September 2000

Litigation Services Committee Conducts Cyberfraud Conference

On July 13, the Cyberfraud Conference illustrated why CPAs from every practice niche must keep abreast of developments in the area of high-technology fraud. The conference, organized under the auspices of Litigation Services Committee Chair Basil Imburgia and Fraud Subcommittee Chair Gary Arrick, presented in a clear and informative manner cyberfraud issues of varying complexity relevant to the accounting profession.

Investigation

When responding to high-tech crimes, law enforcement officials must overcome significant disadvantages: the lack of a central record source, the disappearance of audit trails, and the increasing importance of privacy protection issues. Detective Sgt. James Doyle of the NYPD Computer Investigation and Technology Unit, the conference’s opening speaker, explained how to use the audit trails appearing in e-mail headers to detect a sender using a false address. Another useful audit trail is the Internet protocol address, which uniquely identifies every “host” computer through which a message has traveled.

Doyle explained that the NYPD Computer Investigation and Technology Unit, formed in 1995 in response to an increase in high-technology crime, investigates crimes committed through computer technology such as espionage, theft of intellectual property, fraud, and child pornography. He said that because many factors make the Internet attractive to criminals—lack of regulation, global exposure to victims, concealment of identity, the trusting nature of most Internet users, and a general attitude of laissez-faire—industry and law enforcement must maximize resources and expertise by collaborating to combat cybercrime.

E-mail Confidentiality and Internet Fraud

Several speakers discussed e-mail issues, prompting audience participation. Edward Stroz, a private consultant and former supervisor of the FBI Computer Crimes Squad, advised employers to confer with legal counsel before accessing employee e-mail and to use e-mail filters, where possible, to prevent the transmission of company secrets and other confidential data. Such filtering software also screens against potentially harmful or otherwise undesirable files, communications, and hacking attempts.

Stroz also spoke at length on the topic of Internet fraud, including the so-called Trojan horse programs that steal user passwords, copy trade secrets, monitor confidential communications, disrupt service, or pervert data once embedded in company software.The programs are also used to commit cyberextortion: The criminal informs its victim of the existence of the program and demands money in exchange for not exposing secrets or disrupting service. False Internet postings of company “news” alerts, commonly used in securities “pump and dump” schemes, are another fraud technique (For more information, contact the Internet Fraud Complaint Center at www.ifccfbi.gov or the National Infrastructure Protection Center at www.nipc.gov).

E-commerce Crimes

Several speakers addressed e-commerce issues, including the prevention of credit card theft, redirection of deliveries, and manipulation of billing information. Michael Geraghty, an intrusion detection specialist at Lucent Technologies Inc., discussed security measures that can effectively prevent and detect such unauthorized intrusions. He recommended utilization of a network intrusion detection system (NIDS) to augment the routers, firewalls, authentication, and network “host” security systems generally in place. An NIDS is comprised of 1) a host-based IDS, which involves audits done at the host level in conjunction with system logs to monitor changes or misuse of resources, and 2) a network-based IDS, which monitors traffic on local area network (LAN) segments, analyzes protocols, and compares packets of data to known “signatures,” strings, ports, and headers. The host-based IDS guards against abuse by insiders, and the network-based IDS protects against outside intruders. An NIDS is only effective if employed as part of a strong security policy that includes access control, encryption, firewalls, good system administration, anti-virus products, and employee screening.

Scott Charney, a partner with PricewaterhouseCoopers and former chief of the Computer Crime and Intellectual Property Section of the Department of Justice Criminal Division, presented statistics from a Department of Defense controlled study that found that of 38,000 computers attacked—

• 24,700 were penetrated
• 988 were detected, and
• only 267 were reported.

Charney emphasized the importance of preparing for such attacks and managing risk by considering physical, personnel, and technical security. He recommended mapping the network thoroughly, testing existing security through controlled attack and penetration exercises, and installing defenses as discussed above including firewalls, encryption, and IDSs.

Scott Moritz, an expert on computer-related crimes including identity theft, money laundering, and cyberterrorism with PricewaterhouseCoopers and a former FBI agent, presented issues related to e-cash. Traditional safeguards against fraud, theft, and money laundering are rendered ineffective by wire transfers and offshore and Internet banking entities, Moritz said. At this time, there is very little required record-keeping, no threshold for monies held or transferred, no need for the physical movement of currency, and relative anonymity in the international Internet banking realm. Financial institutions and other businesses can guard against becoming unwitting partners in fraudulent transactions by establishing and monitoring customer profiles for significant activity deviations that could indicate money laundering or fraudulent transactions.

Prosecution

U.S. District Judge John S. Martin, Jr., of the Southern District of New York spoke on cyberfraud trials and stated that existing statutes relating to wire fraud provided sufficient grounds for prosecution in many cases. In addition, Martin said, questions of evidence usually centered on admissibility rather than authenticity. Using acceptable and reasonable methods of data collection and duplication, while sustaining the chain of custody, usually provides evidence deemed reliable.

U.S. District Attorney Joseph DeMarco, the computer and telecommunications crimes coordinator for the Southern District of New York, further expounded on the elements of cyberfraud prosecutable under federal statutes regarding wire fraud, securities fraud, computer intrusion, trade secrets (the Economic Espionage Act), and copyright and trademark. DeMarco also discussed issues concerning computer searches and disclosure of records by Internet service providers. He indicated that there is much case law yet to be decided in this new area and expressed a willingness to work with the business community and local law enforcement in developing effective strategies to combat cybercrimes.