5TH ANNUAL WHITE COLLAR CRIME SUMMIT

26 NOVEMBER 2008

JOHANNESBURG

ADV JACQUELINE FICK

CYBER CRIME

WITHIN GOVERNMENT

INTRODUCTION

Cyber crime in the private sectorStringent security measures

Route of least resistanceGovernment has a big bank account too!

DSO investigations

Types of cyber crime in GovernmentIdentity theft

Interception of data

Spy/malware

Fraud/theft by means of computers

Hacking

DANGER OF ORGANISED CRIME

“The scale of the challenge should not beunderestimated. Over the long term the growth ofcriminal networks in the region may have the capacity toundermine both democratic governance andeconomic prosperity. The threat is diffuse and itsboundaries difficult to identify, but the impact of suchactivities will be detrimental to all Southern Africa’scitizens. Now is a critical time to act”.

Regional Integration In Southern Africa: Comparative International Perspectives

“Organised Crime and State Responses in Southern Africa” p 115 at p 120

Mark Shaw

Identity theft has been described as thefastest growing financial crime in the U.S.and the “crime of the new millennium”.

(See HK Towle, “Identity Theft: Myths, Methods and new Law”, Rutgers Computer and Technology Law Journal, Rutgers University School of Law- Newark, p 237 at p 238.)

IDENTITY THEFT

A VEHICLE FOR CRIME

Corporate identities are often stolen or forged, to create for the

criminal, a vehicle for crime that appears to provide an air of

authority or legitimacy. In the same way as in non-networked

fraud, where a letter on headed notepaper can be more

effective in fooling a victim, the corporate online forgery

provides a similar vehicle. These false, stolen or facsimile

corporate identities can also be used to play a role in further

identity theft, by a means commonly known as phishing…..

These corporate names may have established branding and

other positive attributes that may be useful in the conduct of

some other further crime, such as the sale of forged products

or some elaborate fraud or scam”.

(SEE: A Marshall and Tompsett, “Identity theft in an online world” Computer Law & Security Report (2005) 21, p128 at 131.

NEW APPROACH TO COMBATING

SYNDICATES NECESSARY

Fighting the scourge of organised crime cannot bebased solely on the traditional enforcement approach.Only the use of a targeted and coordinated twin-trackstrategy based on repressive and preventivemeasures will reach the goal considering the potentialof prevention techniques to impact on the proliferationof organised crime, especially on its infiltration in legalsociety and economy.

António Vitorino Commissioner for Justice and Home Affairs Strategies of the EU

Project authorised September 2001

Threat analysis

Mandate: Target, destroy, disrupt activities of international crime syndicates, who hijackthe identities of commercial banks,corporations and individuals in furtherance of their criminal objectives.

Profile crime areas & Targets

• 4 Linked syndicates.• Banking Industry.• Corruption in banks.• Money Laundering..• Racketeering.• Crimes perpetrated from Europe & N America.

1. Arrest of various suspects.

2. Money laundering convictions.3. Development of innovative methods

of prosecution e.g Hurkes case.

4. Coordinated law enforcement and private sector in a united front.

5. Turnaround time reduced by 75%.

6. Various spoofed websites closed on behalf of banking industry.

13. DSO first to identify the problemof identIty hijacking and to declarespecial project.

14. Phishing – Sophisticated onslaught on banking industry.

Statistics and accomplishments

COOL FROG CYBER PROJECT

BACKGROUND TO PROJECT PC

Authorised in terms of section 28(1)

Identifying, determining any linkages andultimately disrupting and prosecuting identifiedsyndicates and other role-players includingentities and members of the public committingcrimes within the Government Cyber/ComputerSystems. The focus is on, but not limited to thefollowing crimes: Fraud. Theft. Forgery and Uttering. Contraventions of the Corruption Act, Act 12

of 2004. Contraventions of the POCA Act, Act 121 of

1998. Contraventions of the Electronic Commu-

nications and Transactions Act, Act 25 of2002.

The man of virtue makes the difficulty to

overcome his first business, and success only

a subsequent consideration.

Confucius (551BC – 479 BC)

INVESTIGATIVE PROCESS

ROLE PLAYERS

SAPSAligning our strategies

Joint prosecutionShared information/database

SIUResources

Shared investigations

SITAResourcesSearches

Government Departments

FORENSICAUDITORS

AFU AND SCCU

BANKS

WORKING RELATIONSHIP WITH

ROLE PLAYERS

Joint prosecution of syndicate in KZN, that

operates across borders and across

Government Departments

Need for stronger cooperation in other

provinces

Linked databases

Sharing of information

INVESTIGATIVE METHODOLOGY

Re-active Methods

Surprise searches, sting operations.

Pro-active Methods

Extensive use of money laundering provisions.

Close cooperation with government

departments.

Extensive use of POCA offences.

Continuous information exchange with

stakeholders.

Disruptive operations via sec 252A.

127 operations, surveillance, monitoring.

Arrests, searches, bail & asset forfeiture

applications.

SEARCHES

Government Departments searched

Ulundi

Department of Education (PMB and DBN)

Department of Works (PMB and DBN)

Premier’s Office (PMB)

Department of Social Development (PMB and DBN)

Searches in other provinces

Computers searched

Infected computers

OPERATIONAL CHECKLIST

Development of checklist

Rationale behind development

Application of checklist

MD5/checksum

Partial v Full mirroring (privilege)

The Law and the Investigators

WEAPON OF CHOICE

Use of hardware key loggers

Use of spy software

Win-spy Software 9.1 Pro

DSO ARRESTS

Several arrests made on the various

investigative legs.

Value of section 204 witnesses.

Going after the big fish.

Always keeping the game plan in mind:

Racketeering prosecutions

Think big – look at the things that you do not

see.

DSO ARRESTS (cont.)

Ulundi CAS 282/05/2006

Three suspects arrested on 25 May 2006 oncharges of Fraud and Contraventions of theElectronic Communications and TransactionsAct 25 of 2002.

Arrests were the direct result of informationreceived from an informer.

The IT Specialist arrested pleaded guilty toContraventions of sections 86(1), 86(3) and86(4) and indicated that he is willing to giveevidence against syndicate.

First conviction in RSA on spy software

“Beginning of bigger things.”

PROSECUTION STRATEGY

“When the going gets tough, the tough

get going…”

GETTING TO GRIPS

Putting the puzzle together

Data analysis (CAD, Forensic Auditors)

Covert information

One central repository for information

Trust, trust, trust …

RACKETEERING PROSECUTION

Identify transactions that show the money-trial

from top of syndicate through to where money

was laundered through accounts.

Show relevance and importance of computer

evidence.

Show cross-pollination between Government

Departments.

CHAPTER XIII: ECT ACT

DEFINITION

'access' includes the actions of a person who,after taking note of any data, becomes aware ofthe fact that he or she is not authorised toaccess that data and still continues to accessthat data.

CHAPTER XIII: ECT ACT

86 Unauthorised access to, interception of orinterference with data

(1) Subject to the Interception and MonitoringProhibition Act, 1992, (Act 129 of 1992) a personwho intentionally accesses or intercepts any datawithout authority or permission to do so, is guilty ofan offence.

(2) A person who intentionally and without authority todo so, interferes with data in a way which causessuch data to be modified, destroyed or otherwiserendered ineffective, is guilty of an offence.

CHAPTER XIII: ECT ACT

(3)A person who unlawfully produces, sells, offers tosell, procures for use, designs, adapts for use,distributes or possesses any device, including acomputer program or a component, which isdesigned primarily to overcome security measuresfor the protection of data, or performs any of thoseacts with regard to a password, access code orany other similar kind of data with the intent tounlawfully utilise such item to contravene thissection, is guilty of an offence.

CHAPTER XIII:ECT ACT

(4)A person who utilises any device or computerprogram mentioned in subsection (3) in order tounlawfully overcome security measuresdesigned to protect such data or accessthereto, is guilty of an offence.

(5) A person who commits any act described inthis section with the intent to interfere withaccess to an information system so as toconstitute a denial, including a partial denial, ofservice to legitimate users is guilty of anoffence.

CHAPTER XIII: ECT ACT

87 Computer-related extortion, fraud and forgery

(1)A person who performs or threatens to perform anyof the acts described in section 86, for the purposeof obtaining any unlawful proprietary advantage byundertaking to cease or desist from such action, orby undertaking to restore any damage caused as aresult of those actions, is guilty of an offence.

(2) A person who performs any of the acts described insection 86 for the purpose of obtaining any unlawfuladvantage by causing fake data to be produced withthe intent that it be considered or acted upon as if itwere authentic, is guilty of an offence.

NATIONAL IMPORTANCE

Joint co-operation with stakeholders.

Evidence gathering and establishment of

database.

Crime prevention.

Training and transfer of skills.

Image of law enforcement agencies in South

Africa.

RECOMMENDATIONS

The human factor

Vetting

Security measures on systems

Biometrics

Success is not the result of spontaneous combustion. You must set yourself on fire.

Reggie Leach

THANK YOU