Archive for August, 2009
Bribery and Corruption: Keeping Your Business Within the Law
If you’re doing business with China, here’s something worth reading. It applies to many other countries as well and highlights why it pays to have on call a professional team of investigators that can warn you when your company is shaving close to the wind. Things like computer forensics, transactional analysis and forensic accounting could save you from the sort of embarrassment you don’t want to think about. Many in the international business world follow the travails of Stern Hu, the Australian citizen representing the iron ore interests in China of giant Anglo-Australian mining house, Rio Tinto, who was arrested in July for stealing “state secrets”. Now China is engaging in introspection on how its own business practices stack up.
What brought this on in China was a recent court case in California in which a US-based firm, Control Components (CCI), pleaded guilty to bribing officials in six huge Chinese state-owned enterprises, including China National Offshore Oil Corporation (CNOOC) and PetroChina. They don’t come much bigger than that. The bribes, which added up to nearly $US50 million, occurred over a ten-year period and also involved a number of other companies outside China. Control Components was fined just over $US18 million earlier in August for having violated the US Foreign Corrupt Practices Act, and six of its executives still face charges of their own.
Not unexpectedly, the Chinese companies claimed that after exhaustive investigations of their own, no such cases of bribery had been uncovered.
Cybercrime’s Kingpin Nabbed
The indictment this week of 28-year-old American, Albert Gonzalez, has to be a salutary and sobering warning to business of the need to have a top computer forensics team working on your side. The sheer scale of the global operation that Gonzalez and his two Russian accomplices are alleged to have masterminded is mindboggling: to steal data from more than 130 million credit and debit cards by hacking into the computer systems of five major companies, including Hannaford Bros supermarkets, 7-Eleven and Heartland Payment Systems, a credit-card processing company. The fact that Gonzalez once worked with Federal authorities is just one of the ironic twists in this tale.
This is not the sort of story The Wall Street Journal enjoys running, but in its August 18 edition it provided all the gory details. Federal prosecutors have charged the threesome with carrying out the largest hacking and identity-theft exploit in US history. Welcome to the reality of today’s cyber world.
The indictment in the New Jersey Federal District Court comes after at least five years of criminal activity that has seen the alleged orchestrator, Gonzalez of Miami – a high-school graduate and self-taught programmer – fall in and out of the federal grasp. Detained in 2003, he was briefly an informant to the Secret Service before allegedly returning to commit even bolder crimes. Authorities have previously claimed he was the ringleader of a data breach that siphoned off more than 40 million credit card numbers from the TJX companies and others last year, costing the parent company of the TJ Maxx retail chain $US200 million. Gonzalez, who is currently in Federal custody in New York, is awaiting trial for alleged efforts to hack into the network of a national restaurant chain, plus he faces charges in Boston on the TJX matter.
Survey of Enterprises Shows Data Breaches on the Rise
If you’re worried about cyber-attacks on your company’s data – and you won’t find many people in business today that aren’t – the latest survey confirms that the trend is on the rise. When Australian organizations were first studied a year ago by a US-based research body, 56% revealed that they had been hit by at least one breach in the past 12 months. Now the 2009 Annual Study: Australian Enterprise Encryption Trends has shown that the figure has soared to nearly 70%. The writing is on the wall: make sure you have a good computer forensics team on hand that can handle the sort of transactional analysis and investigation you need to avoid a ‘worry’ turning into a nightmare.
The Australian survey, carried out by The Ponemon Institute and the PGP Corporation, both involved in data protection, also reveals that the number of firms experiencing multiple breaches is up from 28% in 2008 to 41% this year. Of those organizations admitting to a breach in the last 12 months, 65% were never publicly announced. In many countries, there is no legal or regulatory obligation to disclose such penetrations, so the only thing we can be sure of is that we’re only seeing the tip of the iceberg. PGP president and chief executive, Phillip Dunkelberger, put this into perspective by noting that, “Data is being treated like currency by organised crime, and not just mischief-makers these days, and is now highly valuable.”
If you’re concerned about your company’s vulnerability, call in a rapid-response team without delay and put your mind at ease. Not only will you discover what sorts of breaches have occurred, but you can also put in place the protection you need as well as have your staff briefed on other dangers lurking in both cyberspace and on the ground.
Cyberspace and Your Vulnerabilities
Few people’s lives – let alone businesses – are untouched today by the Internet and social networking sites. And yet few understand the dangers that lurk in these major dimensions of the new information age. Over 80 per cent of America’s largest advertisers are now using Facebook to promote their wares, which implies that social networking is now going mainstream – and not just in the United States. If you’re running a business and you’re unsure of the implications of this for your company, you should consider bringing in a team of experts in computer forensics that can audit your activities and keep an eye on your hot spots.
Don’t wait for the first signs to emerge that you’ve already been taken to the cleaners.
Now a Georgian blogger has claimed in an interview with The Guardian that he was the victim of a cyber attack engineered by the Kremlin. That mightn’t surprise many people, until you realise that the assault affected three worldwide services – Twitter, Facebook and LiveJournal – and hundreds of millions of global users. It was the same sort of cyber attack that disabled South Korean and US government websites in July. The Georgian believes that the Kremlin was out to silence his criticism of Russia’s actions in the disputed border region of South Ossetia. He points out that an attack on such a scale could only have been organised by the Russian government. No one else has such huge resources – and the motivation.
China’s Largest Suspected Bank Fraud
If you’re head of a corporation and you don’t want to wake up one morning to a scenario like this in your own front garden, you should make sure you have a top forensic investigation team on side. As The Financial Times outlined on its front page on August 6, details are emerging of what could be China’s biggest bank fraud, after the former chairman of a company listed on London’s Alternative Investment Market appeared in a Chinese court last week.
Prosecutors in the southern Chinese city of Guangzhou allege that Wang Sheng, former chairman of Canton Properties – a prominent developer in southern China – obtained around $US700 million of illegal loans from the Bank of Communications, a state-controlled lender that is 18.6 per cent owned by HSBC. Wang, it appears, was the main recipient of these loans, which had been arranged with the help of a senior BoComm executive and never actually made available to the company.
Liu Changming, the former president of BoComm’s Guangzhou headquarters, seemingly fled the country soon after authorities launched an investigation in late 2007. He is still on the run despite a global alert being issued by Interpol for his apprehension.
Security of Cloud Services Challenged
Security researchers have recently thrown up new ways of attacking corporate data stored with the increasingly popular “cloud” services. This will undoubtedly add to concerns about the much-vaunted technology and deter many major enterprises from adopting it. If your company is already using these services, or is contemplating doing so, it would pay to consult professionals in Internet security and computer forensics who can map out your firm’s vulnerabilities for you. How susceptible are your operations to cyber hacking and unauthorised access? Are your encrypted files and passwords really safe? What should you do to stay ahead of the game?
The Financial Times (August 3) highlighted how a presentation at the Black Hat USA security conference in Las Vegas at the end of July showed how users of Amazon’s Elastic Compute Cloud (EC2) services were tricked into utilising virtual machines that could have included “back doors” for snooping. Another criticised Amazon and Microsoft for relying on insecure methods for granting access to their sites after users claimed to have forgotten their passwords.
These sorts of developments help illustrate why off-site computing power, data storage and software have not matured to the level that the largest potential clients would require. Gartner security analyst, John Pescatore, has pointed out that the security of these cloud-based infrastructure services is like Windows in 1999: “It’s being widely used and nothing tremendously bad has happened yet. But it’s just in the early stages of getting exposed to the Internet, and you know bad things are coming.”
