  • Internal controls that may be lacking or un-enforced include:
    • Authorization procedures
    • Clear lines of authority
    • Adequate supervision
    • Adequate documents and records
    • A system to safeguard assets
    • Independent checks on performance
    • Separation of duties
  • One control feature that many companies lack is a background check on all potential employees.
who commits fraud and why53
WHO COMMITS FRAUD AND WHY
  • Management may allow fraud by:
    • Not getting involved ليست طرفاin the design or enforcement of internal controls;
    • Inattention or carelessness;
    • Overriding controls; and/or
    • Using their power to compel اجبارsubordinates to carry out the fraud.
slide54

The “Fraud Triangle”Donald Cressey

Pressure

Opportunity

Rationalization

who commits fraud and why rationalization
WHO COMMITS FRAUD AND WHYRationalization
  • How many people do you know who regard themselves as being unprincipled or sleazy رخيص?
  • It is important to understand that fraudsters do not regard themselves as unprincipled.
    • In general, they regard themselves as highly principled individuals.
    • That view of themselves is important to them.
    • The only way they can commit their frauds and maintain their self image as principled individuals is to create rationalizations that recast تسويغ أو تبرير their actions as “morally acceptable” behaviors.
who commits fraud and why56
WHO COMMITS FRAUD AND WHY
  • These rationalizations take many forms, including:
    • I was just borrowing the money.
    • It wasn’t really hurting anyone. (Corporations are often seen as non-persons, therefore crimes against them are not hurting “anyone.”)
    • Everybody does it.
    • I’ve worked for them for 35 years and been underpaid all that time. I wasn’t stealing; I was only taking what was owed to me.
    • I didn’t take it for myself. I needed it to pay my child’s medical bills.
who commits fraud and why57
WHO COMMITS FRAUD AND WHY
  • Creators of worms and viruses often use rationalizations like:
    • The malicious code الانظمة الماكرة helped expose security flaws خلل, so I did a good service.
    • It was an accident.حادثة عرضية
    • It was not my fault—just an experiment that went bad.
    • It was the user’s fault because they didn’t keep their security up to date.
    • If the code didn’t alter or delete any of their files, then what’s the problem?

Worm is a computer program that contains a virus which duplicate itself many times in a network.

who commits fraud and why58
WHO COMMITS FRAUD AND WHY
  • Fraud occurs when:
    • People have perceived, non-shareable pressures;
    • The opportunity gateway is left open; and
    • They can rationalize their actions to reduce the moral impact in their minds (i.e., they have low integrity).
  • Fraud is much less likely to occur when
    • There is low pressure, low opportunity, and high integrityاستقامة , سلامة, كمال .
  • Unfortunately, there is usually a mixture of these forces in play, and it can be very difficult to determine the pressures that may apply to an individual and the rationalizations he/she may be able to produce.
introduction59
INTRODUCTION
  • In this chapter we’ll discuss:
    • The fraud process
    • Why fraud occurs
    • Approaches to computer fraud
    • Specific techniques used to commit computer fraud
    • Ways companies can deter and detect computer fraud
approaches to computer fraud
APPROACHES TO COMPUTER FRAUD
  • The U.S. Department of Justice defines computer fraud as any illegal act for which knowledge of computer technology is essential for its:
    • Perpetration; اقتراف جريمة
    • Investigation; التحقيق الجنائيor
    • Prosecution. مقاضاة قانونية
approaches to computer fraud61
APPROACHES TO COMPUTER FRAUD
  • Computer fraud includes the following:
    • Unauthorized theft, use, access, modification, copying, and destruction of software or data.
    • Theft سرقةof money by altering computer records.
    • Theft of computer time.
    • Theft or destruction of computer hardware.
    • Use or the conspiracy to use computer resources to commit a felony جريمة او جناية حقيقية .
    • Intent to illegally obtain information or tangible property through the use of computers.
approaches to computer fraud62
APPROACHES TO COMPUTER FRAUD
  • In using a computer, fraud perpetrators can steal:
    • More of something الكثير من الاشياء
    • In less time في وقت قصير
    • With less effort بمجهود قليل
  • They may also leave very little evidence, which can make these crimes more difficult to detect.
approaches to computer fraud63
APPROACHES TO COMPUTER FRAUD
  • Computer systems are particularly vulnerable غير حصين to computer crimes for several reasons:
    • Company databases can be huge and access privileges can be difficult to create and enforce. Consequently, individuals can steal, destroy, or alter massive amounts of data in very little time.
    • Organizations often want employees, customers, suppliers, and others to have access to their system from inside the organization and without. This access also creates vulnerability.
    • Computer programs only need to be altered once, and they will operate that way until:
      • The system is no longer in use; or
      • Someone notices.
approaches to computer fraud64
APPROACHES TO COMPUTER FRAUD
  • Modern systems are accessed by PCs, which are inherently more vulnerable to security risks and difficult to control.
    • It is hard to control physical access to each PC.
    • PCs are portable, and if they are stolen, the data and access capabilities go with them.
    • PCs tend to be located in user departments, where one person may perform multiple functions that should be segregated.
    • PC users tend to be more oblivious to security concerns.
approaches to computer fraud65
APPROACHES TO COMPUTER FRAUD
  • Computer systems face a number of unique challenges:
    • Reliability (accuracy and completeness)
    • Equipment failure
    • Environmental dependency (power, water damage, fire)
    • Vulnerability to electromagnetic interference and interruption اعاقة ,مقاطعة
    • Eavesdropping يسترق السمع
    • Misrouting شغب , اضطراب
approaches to computer fraud66
APPROACHES TO COMPUTER FRAUD
  • Organizations that track computer fraud estimate that most U.S. businesses have been victimized by at least one incident of computer fraud.
  • These frauds cost billions of dollars each year, and their frequency is increasing because:
    • Not everyone agrees on what constitutes computer fraud.
      • Many don’t believe that taking an unlicensed copy of software is computer fraud. (It is and can result in prosecution.)
      • Some don’t think it’s a crime to browse through someone else’s computer if their intentions aren’t malicious خبيثة .
approaches to computer fraud67
APPROACHES TO COMPUTER FRAUD
  • Many computer frauds go undetected.
  • An estimated 80-90% of frauds that are uncovered are not reported because of fear of:
    • Adverse publicity يقوض الشهره
    • Copycatsتقليد اعمى
    • Loss of customer confidence.
  • There are a growing number of competent كفؤ computer users, and they are aided by easier access to remote computers through the Internet and other data networks.
approaches to computer fraud68
APPROACHES TO COMPUTER FRAUD
  • Some folks believe “it can’t happen to us.”
  • Many networks have a low level of security.
  • Instructions on how to perpetrate computer crimes and abuses are readily available on the Internet.
  • Law enforcement is unable to keep up with the growing number of frauds.
  • The total dollar value of losses is difficult to calculate.
approaches to computer fraud69
APPROACHES TO COMPUTER FRAUD
  • Economic espionage,التجسس الاقتصادي , الصناعي the theft of information and intellectual property, is growing especially fast.
  • This growth has led to the need for investigative specialists or cybersleuths متخصصين في التقصي.
  • Computer Fraud Classification
    • Frauds can be categorized according to the data processing model:
      • Input
      • Processor
      • Computer instructions
      • Stored data
      • Output
computer fraud classifications
COMPUTER FRAUD CLASSIFICATIONS

Data

Fraud

Output

Fraud

Input

Fraud

Processor

Fraud

Computer

Instructions

Fraud

approaches to computer fraud71
APPROACHES TO COMPUTER FRAUD
  • Input Fraud
    • The simplest and most common way to commit a fraud is to alter computer input.
      • Requires little computer skills.
      • Perpetrator only need to understand how the system operates
    • Can take a number of forms, including:
      • Disbursement frauds الاحتيال في المدفوعات
  • The perpetrator causes a company to:
    • Pay too much for ordered goods; or
    • Pay for goods never ordered.
approaches to computer fraud72
APPROACHES TO COMPUTER FRAUD
  • Inventory frauds
  • Payroll frauds
  • The perpetrator enters data into the system to show that stolen inventory has been scrapped محطم.
  • Perpetrators may enter data to:
    • Increase their salaries
    • Create a fictitiousزائف employee
    • Retain a terminated employee on the records.
  • In the latter two instances, the perpetrator intercepts and cashes the resulting paychecks.
approaches to computer fraud73
APPROACHES TO COMPUTER FRAUD
  • Cash receipt fraudsاحتيال على المقبوظات النقدية
  • Fictitious refund fraud
  • The perpetrator hides the theft by falsifying يشوه, يزيفsystem input.
  • EXAMPLE: Cash of $200 is received. The perpetrator records a cash receipt of $150 and pockets the $50 difference.
  • The perpetrator files for an undeserved refund, such as a tax refund.
computer fraud classifications74
COMPUTER FRAUD CLASSIFICATIONS

Data

Fraud

Output

Fraud

Input

Fraud

Processor

Fraud

Computer

Instructions

Fraud

approaches to computer fraud75
APPROACHES TO COMPUTER FRAUD
  • Processor Fraud
    • Involves computer fraud committed through unauthorized system use. استخدام نظام غير مصرح بة
    • Includes theft of computer time and services.
    • Incidents could involve employees:
      • Surfing the Internet; التصفح عبر الانترنت
      • Using the company computer to conduct personal business; or
      • Using the company computer to conduct a competing business.
computer fraud classifications76
COMPUTER FRAUD CLASSIFICATIONS

Data

Fraud

Output

Fraud

Input

Fraud

Processor

Fraud

Computer

Instructions

Fraud

approaches to computer fraud77
APPROACHES TO COMPUTER FRAUD
  • Computer Instructions Fraud
    • Involves tampering تغيرwith the software that processes company data.
    • May include:
      • Modifying the softwareتعديل
      • Making illegal copiesنسخ غير قانونية
      • Using it in an unauthorized manner
    • Also might include developing a software program or module to carry out an unauthorized activity.
  • Computer instruction fraud used to be one of the least common types of frauds because it required specialized knowledge about computer programming beyond the scope of most users.
approaches to computer fraud78
APPROACHES TO COMPUTER FRAUD
  • Data Fraud
    • Involves:
      • Altering or damaging a company’s data files; or
      • Copying, using, or searching the data files without authorization.
    • In many cases, disgruntled employees الموظفين الناقمين have scrambledخلط , altered, or destroyed data files.
    • Theft of data often occurs so that perpetrators can sell the data.
      • Most identity thefts occur when insiders in financial institutions, credit agencies, etc., steal and sell financial information about individuals from their employer’s database.
approaches to computer fraud79
APPROACHES TO COMPUTER FRAUD
  • Output Fraud
    • Involves stealing or misusing system output.
    • Output is usually displayed on a screen or printed on paper.
    • Unless properly safeguarded, screen output can easily be read from a remote location using inexpensive electronic gear.
    • This output is also subject to prying eyes and unauthorized copying.
    • Fraud perpetrators can use computers and (devices) tools to create counterfeit مخرجات مزورةoutputs, such as checks.
introduction80
INTRODUCTION
  • In this chapter we’ll discuss:
    • The fraud process
    • Why fraud occurs
    • Approaches to computer fraud
    • Specific techniques used to commit computer fraud
    • Ways companies can deter and detect computer fraud
computer fraud and abuse techniques
COMPUTER FRAUD AND ABUSE TECHNIQUES
  • Perpetrators have devised يبتكرmany methods to commit computer fraud and abuse اساءة . These include:
    • Data diddling العبث بالبيانات
    • Data leakage تسريب البيانات
  • Changing data before, during, or after it is entered into the system.
  • Can involve adding, deleting, or altering key system data.
  • Unauthorized copying of company data.
computer fraud and abuse techniques82
COMPUTER FRAUD AND ABUSE TECHNIQUES
  • Denial of service attacksانكار خدمات المهاجمين
  • An attacker overloads and shuts down an Internet Service Provider’s email system by sending email bombs at a rate of thousands per second—often from randomly generated email addresses.
  • May also involve shutting down a web server by sending a load of requests for the web pages.
computer fraud and abuse techniques83
COMPUTER FRAUD AND ABUSE TECHNIQUES
  • Denial of service attacks
  • Carried out as follows:
    • The attacker infects dozens of computers that have broadband Internet access with denial-of-service programs. These infected computers are the zombies عدم ادراك ما يجري (ميت عاد للحياة).
    • The attacker then activates the denial-of-service programs, and the zombies send pings (emails or requests for data) to the target server. The victim responds to each, not realizing they have fictitious return addresses, and waits for responses that don’t come.
    • While the victim waits, system performance degrades ينخفض until the system freezes up or crashes.
    • The attacker terminates the program after an hour or two to limit the victim’s ability to trace the source.
computer fraud and abuse techniques84
COMPUTER FRAUD AND ABUSE TECHNIQUES
  • Denial of service attacks
  • Eavesdropping استرقاق السمع
  • Experts estimate there as many as 5,000 denial-of-service attacks weekly in the U.S.
  • A denial-of-service can cause severe economic damage to its victim or even drive them out of business.
  • Perpetrators secretly observe private communications or transmission of data.
  • Equipment to commit these “electronic wiretaps” is readily available at electronics stores.
computer fraud and abuse techniques85
COMPUTER FRAUD AND ABUSE TECHNIQUES
  • Email threats
  • A threatening message is sent to a victim to induce the victim to do something that would make it possible to be defrauded.
  • Several banks in the Midwest were contacted by an overseas perpetrator who indicated that:
    • He had broken into their computer system and obtained personal and banking information about all of the bank’s customers.
    • He would notify the bank’s customers of this breach if he was not paid a specified sum of money.
computer fraud and abuse techniques86
COMPUTER FRAUD AND ABUSE TECHNIQUES
  • Email forgery مزور (aka (known asكنية ), spoofing سخرية)
  • Involves sending an email message that appears to have come from someone other than the actual sender.
  • Email spoofers may:
    • Claim to be system administrators and ask users to change their passwords to specific values.
    • Pretend to be management and request a copy of some sensitive information.
computer fraud and abuse techniques87
COMPUTER FRAUD AND ABUSE TECHNIQUES
  • Hacking الهجوم من قبل خبراء كمبيوتر
  • Unauthorized access to and use of computer systems—usually by means of a personal computer and a telecommunications network.
  • Most hackers break into systems using known flaws in operating systems, applications programs, or access controls.
  • Some are not very malevolent and mainly motivated by curiosity and a desire to overcome a challenge.
  • Others have malicious intent and can do significant damage.
computer fraud and abuse techniques88
COMPUTER FRAUD AND ABUSE TECHNIQUES
  • Phreakingهجوم على نظام التلفونات
  • Hijackingالسطو
  • Hacking that attacks phone systems and uses phone lines to transmit viruses and to access, steal, and destroy data.
  • They also steal telephone services and may break into voice mail systems.
  • Some hackers gain access to systems through dial-up modem lines.
  • Involves gaining control of someone else’s computer to carry out illicit activities without the user’s knowledge.
  • The illicit activity is often the perpetuation of spam emails.
computer fraud and abuse techniques89
COMPUTER FRAUD AND ABUSE TECHNIQUES
  • Identity theftسرقة الشخصية او الهوية
  • Assuming someone’s identity, typically for economic gain, by illegally obtaining and using confidential information such as the person’s social security number, bank account number, or credit card number.
  • Identity thieves benefit financially by:
    • Taking funds out of the victim’s bank account.
    • Taking out mortgages or other loans under the victim’s identity.
    • Taking out credit cards and running up large balances.
  • If the thief is careful and ensures that bills and notices are sent to an address he controls, the scheme may be prolonged until such time as the victim attempts to buy a home or car and finds out that his credit is destroyed.
  • Victims can usually clear their credit, but the effort requires a significant amount of time and expense.
  • Identity theft was made a federal offense in 1998, but it is a growing crime industry.
  • One U.S. postal inspector, whose job duties involved investigation of identity thefts, was himself a victim. The thief ran up $80,000 in debt under the postal inspector’s identity before the inspector discovered the problem.
computer fraud and abuse techniques90
COMPUTER FRAUD AND ABUSE TECHNIQUES
  • Perpetrators have devised many methods to commit computer fraud and abuse. These include:
    • Data diddling
    • Data leakage
    • Denial of service attacks
    • Eavesdropping
    • Email threats
    • Email forgery (aka, spoofing)
    • Hacking
    • Phreaking
    • Hijacking
    • Identity theft
computer fraud and abuse techniques91
COMPUTER FRAUD AND ABUSE TECHNIQUES
  • Perpetrators have devised many methods to commit computer fraud and abuse. These include:
    • Internet misinformation
  • Using the Internet to spread false or misleading information about people or companies.
  • May involve:
    • Planting inflammatory messages in online chat rooms.
    • Websites with misinformation.
    • Pretending to be someone else online and making inflammatory comments that will be attributed to that person.
    • A “pump-and-dump” occurs when an individual spreads misinformation, often through Internet chat rooms, to cause a run-up in the value a stock and then sells off his shares of the stock. A number of pump-and-dump cases have been prosecuted by the SEC.
computer fraud and abuse techniques92
COMPUTER FRAUD AND ABUSE TECHNIQUES
  • Perpetrators have devised many methods to commit computer fraud and abuse. These include:
    • Internet misinformation
    • Internet terrorism
  • Hackers use the Internet to disrupt electronic commerce and destroy company and individual communications.
  • Viruses and worms are two main forms of Internet terrorism.
computer fraud and abuse techniques93
COMPUTER FRAUD AND ABUSE TECHNIQUES
  • Perpetrators have devised many methods to commit computer fraud and abuse. These include:
    • Internet misinformation
    • Internet terrorism
    • Logic time bombs
  • A program that lies idle until triggered by some circumstance or a particular time.
  • Once triggered, it sabotages the system, destroying programs, data, or both.
  • Usually written by disgruntled programmers.
  • EXAMPLE: A programmer places a logic bomb in a payroll application that will destroy all the payroll records if the programmer is terminated.
computer fraud and abuse techniques94
COMPUTER FRAUD AND ABUSE TECHNIQUES
  • Perpetrators have devised many methods to commit computer fraud and abuse. These include:
    • Internet misinformation
    • Internet terrorism
    • Logic time bombs
    • Masquerading or impersonation
  • The perpetrator gains access to the system by pretending to be an authorized user.
  • The perpetrator must know the legitimate user’s ID and password.
  • Once in the system, he enjoys the same privileges as the legitimate user.
computer fraud and abuse techniques95
COMPUTER FRAUD AND ABUSE TECHNIQUES
  • Perpetrators have devised many methods to commit computer fraud and abuse. These include:
    • Internet misinformation
    • Internet terrorism
    • Logic time bombs
    • Masquerading or impersonation
    • Packet sniffers
  • Programs that capture data from information packets as they travel over the Internet or company networks.
  • Confidential information and access information can be gleaned from the captured data—some of which is later sold.
computer fraud and abuse techniques96
COMPUTER FRAUD AND ABUSE TECHNIQUES
  • Perpetrators have devised many methods to commit computer fraud and abuse. These include:
    • Internet misinformation
    • Internet terrorism
    • Logic time bombs
    • Masquerading or impersonation
    • Packet sniffers
    • Password cracking
  • An intruder penetrates a system’s defenses, steals the file of valid passwords, decrypts them, and then uses them to gain access to almost any system resources.
computer fraud and abuse techniques97
COMPUTER FRAUD AND ABUSE TECHNIQUES
  • Phishing
  • Sending out a spoofed email that appears to come from a legitimate company, such as a financial institution. EBay, PayPal, and banks are commonly spoofed.
  • The recipient is advised that information or a security check is needed on his account, and advised to click on a link to the company’s website to provide the information.
  • The link connects the individual to a website that is an imitation of the spoofed company’s actual website. These counterfeit websites appear very authentic, as do the emails.
computer fraud and abuse techniques98
COMPUTER FRAUD AND ABUSE TECHNIQUES
  • Phishing
  • One newly graduated college student recently took a job in California and deposited his first paycheck of approximately $5,000 in the bank.
  • That same night, he received an email from the bank, inviting him to click on the link in the email to set up online banking for his new bank account.
  • He followed directions and provided the requested information to set up online banking.
  • Two hours later, he was nervous and called the bank—only to find out that his bank account had been cleaned out and closed.
computer fraud and abuse techniques99
COMPUTER FRAUD AND ABUSE TECHNIQUES
  • Perpetrators have devised many methods to commit computer fraud and abuse. These include:
    • Phishing
  • As a rule of thumb, it is a good idea not to click on any link provided in an email and to go directly to the website instead.
  • PayPal, whose email address is commonly spoofed for phishing scams, offers the following advice:
    • If PayPal ever sends you an email, they will include your first and last name in the salutation of the email.
    • If you need to enter PayPal’s website, type “https:” in the URL instead of “http:” in order to enter on the company’s secured server.
    • If you receive a suspicious email, get out of your browser and go back in before proceeding directly to a company website.
computer fraud and abuse techniques100
COMPUTER FRAUD AND ABUSE TECHNIQUES
  • Perpetrators have devised many methods to commit computer fraud and abuse. These include:
    • Phishing
  • In 2004, a phishing-related scam took place in South America with respect to three large South American banks. Once an individual opened the related email, a script was downloaded on their computer. The script would alter the individual’s web browser so that if the user entered the URL of one of these three banks, the browser would redirect them to a counterfeit website for that bank. The oblivious user would provide ID and password information, and was instantly set up for a high-tech robbery of his bank account.
computer fraud and abuse techniques101
COMPUTER FRAUD AND ABUSE TECHNIQUES
  • Phishing
  • Consumer Reports suggests that if you have any questions about the legitimacy of a website, you should try entering the wrong password. A phishing website will typically accept an incorrect password—which cues you that it is a phishing scam.
computer fraud and abuse techniques102
COMPUTER FRAUD AND ABUSE TECHNIQUES
  • Example of a website produced for a phishing scam.
computer fraud and abuse techniques103
COMPUTER FRAUD AND ABUSE TECHNIQUES
  • Piggybacking
  • Tapping into a telecommunications line and latching onto a legitimate user before that user logs into a system.
  • The legitimate user unknowingly carries the perpetrator into the system.
computer fraud and abuse techniques104
COMPUTER FRAUD AND ABUSE TECHNIQUES
  • Round-down technique
  • Made famous in the movie, Office Space.
  • The programmer instructs the computer to round interest calculations down to two decimal places and deposits the remaining fraction into the account of a programmer or an accomplice.
computer fraud and abuse techniques105
COMPUTER FRAUD AND ABUSE TECHNIQUES
  • Perpetrators have devised many methods to commit computer fraud and abuse. These include:
    • Internet misinformation
    • Internet terrorism
    • Logic time bombs
    • Masquerading or impersonation
    • Packet sniffers
    • Password cracking
    • Phishing
    • Piggybacking
    • Round-down technique
    • Salami technique
  • Involves the theft of tiny slices of money over a period of time.
  • The round-down is just a special form of a salami technique.
computer fraud and abuse techniques106
COMPUTER FRAUD AND ABUSE TECHNIQUES
  • Perpetrators have devised many methods to commit computer fraud and abuse. These include:
    • Social engineering
  • Perpetrators trick employees into giving them information they need to get into the system.
  • A perpetrator might call an employee and indicate he is the systems administrator and needs to get the employee’s password.
computer fraud and abuse techniques107
COMPUTER FRAUD AND ABUSE TECHNIQUES
  • Perpetrators have devised many methods to commit computer fraud and abuse. These include:
    • Social engineering
    • Software piracy
  • Copying software without the publisher’s permission.
  • In the U.S., it’s estimated that 26% of software in use is pirated.
  • Fines for individuals and corporations are stiff, and individuals convicted of software piracy can serve jail terms of up to 5 years.
computer fraud and abuse techniques108
COMPUTER FRAUD AND ABUSE TECHNIQUES
  • Perpetrators have devised many methods to commit computer fraud and abuse. These include:
    • Social engineering
    • Software piracy
    • Spamming
  • Emailing an unsolicited message to multitudes of people, often in an attempt to sell a product.
  • Many times the product offers are fraudulent.
computer fraud and abuse techniques109
COMPUTER FRAUD AND ABUSE TECHNIQUES
  • Spamming
  • Spammers use creative means to find valid email addresses:
    • Scanning the Internet for addresses posted online.
    • Hacking into company databases and stealing mailing lists.
    • Staging dictionary (aka direct harvesting) attacks.
      • These attacks use special software to guess addresses at a particular company and send blank emails.
      • Messages not returned are usually valid.
      • These attacks are very burdensome to corporate email systems.
computer fraud and abuse techniques110
COMPUTER FRAUD AND ABUSE TECHNIQUES
  • Spamming
  • Companies may use filtering software to detect dictionary attacks, search mail for competitive leaks, and block inappropriate attachments, such as pornography and illegal MP3 files.
  • Filtering is not always viable. The director of internal audit at a major healthcare company changes email addresses frequently because of the volume of spam email in his inbox. When asked why his company did not filter the spam, he replied, “Because we’re a healthcare company, we cannot filter out any references to body parts or prescription medications.”
  • There is increasing public clamor for laws to clamp down on spamming. In December 2004, a federal judge awarded over $1 billion to a small Midwestern Internet service provider in an action against three spammers.
computer fraud and abuse techniques111
COMPUTER FRAUD AND ABUSE TECHNIQUES
  • Spyware
  • Software that monitors computing habits, such as web-surfing habits, and sends the data it gathers to someone else, typically without the user’s permission.
    • One type, called adware (for advertising-supported software) does two things:
      • Causes banner ads to pop up on your monitor as you surf the net.
      • Collects information about your Web-surfing and spending habits and forwards it to a company gathering the data—often an advertising or large media organization.
computer fraud and abuse techniques112
COMPUTER FRAUD AND ABUSE TECHNIQUES
  • Spyware
  • Usually comes bundled with freeware and shareware downloaded from the Internet.
  • May be disclosed in the licensing agreement, but users are unlikely to read it.
  • Reputable adware companies claim they don’t collect sensitive or identifying data.
    • But there is no way for users to control or limit the activity.
    • It is not illegal, but many find it objectionable.
  • Software has been developed to detect and eliminate spyware, but it may also impair the downloaded software.
    • Some is intentionally difficult to uninstall.
computer fraud and abuse techniques113
COMPUTER FRAUD AND ABUSE TECHNIQUES
  • Keystroke loggers
  • A keystroke logger records a user’s keystrokes and emails them to or saves them for the party that planted the logger. These are sometimes used by:
    • Parents to monitor their children’s computer usage.
    • Businesses to monitor employee activity.
    • Fraudsters to capture passwords, credit card numbers, etc.
    • A keystroke logger can be a hardware device attached to a computer or can be downloaded on an individual’s computer in the same way that any Trojan horse might be downloaded.
computer fraud and abuse techniques114
COMPUTER FRAUD AND ABUSE TECHNIQUES
  • Keystroke loggers
  • Spyware and keystroke loggers are very problematic for companies with employees who telecommute or contact the company’s computer from remote locations.
  • Spyware on those computers makes the company’s systems vulnerable.
  • Individuals are also exposed when they use wireless networks, such as those that may be available in coffee shops.
computer fraud and abuse techniques115
COMPUTER FRAUD AND ABUSE TECHNIQUES
  • Superzapping
  • Unauthorized use of special system programs to bypass regular system controls and perform illegal acts.
  • The name is derived from an IBM software utility called Superzap that was used to restored crashed systems.
computer fraud and abuse techniques116
COMPUTER FRAUD AND ABUSE TECHNIQUES
  • Trap doors
  • Also called back doors.
  • Programmers create trap doors to modify programs.
  • The trap door is a way into the system that bypasses normal controls.
  • The trap door should be removed before the program is implemented.
  • If it is not, the programmer or others may later gain unauthorized access to the system.
computer fraud and abuse techniques117
COMPUTER FRAUD AND ABUSE TECHNIQUES
  • Trojan horse
  • A set of unauthorized computer instructions planted in an authorized and otherwise properly functioning program.
  • Allows the creator to control the victim’s computer remotely.
  • The code does not try to replicate itself but performs an illegal act at some specific time or when some condition arises.
  • Programs that launch denial of service attacks are often Trojan horses.
computer fraud and abuse techniques118
COMPUTER FRAUD AND ABUSE TECHNIQUES
  • War dialing
  • Hackers search for an idle modem by programming their computers to dial thousands of phone lines.
  • Hackers enter through the idle modem and gain access to the connected network.
computer fraud and abuse techniques119
COMPUTER FRAUD AND ABUSE TECHNIQUES
  • War driving
  • Driving around in cars looking for unprotected home or corporate wireless networks.
  • If the hackers mark the sidewalk of the susceptible wireless network, the practice is referred to as warchalking.
computer fraud and abuse techniques120
COMPUTER FRAUD AND ABUSE TECHNIQUES
  • Perpetrators have devised many methods to commit computer fraud and abuse. These include:
    • Virus
  • Many viruses have two phases:
    • First, when some predefined event occurs, the virus replicates itself and spreads to other systems or files.
    • Another event triggers the attack phase in which the virus carries out its mission.
    • A virus may lay dormant or propagate itself without causing damage for an extended period.
computer fraud and abuse techniques121
COMPUTER FRAUD AND ABUSE TECHNIQUES
  • Virus
  • Damage may take many forms:
    • Send email with the victim’s name as the alleged source.
    • Destroy or alter data or programs.
    • Take control of the computer.
    • Destroy or alter file allocation tables.
    • Delete or rename files or directories.
    • Reformat the hard drive.
    • Change file content.
    • Prevent users from booting.
    • Intercept and change transmissions.
    • Print disruptive images or messages on the screen.
    • Change screen appearance.
  • As viruses spread, they take up much space, clog communications, and hinder system performance.
computer fraud and abuse techniques122
COMPUTER FRAUD AND ABUSE TECHNIQUES
  • Virus
  • Virus symptoms:
    • Computer will not start or execute
    • Performs unexpected read or write operations
    • Unable to save files
    • Long time to load programs
    • Abnormally large file sizes
    • Slow systems operation
    • Unusual screen activity
    • Error messages
computer fraud and abuse techniques123
COMPUTER FRAUD AND ABUSE TECHNIQUES
  • Perpetrators have devised many methods to commit computer fraud and abuse. These include:
    • Virus
  • Viruses are contagious and easily spread from one system to another.
  • They are usually spread by:
    • Opening an infected email attachment or file (most common); or
    • Running an infected program.
  • Some viruses can mutate, which makes them more difficult to detect and destroy.
  • The emails often appear to come from sources like Microsoft and seem very convincing.
computer fraud and abuse techniques124
COMPUTER FRAUD AND ABUSE TECHNIQUES
  • Virus
  • Virus protections include:
    • Install reliable virus software that scans for, identifies, and destroys viruses.
    • Keep the antivus program up to date.
    • Scan incoming email at the server level, rather than when it hits the desktops.
    • Certify all software as virus-free before loading it.
      • Software from unknown sources may be virus bait, especially if it seems too good to be true.
    • Deal with trusted software retailers.
    • Use electronic techniques to make tampering evident.
    • Check new software on an isolated machine.
    • Have two backups of all files.
    • Do not put diskettes or CDs in strange machines, or let others put unscanned disks in your machine.
computer fraud and abuse techniques125
COMPUTER FRAUD AND ABUSE TECHNIQUES
  • Perpetrators have devised many methods to commit computer fraud and abuse. These include:
    • Virus
  • Viruses attack computers, but any device that is part of the communications network is vulnerable, including:
    • Cell phones
    • Smart phones
    • PDAs
computer fraud and abuse techniques126
COMPUTER FRAUD AND ABUSE TECHNIQUES
  • Worms
  • A worm is similar to a virus except for:
    • A worm is a stand-alone program, while a virus is only a segment of code hidden in a host program or executable file.
    • A worm will replicate itself automatically, while a virus requires a human to do something like open a file.
  • Worms often reproduce by mailing themselves to the recipient’s mailing list.
  • They are not confined to PCs and have infected cell phones in Japan.
  • A worm typically has a short but very destructive life.
  • It takes little technical knowledge to create worms or viruses; several websites provide instructions.
  • Most exploit known software vulnerabilities that can be corrected with a software patch, making it important to install all patches as soon as they are available.
computer fraud and abuse techniques127
COMPUTER FRAUD AND ABUSE TECHNIQUES
  • The low-tech, do-it-yourself attack
  • You receive an email from a friend, apologizing profusely that he/she has previously sent you an email that was infected with a virus.
  • The friend’s email gives you instructions to look for and remove the offending virus.
  • You delete the file from your hard drive. The only problem is that the file you just deleted was part of your operating system.
  • Your friend was well-intended and has done the same thing to his/her computer.
  • REMEDY: Before even considering following instructions of this sort, check the list of hoaxes that are available on any virus protection website, such as:
    • www.norton.com
    • www.mcafee.com
introduction128
INTRODUCTION
  • In this chapter we’ll discuss:
    • The fraud process
    • Why fraud occurs
    • Approaches to computer fraud
    • Specific techniques used to commit computer fraud
    • Ways companies can deter and detect computer fraud
preventing and detecting computer fraud
PREVENTING AND DETECTING COMPUTER FRAUD
  • Organizations must take every precaution to protect their information systems.
  • Certain measures can significantly decrease the potential for fraud and any resulting losses.
  • These measures include:
    • Make fraud less likely to occur
    • Increase the difficulty of committing fraud
    • Improve detection methods
    • Reduce fraud losses
preventing and detecting computer fraud130
PREVENTING AND DETECTING COMPUTER FRAUD
  • Make fraud less likely to occur
    • Create a culture that stresses integrity and commitment to ethical values and competence.
    • Adopt an organizational structure, management philosophy, operating style, and appetite for risk that minimizes the likelihood of fraud.
    • Require oversight from an active, involved, and independent audit committee.
    • Assign authority and responsibility for business objectives to specific departments and individuals, encourage initiative in solving problems, and hold them accountable for achieving those objectives.
preventing and detecting computer fraud131
PREVENTING AND DETECTING COMPUTER FRAUD
  • Identify the events that lead to increased fraud risk, and take steps to prevent, avoid, share, or accept that risk.
  • Develop a comprehensive set of security policies to guide the design and implementation of specific control procedures, and communicate them effectively to company employees.
  • Implement human resource policies for hiring, compensating, evaluating, counseling, promoting, and discharging employees that send messages about the required level of ethical behavior and integrity.
  • Effectively supervise employees, including monitoring their performance and correcting their errors.
preventing and detecting computer fraud132
PREVENTING AND DETECTING COMPUTER FRAUD
  • Train employees in integrity and ethical considerations, as well as security and fraud prevention measures.
  • Require annual employee vacations, periodically rotate duties of key employees, and require signed confidentiality agreements.
  • Implement formal and rigorous project development and acquisition controls, as well as change management controls.
  • Increase the penalty for committing fraud by prosecuting fraud perpetrators more vigorously.
preventing and detecting computer fraud133
PREVENTING AND DETECTING COMPUTER FRAUD
  • Increase the difficulty of committing fraud
    • Develop a strong system of internal controls
    • Segregate the accounting functions of:
      • Authorization
      • Recording
      • Custody
    • Implement a program segregation of duties between systems functions
    • Restrict physical and remote access to system resources to authorized personnel
preventing and detecting computer fraud134
PREVENTING AND DETECTING COMPUTER FRAUD
  • Require transactions and activities to be authorized by appropriate supervisory personnel. Have the system authenticate the person and their right to perform the transaction before allowing the transaction to take place.
  • Use properly designed documents and records to capture and process transactions.
  • Safeguard all assets, records, and data.
  • Require independent checks on performance, such as reconciliation of two independent sets of records, where possible and appropriate.
preventing and detecting computer fraud135
PREVENTING AND DETECTING COMPUTER FRAUD
  • Implement computer-based controls over data input, computer processing, data storage, data transmission, and information output.
  • Encrypt stored and transmitted data and programs to protect them from unauthorized access and use.
  • Fix known software vulnerabilities by installing the latest updates to operating systems, security, and applications programs.
preventing and detecting computer fraud136
PREVENTING AND DETECTING COMPUTER FRAUD
  • Improve detection methods.
    • Create an audit trail so individual transactions can be traced through the system to the financial statements and vice versa.
    • Conduct periodic external and internal audits, as well as special network security audits.
    • Install fraud detection software.
    • Implement a fraud hotline.
preventing and detecting computer fraud137
PREVENTING AND DETECTING COMPUTER FRAUD
  • Employ a computer security officer, as well as computer consultants and forensic specialists as needed.
  • Monitor system activities, including computer and network security efforts, usage and error logs, and all malicious actions.
  • Use intrusion detection systems to help automate the monitoring process.
preventing and detecting computer fraud138
PREVENTING AND DETECTING COMPUTER FRAUD
  • Reduce Fraud Losses
    • Maintain adequate insurance.
    • Develop comprehensive fraud contingency, disaster recovery, and business continuity plans.
    • Store backup copies of program and data files in a secure, off-site location.
    • Use software to monitor system activity and recover from fraud.