Archive for September, 2009
A recent survey of 2,000 Internet users in Britain, commissioned by VeriSign UK – part of the American network infrastructure firm – has revealed how prevalent this form of online crime is. The monetary loss in Britain in the past year alone has been put at £2.61 billion. Of the UK’s population, not only has 12 per cent been a victim of online ID fraud, with an average of £463 stolen, but 14 per cent are still waiting to be reimbursed. Many victims say they have been extra careful when buying online, but with so many fraudsters lurking in the shadows it is clear that much more education on how to protect yourself is required.
The survey found that in general British web users are conscientious when it comes to online shopping. Of the respondents, 82 per cent claimed to buy only from sites with enhanced security settings, with 3 per cent more women saying they checked security before making a purchase. People aged between 45-54 are defrauded most often, with Londoners the most careless online buyers and the Welsh the biggest victims. Interestingly, Scots are the least likely to fall victim.
Richard Hurley, communications manager at CIFAS, the UK’s Fraud Prevention Service, comments that, “Increasing numbers of cost-conscious consumers are now shopping online, and whilst the rise in online spending is great for online retailers, it opens up a Pandora’s Box of security threats. Cyber criminals are undoubtedly getting more devious, but consumers can easily lessen the likelihood of online fraud by stepping up their own awareness of how they can protect themselves.”
Most people are aware that dangers lurk on the Internet, but they are often amazed when they discover just how destructive attacks can be. And threats tend to come from the most unexpected quarter. In Australia, for example, the federal taxation commissioner recently warned that identity theft and the rorting of online tax refunds were a particular problem. Blatant and increasingly sophisticated scams, he said, were causing havoc in the lives of those innocent people targeted, adding that, “If your identity is stolen it can take years to put things right.” The commissioner’s worry, of course, isn’t just the loss of revenue but also a national loss of confidence in the tax system itself. What if you, as an individual or as a company chief, had your reputation destroyed? That of your company would go with it as well.
So how do you fight back against those who use the anonymity of the Internet to commit such crimes and to cause harm and distress? That’s where Internet forensics come in. Here are six areas in which professionals experienced in this state-of-the-art field of investigation can help you retrieve what you’ve lost.
1. Tracing Anonymous Emails.
As experts in the field of computer forensics will tell you, cyber attacks are usually a deadly serious business. Cleaning up after them can be time-consuming and expensive. With the threat continuing to expand, organizations need to be on constant alert, with staff regularly made aware of emerging dangers. Slip-ups, however, can bring this process into ridicule, ultimately serving only those who seek to abuse the electronic systems upon which we increasingly rely.
An example of this came in Australia recently where a group of disgruntled geeks crashed the prime ministerial website.
As The Australian Financial Review – the country’s national daily economic newspaper – highlighted on September 11, experts from one of the government’s super-sensitive spy agencies had to be called in to help. This was an embarrassing affront to the hundreds of millions of dollars of taxpayer money spent on cyber security by the Defence Signals Directorate (DSD), the equivalent of the US electronic eavesdropping organization, the National Security Agency, and Britain’s GCHQ. A brand new Cyber Security Operations Centre was put in place by DSD in May this year to handle threats such as suspected Chinese and Russian government probes of computer systems. Now it has been called in to help stop a group of geeks attacking the prime minister’s site to protest against the government’s attempts to censor the internet.
Glance at any business magazine or financial newspaper these days and you’ll spot at least a couple of references to the spread and impact of social networking. Often a new threat is revealed, one that not only shocks the reader as an individual but also alarms business people who quickly recognise the implications for their company. That’s why it pays to have the cell-phone number of an experienced team of experts in computer forensics close to hand. If you fear you might already be in trouble, you’ll need to call straight away.
A good coverage of this evolving challenge came in The Financial Times on September 2 in a lengthy article examining how friends and not editors were shaping internet habits. Traditional portals are being spurned as sharing makes news personal. The problem is that cyber-crooks have picked up on the growing trend among users of social networks to share links. The technological ease of doing so brings with it a security risk that can have a knock-on effect on the popularity of such sites. That’s the view of the FT’s San Francisco correspondent, Joseph Menn, who defined the dangers involved.
He explains how spammers and cyber-crooks are using the new conventions to disguise their dangerous programming and get around online security policies at the same time. The problem stems from the habit among users of the likes of Facebook to use shortened web addresses, or urls, when they forward items of interest to friends. On Twitter, such shorthand is essential, since traditional urls – often composed of long combinations of numbers, letters and forward slashes – can eat up most or all of the 140 characters allowed for each tweet.
Computer forensics came to the fore once again during an investigation into four top British executives with allegations that one of them had used special software to destroy critical financial documents shortly after the investigation was launched. Digital forensic investigators seized and forensically imaged multiple computer, laptop & server hard drives as part of the government agency investigation in the U.K.
MG Rover Group Limited was best known for manufacturing the MG spitfire sports car as well as the Rover sedans after it emerged from the nationalised British Leyland Car Company in 1986. In 1994, Rover was sold to BMW which made heavy investments into the company to revive the brands’ appeal. However, by 2000 BMW decided to sever links and Rover was sold for £10 [US$16] to Phoenix Venture Holdings, headed by John Towers. [Land Rover was sold off separately to Ford whilst BMW kept an interest in the production of the Mini].
Though Phoenix Venture Holdings had bought Rover for just £10 [US$16], there was a side transaction whereby Phoenix and it’s four directors bought the Rover cars finance and lease loan book from BMW for £313 Million [US$515 Million] in 2001.
For anyone interested in the sophisticated art of computer forensics and analysis, whether you work for a government agency or a business, an article in The Wall Street Journal on September 4 had particular relevance. One of the Journal’s writers, Siobhan Gorman, revealed a major technological breakthrough, one that intelligence insiders claim is the world’s most effective analytical tool for investigating terrorist networks. And it’s come from a virtually unknown software start-up.
Based in Silicon Valley, Palantir Technologies has created a user-friendly search tool that can scan multiple data sources at once, something that previous search tools couldn’t do. That means an analyst who is following a tip about a planned terror attack, for example, can more quickly and easily unearth connections among suspects, money transfers, phone calls and previous attacks around the globe. Palantir’s software has helped root out terrorist financing networks, revealed new trends in roadside bomb attacks, uncovered details of suicide bombing networks and discovered a spy infiltration of an allied government, according to current and former US officials familiar with the events. It is now being used by the CIA, the Pentagon and the FBI.
Yet Palantir remains an outlier among government security contractors. It rejected advice to hire retired generals to curry favour with the agencies and hired young government analysts frustrated by working with slow-footed technology. The company’s founders knew little about intelligence gathering when they started out. Instead, they went on a fact-finding mission, working with analysts to build the product from scratch. The technology they’ve produced is increasingly valuable to spies confronting an information explosion, where terrorists can hide communications in vast data streams on the Internet. A former US Assistant Secretary of Defense has said that this is a new way of war fighting.
Even if Bernard Madoff does manage to complete his 150-year sentence, due to exceptional family genes and a nutritious prison diet, he’s already earned his place in history. And that’s not just because he’s laid down the ground rules for becoming a bold and brazen con man. Rather, it’s due to key lessons he’s taught us about weaknesses in the regulatory system that were just waiting to be exploited. Those same shortcomings exist in businesses too, big and small, around the globe. The message is, if you think something might be awry in your firm get onto the appropriate professionals without delay. Make sure they’re experienced and able to handle state-of-the-art forensic investigation because that’s what you’ll need.
The full 477-page report of the US Securities and Exchange Commission’s inspector-general, recently released, makes for heavy reading. It’s scathing, and one thing leaps out from its meticulous detail: the number of opportunities to catch Madoff that were missed, and why.
Even when the SEC’s own officers remained extremely worried about his integrity, the Commission’s enforcement division closed down its investigation into Madoff’s business, claiming it was a “fishing expedition”. That was less than a year before Madoff confessed to running one of history’s biggest ever Ponzi schemes. The inspector-general concluded that the breakdown on the SEC’s part was not the result of the “misconduct of a particular individual or individuals, and found no inappropriate influence from senior-level officials”. At least that’s comforting. What isn’t, is his conclusion that the Commission failed systematically during its inquiry into Madoff’s 17-year long scheme, missing the significance of eight separate complaints. Each of these offered an opportunity to expose the fraud.
The perils of focusing too strongly on identifying `red flags’ during due diligence profiles has come to haunt Kroll, the well known risk consultancy firm based in New York. Kroll, also known for its Kroll Consulting, Kroll Associates, Kroll Ontrack, Kroll Factual Data businesses is the author of the recent Kroll Global Fraud Report. It has been reported in the media that Kroll screened and gave the green light to two alleged fraudsters.
The matter involves alleged Ponzi scheme operated by two fraudsters with links to South Africa which resulted in a loss of around US$250 Million to investors. In 2007, Kroll was requested to profile Barry Tannenbaum, a South African, and Dean Rees on behalf of a New York-based asset management firm that was considering investing a substantial investment with their venture.
The revelation is a further blow for Kroll as the New York based firm is still reeling from the revelation that one of its top investigators gave a similar upbeat endorsement to Sir Allen Stanford, the Texas billionaire accused of orchestrating a $7 Billion Ponzi scheme which is under investigation by US Federal Authorities.
The due diligence profile was said to focus on identifying any `red flags’ which would indicate a serious flaw in their background, but found nothing unusual with either Tannenbaum or Rees and is instead reported to have portrayed both businessmen in a “very positive light”.
This month, we focus on some of those aspects of the Information Age not often thought of. It considers some issues not spoken about but we hope nevertheless that you will enjoy it:
The wonders of the electronic era never cease to amaze, with wall-to-wall connectivity, profound knowledge at our fingertips and social networking sites that keep us tuned into gossip on the other side of the globe. But as one US commentator, Nicholas Carr, has observed, “the information-dense, hyperlink-rich, spastically churning internet is in effect rewiring our brains, making it harder for us to engage in deep, relaxed contemplation.” If you think this is the sort of statement that only worries psychologists and anthropologists, think again. Its implications go to the heart of the business you’re running and explain why you’re probably in urgent need of the services of professionals specialising in computer forensics, transactional analysis, forensic investigation and pictorial, diagrammatic and timeline rebuilding.
If that sounds arcane, wait until you see such skills at work on your behalf, outlining the attitude that some of your staff have to your business, to its most closely-guarded secrets and to the obligation you assume they owe you in return for the salary you’re paying them. An audit of these and other related factors, and of the vulnerabilities they produce, can be a sobering experience.
6 KEY AREAS TO WATCH OUT FOR:
The head of the Australian Federal Police made a bombshell announcement at the end of August, days before stepping down from a position he had held for eight years: no criminal charges would be laid against executives responsible for the country’s biggest trade scam ever.
The Australian Wheat Board (AWB), which until recently had a longstanding government-backed monopoly on the wheat trade, had been paying kickbacks to Iraq under the United Nations Oil-for-Food program. The purpose: to secure about 90 per cent of that lucrative market. Of the thousands of companies around the world that were involved in rorting the program, which ran between 1996-2003, AWB topped the list. It paid $A300 million ($US222 million at the time) in bribes, disguised as “trucking fees”. Now no one’s to blame – at least, not in Australia – but the stigma remains. Professional investigation, combining state-of-the-art skills like computer forensics and transactional analysis, could have picked this activity up quickly and nipped it in the bud, even if the culprits had cleverly covered their tracks.
Today, AWB Limited is an independent trader, without its earlier monopoly and without the 11 executives who tarnished its reputation. It wants to move on, but is dogged by the scandal. This latest development – arising out of legal advice from a senior Australian attorney who declared that, “the prospect of convictions was limited and ‘not in the national interest’” – only serves to exacerbate the situation. The Australian Government too, is left in the lurch, for it was the government of each supplying country that had promised the UN that it would scrutinise the bona fides and activities of each of the companies involved.
While the Australian Securities and Investments Commission, the nation’s corporate watchdog, still has its own investigation under way, legal experts doubt that it will now achieve much.