cybercrime in government
TRANSCRIPT
5TH ANNUAL WHITE COLLAR CRIME SUMMIT
26 NOVEMBER 2008
JOHANNESBURG
ADV JACQUELINE FICK
CYBER CRIME
WITHIN GOVERNMENT
INTRODUCTION
Cyber crime in the private sectorStringent security measures
Route of least resistanceGovernment has a big bank account too!
DSO investigations
Types of cyber crime in GovernmentIdentity theft
Interception of data
Spy/malware
Fraud/theft by means of computers
Hacking
DANGER OF ORGANISED CRIME
“The scale of the challenge should not beunderestimated. Over the long term the growth ofcriminal networks in the region may have the capacity toundermine both democratic governance andeconomic prosperity. The threat is diffuse and itsboundaries difficult to identify, but the impact of suchactivities will be detrimental to all Southern Africa’scitizens. Now is a critical time to act”.
Regional Integration In Southern Africa: Comparative International Perspectives
“Organised Crime and State Responses in Southern Africa” p 115 at p 120
Mark Shaw
Identity theft has been described as thefastest growing financial crime in the U.S.and the “crime of the new millennium”.
(See HK Towle, “Identity Theft: Myths, Methods and new Law”, Rutgers Computer and Technology Law Journal, Rutgers University School of Law- Newark, p 237 at p 238.)
IDENTITY THEFT
A VEHICLE FOR CRIME
Corporate identities are often stolen or forged, to create for the
criminal, a vehicle for crime that appears to provide an air of
authority or legitimacy. In the same way as in non-networked
fraud, where a letter on headed notepaper can be more
effective in fooling a victim, the corporate online forgery
provides a similar vehicle. These false, stolen or facsimile
corporate identities can also be used to play a role in further
identity theft, by a means commonly known as phishing…..
These corporate names may have established branding and
other positive attributes that may be useful in the conduct of
some other further crime, such as the sale of forged products
or some elaborate fraud or scam”.
(SEE: A Marshall and Tompsett, “Identity theft in an online world” Computer Law & Security Report (2005) 21, p128 at 131.
NEW APPROACH TO COMBATING
SYNDICATES NECESSARY
Fighting the scourge of organised crime cannot bebased solely on the traditional enforcement approach.Only the use of a targeted and coordinated twin-trackstrategy based on repressive and preventivemeasures will reach the goal considering the potentialof prevention techniques to impact on the proliferationof organised crime, especially on its infiltration in legalsociety and economy.
António Vitorino Commissioner for Justice and Home Affairs Strategies of the EU
Project authorised September 2001
Threat analysis
Mandate: Target, destroy, disrupt activities of international crime syndicates, who hijackthe identities of commercial banks,corporations and individuals in furtherance of their criminal objectives.
Profile crime areas & Targets
• 4 Linked syndicates.• Banking Industry.• Corruption in banks.• Money Laundering..• Racketeering.• Crimes perpetrated from Europe & N America.
1. Arrest of various suspects.
2. Money laundering convictions.3. Development of innovative methods
of prosecution e.g Hurkes case.
4. Coordinated law enforcement and private sector in a united front.
5. Turnaround time reduced by 75%.
6. Various spoofed websites closed on behalf of banking industry.
13. DSO first to identify the problemof identIty hijacking and to declarespecial project.
14. Phishing – Sophisticated onslaught on banking industry.
Statistics and accomplishments
COOL FROG CYBER PROJECT
BACKGROUND TO PROJECT PC
Authorised in terms of section 28(1)
Identifying, determining any linkages andultimately disrupting and prosecuting identifiedsyndicates and other role-players includingentities and members of the public committingcrimes within the Government Cyber/ComputerSystems. The focus is on, but not limited to thefollowing crimes: Fraud. Theft. Forgery and Uttering. Contraventions of the Corruption Act, Act 12
of 2004. Contraventions of the POCA Act, Act 121 of
1998. Contraventions of the Electronic Commu-
nications and Transactions Act, Act 25 of2002.
The man of virtue makes the difficulty to
overcome his first business, and success only
a subsequent consideration.
Confucius (551BC – 479 BC)
INVESTIGATIVE PROCESS
ROLE PLAYERS
SAPSAligning our strategies
Joint prosecutionShared information/database
SIUResources
Shared investigations
SITAResourcesSearches
Government Departments
FORENSICAUDITORS
AFU AND SCCU
BANKS
WORKING RELATIONSHIP WITH
ROLE PLAYERS
Joint prosecution of syndicate in KZN, that
operates across borders and across
Government Departments
Need for stronger cooperation in other
provinces
Linked databases
Sharing of information
INVESTIGATIVE METHODOLOGY
Re-active Methods
Surprise searches, sting operations.
Pro-active Methods
Extensive use of money laundering provisions.
Close cooperation with government
departments.
Extensive use of POCA offences.
Continuous information exchange with
stakeholders.
Disruptive operations via sec 252A.
127 operations, surveillance, monitoring.
Arrests, searches, bail & asset forfeiture
applications.
SEARCHES
Government Departments searched
Ulundi
Department of Education (PMB and DBN)
Department of Works (PMB and DBN)
Premier’s Office (PMB)
Department of Social Development (PMB and DBN)
Searches in other provinces
Computers searched
Infected computers
OPERATIONAL CHECKLIST
Development of checklist
Rationale behind development
Application of checklist
MD5/checksum
Partial v Full mirroring (privilege)
The Law and the Investigators
DSO ARRESTS
Several arrests made on the various
investigative legs.
Value of section 204 witnesses.
Going after the big fish.
Always keeping the game plan in mind:
Racketeering prosecutions
Think big – look at the things that you do not
see.
DSO ARRESTS (cont.)
Ulundi CAS 282/05/2006
Three suspects arrested on 25 May 2006 oncharges of Fraud and Contraventions of theElectronic Communications and TransactionsAct 25 of 2002.
Arrests were the direct result of informationreceived from an informer.
The IT Specialist arrested pleaded guilty toContraventions of sections 86(1), 86(3) and86(4) and indicated that he is willing to giveevidence against syndicate.
First conviction in RSA on spy software
“Beginning of bigger things.”
GETTING TO GRIPS
Putting the puzzle together
Data analysis (CAD, Forensic Auditors)
Covert information
One central repository for information
Trust, trust, trust …
RACKETEERING PROSECUTION
Identify transactions that show the money-trial
from top of syndicate through to where money
was laundered through accounts.
Show relevance and importance of computer
evidence.
Show cross-pollination between Government
Departments.
CHAPTER XIII: ECT ACT
DEFINITION
'access' includes the actions of a person who,after taking note of any data, becomes aware ofthe fact that he or she is not authorised toaccess that data and still continues to accessthat data.
CHAPTER XIII: ECT ACT
86 Unauthorised access to, interception of orinterference with data
(1) Subject to the Interception and MonitoringProhibition Act, 1992, (Act 129 of 1992) a personwho intentionally accesses or intercepts any datawithout authority or permission to do so, is guilty ofan offence.
(2) A person who intentionally and without authority todo so, interferes with data in a way which causessuch data to be modified, destroyed or otherwiserendered ineffective, is guilty of an offence.
CHAPTER XIII: ECT ACT
(3)A person who unlawfully produces, sells, offers tosell, procures for use, designs, adapts for use,distributes or possesses any device, including acomputer program or a component, which isdesigned primarily to overcome security measuresfor the protection of data, or performs any of thoseacts with regard to a password, access code orany other similar kind of data with the intent tounlawfully utilise such item to contravene thissection, is guilty of an offence.
CHAPTER XIII:ECT ACT
(4)A person who utilises any device or computerprogram mentioned in subsection (3) in order tounlawfully overcome security measuresdesigned to protect such data or accessthereto, is guilty of an offence.
(5) A person who commits any act described inthis section with the intent to interfere withaccess to an information system so as toconstitute a denial, including a partial denial, ofservice to legitimate users is guilty of anoffence.
CHAPTER XIII: ECT ACT
87 Computer-related extortion, fraud and forgery
(1)A person who performs or threatens to perform anyof the acts described in section 86, for the purposeof obtaining any unlawful proprietary advantage byundertaking to cease or desist from such action, orby undertaking to restore any damage caused as aresult of those actions, is guilty of an offence.
(2) A person who performs any of the acts described insection 86 for the purpose of obtaining any unlawfuladvantage by causing fake data to be produced withthe intent that it be considered or acted upon as if itwere authentic, is guilty of an offence.
NATIONAL IMPORTANCE
Joint co-operation with stakeholders.
Evidence gathering and establishment of
database.
Crime prevention.
Training and transfer of skills.
Image of law enforcement agencies in South
Africa.