It is often a frustration to some, and possibly a challenge to others, that local laws and investigative techniques are consistently one, or in some cases many, steps behind those upon whom they are focused.
In what appears to be a never-ending game of cat and mouse, we regularly witness clever, albeit unscrupulous, individuals finding ingenious ways to swindle the system and then the police, investigators, lawyers and judiciary alike scramble to find ways to deal with it.
This on going Tom & Jerry-type relationship is nowhere more visible than in the ever-changing realm of technology and digital forensics. For the most part, forensic experts (the Tom in this scenario), have kept up pretty well. For each new devious method of deleting, disguising or hiding that a potential crim or disgruntled ex-employee may utilize, the examiners are not far behind, writing scripts and creating software to recover, reveal and expose it.
In last few years, who wins has often come down to the software present on the device or the existence and accessibility to software that can perform a desired task. These factors have, in a sense, determined the parameters in which the game is played.
An erstwhile Australian entrepreneur, who owned nightclubs, drove luxury cars, had his own cruising yacht and more than enough mansions and other property, has been arrested in Las Vegas. Appearing in a US Federal Court, he was charged with running a $US540 million money-laundering scam. That’s a lot to achieve by the age of 27, though the prospect of 75 years in a US penitentiary isn’t a great way to round off a career. All of this has transpired in a short space of time. Few people had heard of Queensland-born Daniel Tzvetkoff until the founder of online payment processing firm, Intabill, purchased a $A27 million luxury pad on that state’s Gold Coast – Australia’s Miami – in 2008.
His world fell apart in 2009 when his business partner slapped a $A100 million lawsuit on him, which led to him filing for bankruptcy in November. The mansion was one of the first things to go, at a greatly reduced price.
Now Tzvetkoff’s charges include gambling conspiracy, bank fraud conspiracy, money-laundering conspiracy and plain money-laundering. The main thrust of these charges is that he aided illegal online gambling enterprises in laundering that half-a-billion dollars into offshore accounts. Though banks prohibit internet credit card gambling, it is alleged that Tzvetkoff tricked them into accepting that the gambling deals were nothing more than routine business transactions. Having established his credentials in that way, he proceeded to utilise the automated clearing-house system to funnel millions of dollars between the United States and a network of firms in the British Virgin Islands. The FBI alleges that among his electronic correspondence it found messages that bragged how Intabill had hired computer experts to create distinctive websites for companies that would put anyone checking them out right off the scent. They would have no way of discovering the linkages between any of the firms involved.
If you feel there’s a chance that your business could have been unwittingly drawn into a dangerous web of intrigue like this, match cleverness with cleverness. Call in a team of professionals quickly. They’ll use advanced techniques like computer forensics to tell you exactly where you stand and what you need to do – fast.
Australian TV viewers were entertained on April 12 to the strange tale of two accidental bank robbers. They never actually planned to rob a bank but before they knew it, that’s exactly what they found themselves doing. Now that’s really stupid, you say to yourself. But how sure are you that that’s not what some of your employees are doing to you and your business right now? Intriguingly, many cases of staff fraud begin just that way, not with grand plans to embezzle large sums of money. Rather, the opportunity to pilfer is recognised when checks and balances aren’t seen to be in place. It starts with small amounts like $50 to cover the groceries, which aren’t paid back. Soon it’s hundreds, then thousands, and sometimes millions. Things get out of hand quickly.
It was one of the two young Australians involved, Anthony Prince, who was telling the nation his story. He’s recently completed a 4½-year prison stint in the US, where he and his accomplice were convicted in 2005. They were both 19 at the time and were on a working holiday in the famed ski resort of Vail, Colorado. “We didn’t really want to rob a bank,” Prince explained. “We were just talking about it … joking about how we could actually do it and then before we knew it, it just turned serious. You’d have to be retarded to think you can get away with it.” Arming themselves with replica pistols and wearing facemasks, they stormed the Weststar Bank – where they were regular customers – and stole $US132,000. They were wearing name-tags from the sporting goods store where they worked, and failed to disguise their stand-out Australian accents, which made it easy for the tellers to identify them.
Hours later, the pair went on a buying spree, photographed themselves in a public toilet posing with the stolen cash and then purchased one-way air tickets to Mexico. They were arrested at Denver International Airport and hauled off to court. Prince’s accomplice, Luke Carroll, was sentenced to 5 years because he pushed one of the female tellers to the ground and injured her arm during the robbery. You can’t help laughing, but when you stop, do consider calling in a professional team to scan your business for irregularities. Computer forensics is but one of the methods they’ll use to tell you what’s going on right under your nose.
So constant are reports that bombard us of cyber attacks, Ponzi schemes, brazen employee fraud and crippling data theft, that many business managers view their offices as little different to a car-wash spraying threats left, right and centre. Within this maelstrom of high-pressure jets, awareness of the dangers that corporate espionage can pose dissipates, if not disappears completely. Even defining the term “espionage” in a business context is challenging for many. Traditionally, it was called “industrial espionage”, which focused minds on R & D results and scientific breakthroughs that created new, top-selling products. But it never quite covered things like pilfering intellectual property, hacking into another firm’s tender for a major project or stealing a competitor’s financial strategy. Corporate espionage is as good a term as any to embrace all of the above, and much more.
Here are five key areas where you need to be alert to danger, often right under your nose, that could end up destroying your business whether it’s a large-scale or small operation. Threats can be internal or external, electronic or human – or a combination of each. In a global community, they can come from well over the horizon, and from angles you might consider least likely.
1. Know Your Company’s Strengths.
While there aren’t many business managers who don’t know where their profit comes from, a significant number will automatically assume that it is only the strengths that drive those profits that someone else might wish to steal. The two do not necessarily equate. What may appear to you to be a minor part of your production chain could be the missing link for a domestic or overseas competitor. To get at it, they might try to hack into your computer system or perhaps pay one of your employees to hand it over. These days, it’s unlikely to involve a page photocopied from a manual. It’s more probable that it will be available electronically and brought out on a disc, a portable USB drive, if not emailed directly. Make sure that if that missing link is a physical component – like a ceramic chip – you don’t unwittingly hand it over yourself when an overseas delegation visits your plant feigning interest in purchasing large quantities of your finished product. It is vital to know where you sit within the global system.
When Bernie Madoff’s massive fraud hit the headlines it was often said that it could ever only happen in New York. Well, on a per capita basis, New Zealand – a magical place, known as The Land of the Long White Cloud – is providing stiff competition. It might be as far away from the Big Apple as you can get, but therein lies the lesson: you need to be alert to fraud anywhere. In almost any business, especially banking, you must have sophisticated systems in place that offer protection. Financial analysis, transactional analysis and computer forensics are but a few of those involved.
The guilty New Zealander is investment banker Stephen Versalko, 51, who has just been sentenced to six years in prison for stealing $NZ18 million from his employer, ASB Bank. OK, that hardly ranks alongside Madoff’s billions and his 150 years in the slammer, but in a small community like New Zealand shame carries a lot of weight. Versalko’s prospects of ever running a business again are about as bright as Bernie’s. Details of the case revealed in court show how many warning lights were flashing. Two prostitutes received over $3 million from Versalko, while much of the rest went on wine, property and making interest payments to clients to keep the scam running.
The prosecutor described the fraud as the biggest employee theft in the country’s history – a classic Ponzi scheme in which investors received interest payments from their own capital or from newer investors. To top it off, Versalko was exposed when one of his 30 wealthy victims saw a TV documentary on Madoff and became suspicious. Versalko admitted that he felt he was Mr. Invincible.
Yes, it can. And probably before you have a clue about the fate that awaits you. It happens in a number of ways. But first, think how huge the global pool of networkers is, spanning well-known sites like MySpace, Facebook, YouTube and many others. The latest US data shows Facebook surging ahead, with its overall number of users now surpassing 400 million. To put that in perspective, only two countries have a greater population – China and India. One thing you can be dead sure of these days is that a vast number of your employees are swimming in that pool. And what’s going into the water with them could be your core intellectual property, private customer data, information on financial strengths and weaknesses, and even details of that tender you’re about to lodge. You know, the one you’re certain to win and which will guarantee your firm’s survival after the battering you’ve taken in the GFC.
‘Loose lips sink ships’ is an old wartime catchphrase that points to how most of this spillage occurs. Your staff talks without thinking and others pick up their banter. Bear in mind, surveys show 98% of users volunteer enough data for their identity to be readily stolen. How careful then, are they likely to be with your corporate secrets? Because advertisers increasingly use this medium to reach a mass audience, networkers perceive an aura of business legitimacy about it. But that’s only your ‘innocent’ employees. Think how much worse it is when they’re malicious. Even the FBI in the US, we now learn, is swimming in these same waters to track down a host of wrongdoers. Of course, FBI operatives are the goodies. Imagine the baddies targeting your operations?
If this frightens you, and it should – after all, your board would expect it to – call in a group of experienced professionals without delay. See how they can help you protect your business, or, to put it another way, fulfil your responsibilities. Their sophisticated methods, like computer forensics, stretch well beyond social networking and will throw up a range of other threats you may never have thought of. There are too many to mention, but fraud is commonly high on the list.
If you’re into robbery and you take the money, at least you have the hot feel of cash in hand. But if you’re a true professional you’ll go for the bank’s intellectual property, its customer details plus their spending and investment habits, and any other data with high value in the business world. Now that’s a much more sophisticated game and besides, one where you don’t need acetylene torches and gelignite. It’s also a pursuit where management may not know what’s been stolen from right under their corporate nose until it’s far too late. CEOs and senior executives have many nightmares and this is but one: staff resigning and taking the crown jewels with them. It can happen at almost any level of the hierarchical chart. Can you protect yourself from such a calamity? Yes, and transactional analysis and computer forensics are just two of the sophisticated methods that experienced professionals apply to help you stay on the front foot.
This scenario may well be exercising the minds of senior executives in Tokyo at Nomura, the Japanese investment bank that has only recently integrated the non-US assets of Lehman Brothers. That’s a lot for any python to digest and the last thing you want in the process is a burst in the seams. But early in March, Nomura’s head of equities in Asia, followed by the joint-head of fixed income, indicated they were stepping down. Then the bank’s head of telecoms, media and financial practice in India also left. Now Nomura’s been hit with its highest profile departure: its chief executive for Europe, the Middle East and Africa, who was actually the architect of the Lehman acquisition.
This is not to insinuate in any way that these high-calibre executives are “robbing the bank”. Rather, it’s to highlight the extreme danger that can confront a business when resignations – and especially sackings – take place. You can’t protect yourself after the event, but you can be proactive beforehand. The right professionals will equip your business with monitoring and analytical capabilities that not only detect fraud in standard times but also pick up variations that forewarn you of imminent departures. It’s state-of-the-art and fundamental to security. Ignore it at your peril.
The global financial crisis has thrown up so many examples of fraud and financial mismanagement on such a mammoth scale that cases like Enron pale into relative insignificance. Fallout from the GFC has impacted heavily on those who value integrity in business, with their state of confusion equalling the carnage wrought by the crisis itself. Now the release of the 2,200-page report by Anton Valukas, appointed by a US court to probe the reasons for Lehman Brother’s failure in 2008, leaves many again shaking their heads in disbelief. Valukas paints a damning picture, not only of the bank’s top management, but also of other major institutions that have a vital role to play in business everywhere. It is a further blow to the already battered credibility of the entire banking industry.
Central to the Lehman case are its off balance-sheet trades, using devices like “Repo 105”, which enabled it to shift some $US50 billion off its books. These transactions, never disclosed to investors, rating agencies or regulators, are described by Valukas as “an accounting gimmick” and “window-dressing”, making the organization look healthier than it was. Some of his heaviest criticism is levelled at Ernst & Young, the Big Four auditor, for the role it played in Lehman’s bankruptcy, raising again the spectre of Enron and shonky accounts. One experienced US attorney has said that the idea that such a firm would sign off on all this is “absolutely incredible”. He stressed that the auditor had a public duty beyond its client to say to Lehman Brothers, no, you just can’t do that.
Then there’s the question of Lehman’s elite London law firm that also signed off on the controversial transactions. And all this against a backdrop of other major GFC failures, like the key ratings agencies that were missing in action when they were most needed.
You couldn’t help but feel for 61-year-old James Sikes as the TV news featured his runaway Toyota Prius on a wild ride along a Californian freeway. Who would want to be in his shoes as he pushed the brake pedal flat to the floor to no avail? The car just kept accelerating, reaching speeds of more than 90 mph (144 km/h). Neither would we have wanted to be in the shoes of Toyota’s senior management as they watched the same footage. The only thing that linked them to Sikes and to millions of viewers around the globe was his emergency phone call that led to a razor-sharp highway patrolman helping him bring his car to a stop. But where did the saga start? While the jury’s still out, some Toyota employees have suggested the company ignored warnings that something was wrong. If true, that would constitute fraud on a number of fronts: fraud between manufacturer and customer, between the engineers involved and management, and between Toyota and its worldwide network of distributors.
It’s not a pretty picture for a company that has long enjoyed a reputation for quality. But it’s a scenario that all business managers dread. Inevitably there’ll be a technical explanation, but the situation will no doubt have been exacerbated by well-known human and organisational failures. Somebody in the managerial food chain didn’t want things seen to be going awry on their watch; nobody was bold enough to warn divisional chiefs that trouble was brewing; nobody at the top had an independent means of reaching down into the company’s engine room to monitor reality for what it was, rather than what others wanted it to be.
That’s the lesson in all this. As a company chief, you can have your own eyes and ears. Bring the right professionals on board and they’ll apply techniques like transactional analysis and computer forensics to give you an accurate portrayal of reality. Is it wrong to second-guess your managers? Are you going behind their backs, or are you simply doing your duty? When is secrecy justified, and how do you cover it up in your company accounts? It can be tough at the top, but that’s what you’re paid for.
Companies of all sizes are increasingly using sites like Twitter, Facebook and LinkedIn to advertise their services and products, to communicate with customers, and even to recruit new employees. Most businesses, however, remain unaware of the dangers that lurk in this rapidly expanding arena. Phishing scams are but one example of this, where devious ploys are used to manipulate employees into clicking on links that immediately download malicious software into your computer system. Once inside, this malware can run riot, gathering sensitive personal and company data at will, much like a vacuum-cleaner, all to be used later to perpetrate fraud or to steal someone’s identity. Pharming is another danger, similar in nature to phishing, whereby an employee is encouraged to click on a link in a bogus email that then directs them to a false website geared to fleece them. Smishing is the mobile phone form of phishing, where a text message contains the menacing link.
These, of course, are incoming threats. On the outgoing side, there are employees who divulge sensitive corporate information while on social networking sites. There, their idle banter can be harvested as public property and used in a way that may damage your company’s reputation, if not demolish public trust in your products and services.
Just how insidious social networking sites can be was brought home to Britons when the UK Justice Minister, Jack Straw, revealed in February that 30 Facebook pages had been taken down because prisoners were using them to taunt their victims. Facebook removed the offending pages within 48 hours. “It’s not that people at Facebook have a different sense of morality from us,” the Minister told the BBC. “They have the same sense of morality but they have to police hundreds of thousands of their sites, so what we have to do is set up a better system with Facebook.” He said he was reassured by the cooperation his department was receiving from Facebook as the government sought a longer-term solution “to this very modern version of the old problem of victim harassment.”