Modus Operandi (29 page)

Computer Crimes

Individuals possessing modified personal ethics have long been at work devising methods to use the computer to satisfy greed. Money, physical assets, information, plans and virtually every other aspect of business entrusted to a computer have been stolen or otherwise criminally violated.

Losses can occur through criminal acts, malfunctions and natural disasters. Fraud, espionage and sabotage can be instigated by people, who may be employers, employees, suppliers, customers or other outsiders. Their intent may be personal gain or harm to the company. They may be interested in obtaining assets or information to establish or improve a competitive business. Finally, they may attempt to blackmail management with threats to perform criminal acts unless they are paid off.

What are the objects of computer crime? What attracts the criminal? Deliberate crimes against a company are always perpetrated for one or a combination of these three reasons: financial gain, competitive advantage or harm to the company.

Financial Fraud.
Financial gains through fraud are perpetrated far more often than the other two. Many embezzlers have the attitude that "the company can afford it" or "the company will never miss it." The targets are money or property such as the computer itself or the company's products, services, information, marketing strategy or personnel records. Products and services are fenced for money, while information, marketing strategy or personnel records are sold to competitors or used for blackmail.

Payroll.
Most sizable companies generate paychecks with the computer. Generally the information necessary to compute a payroll is stored in permanent computer files. This exposes the company in three ways: (1) Money can be stolen by manipulating the payroll; (2) These files can be sabotaged and are extremely costly to reconstruct; (3) Payroll information may be stolen and used to the detriment of the company.

Generally, tampering with payroll files can be made to appear accidental. If the criminal is discovered, he will plead accidental error and merely return the funds. Properly executed, the risk of prosecution in this type of theft is minimal.

In one case of payroll manipulation, a company submitted their payroll to a data processing center with a separate payroll report for each employee. The criminal simply inserted extra payroll reports into the system and removed them after the checks had been processed. Payroll checks were mailed to the nonexistent employees at a post office box from which the thief later retrieved them.

Accounts Receivable.
The accounts receivable file can very well be the lifeblood of a company. It provides a reasonably complete listing of the company's customers, particularly the biggest ones, who would certainly be of interest to competitors. But most importantly, in many companies, the only records of money owed lies in the receivable file. If this file suddenly disappeared, could it be regenerated? Would the company be able to establish who owed what? If bills could not be sent out for a month or two and much of the monies owed were suddenly removed from the cash flow pipeline, could the company survive? A loss such as this could be fatal because the company is thrown on the mercy of its customers. Some pay, some don't. Bankruptcy is often the result.

Industrial Espionage.
Computer crimes used to gain a competitive advantage are known as industrial espionage. Here the gain is the growth or increased profits of the competing company. Espionage is the practice of spying to obtain data or other information to gain unfair or dishonest advantages.

Operations Information.
The marketing and sales files stored in a computer usually contain customer lists and sales records as well as compensation information for sales personnel. They could provide customer information and also reveal the salesmen who are most effective and the nature of their compensation plan. All this information will be of great interest to competitors.

Management information stored in a computer can also reveal many aspects of long-range operational planning. There is increased use of gaming techniques to predict the effectiveness of long-range options. The results of these studies often include a detailed performance analysis of various departments or divisions of the company. Such planning and gaming could be invaluable information to a competitor or supplier.

Sabotage.
This is deliberate interference with the company's operation. Individuals perpetrating such crimes are usually looking for personal satisfaction such as settling a grudge rather than financial gain. Unions or activist groups may use sabotage to intimidate or blackmail management. Other activist groups may simply desire to draw public attention to a company whose activities are considered objectionable, unethical or illegal by these activists. An example of the groups might be anti-abortionists, environmentalists or animal rights activists.

Besides being susceptible to exploitation for financial gain, a data processing system is also susceptible to malicious damage, manipulation or destruction. The criminal may be an individual who feels he has not been given a fair deal by a company or it may be a striking labor union embroiled in negotiations with management. The intent here is to disrupt the company operations or blackmail the company by threatening such destruction.

At one time, Dow Chemical Company was a target of action groups opposing the Vietnam War. Its computer center was invaded and seriously damaged. The attackers had been thoroughly briefed; they understood the major points of vulnerability, and proceeded to effectively attack them. The cost to Dow was estimated at more than $1 million.

Banks and Financial Institutions.
A small miscalculation of interest or service charges is generally not noticed by the customer. Multiplied by a large number of accounts, this small miscalculation can provide the criminal with a handsome annual bonus. From the institution's standpoint this type of embezzlement seldom raises suspicion until enough customers object. And, who really understands how that stuff is calculated? Most of us take it for granted that the interest on our bank statement is correct.

Borrowing funds, stocks or other assets is another form of fraud. For example: An accountant works for a firm handling a large corporation's account. He comes in over the weekend and transfers $30 to $40 million of a company's assets to his own personal account for a period of two days and then transfers them back on Sunday night, so it will not show up on Monday's posting. That employee can earn, over the course of a weekend, several hundred thousand dollars in interest.

We are aware of an individual who attempted this on one occasion, and as fate would have it, Murphy's Law ruled. While driving to the office late Sunday night to re-deposit the money back into the company's account, he was injured in a major accident and was hospitalized for three weeks. Needless to say when he left the hospital he went straight to the unemployment line!

Airline Reservation and Car Rental Systems.
Since airline reservations and car rental systems rely heavily on data communications, wiretapping and other similar techniques can be used to obtain the information necessary to compromise the system. A terminal connection will provide access from which services can be obtained, after which the bills (computer records) may become lost (assigned to fictitious accounts) or fees reduced simply to nominal values. In the case of computerized car rental systems, an entire car's records can be shuffled through the agency until its auditing trail disappears. The entire car can then be made to disappear as well. In the case of airlines, baggage records are maintained on the main reservation file. Thus, it is possible to create a fictitious piece of baggage and then submit a claim for its loss.

Another computer scheme is
electronic data capture.
The way it works is you use a modem to manually enter credit card numbers. All you need is a list of numbers; you don't even need the card. Twenty-four hours later you have the money available to you and can draw out the money, leave town, and the local bank is left holding the bag. The bank wouldn't know about it until the customer gets his statement with the charge on it, which could be as much as forty-five days later, and reports that it's not their transaction. The charge reverts to the issuing bank and they are responsible for collecting the charge. This can cause serious losses for the banks.

Another fraud where the telephone and credit card are involved is
telephone sex.
Telephone sex operations are different from 900 numbers. The 900 numbers are typically billed by the telephone company. We're talking about a long-distance number you can call, and the first thing they want is a credit card number before they'll talk to you about anything you want to talk about. It's a booming business in different parts of the country. We get a lot of claims of fraud on the credit card. Typically the person talks two or three hours and then receives a bill with a charge of over $200. The customer will dispute the bill. A lot of the fraud comes when children get Mom and Dad's credit card number and call these services. There are also group sex calls, where people from different parts of the country, using their credit cards, can call and talk about whatever they want.

A new scheme that has popped up involves a disgruntled computer programmer who designs a program which dials into a credit card center. The computer will run a program designed to discover valid credit card numbers. The program inputs a series of credit card numbers that are submitted to the authorization center for a one dollar authorization. The center authorizes only the valid numbers. The programmer can take valid numbers and use them for other things, like ordering from catalogs.

Since mail order frauds can involve multiple states, government agencies have become involved in the investigations, including the Secret Service, the U.S. Attorney General's Office, and the Postal Inspections Service.

Money Laundering

Basically, money laundering is the conversion of money from a cash transaction system to a business transaction system. Money laundering involves hiding the paper trail that connects income to a person so he can evade the payment of taxes, avoid prosecution for federal, state or local offenses, and prevent any forfeiture of illegally derived income or assets.

It is estimated that $110 billion is laundered annually in the United States. This figure increases to $300 billion worldwide, which makes money laundering one of the most profitable businesses in the world. Intelligence sources indicate that a successful money laundering operation can launder an estimated $100 million or more annually.

It is clear that money laundering continues to pose a significant financial threat to the United States, particularly the New York City metropolitan area. New York City faces money laundering at all three stages of the process: placement, layering and integration.

Placement
Where drug money is directly used to found an operation, such as a legitimate business.

Layering
Where drug money is held or stockpiled while it is waiting to be integrated.

Integration
Where illegal drug money is mingled with legitimate money, such as in a restaurant, gas station or con-veneince store.

The nature of the New York City metropolitan area offers unlimited opportunities for money laundering. New York is one of the world's largest seaports, the financial capital of the United States, contains two leading international airports, diverse ethnic populations and a high demand for illegal narcotics. The location of New York as a major international gateway together with a highly diverse international population make the city an especially attractive venue for money laundering.

New York City is the headquarters for six of the world's largest financial institutions (three of which are the influential securities markets), the five largest and most important commodities and futures exchanges, and eleven clearinghouse banks. As an important financial center, New York is in the center of enormous daily movements of money through wire transfers. Industry estimates indicate that between $900 billion and $1 trillion is moved daily through the New York City wire transfer systems. Those systems are believed to be a significant avenue for money launderers to move their illicit source monies; moreover, wire transfers have been increasingly used by money transmittal houses. A study conducted by United States Customs Service and New York Regional Intelligence Division pertaining to wire transfers concludes that wire transfers will continue to be a dominant means for money laundering and fraud.

Narcotics trafficking continues to thrive in the New York area. Statistics indicate that the New York City metropolitan area is an extremely large consumer market for all types of drugs. It is estimated that 50 percent of all heroin users and 16.6 percent of all cocaine abusers are located here. The ethnic diversity of New York City and the access to international transportation provide smuggling organizations with a hub for their smuggling and distribution of narcotics. With those activities comes the need to launder illicitly obtained proceeds.

Additional sources of information that may indicate potential money laundering trends or activity are the criminal referral reports (CRR) and suspicious transaction reports (STR). Bank officials file these forms with the government when, in their judgment, an unusual or suspicious transaction has taken place. A review of CRRs for the New York area over the past months has revealed that money laundering exists here.