Smarter Tech Necessitates Smarter Fraud Examiners

Smarter Tech Necessitates Smarter Fraud Examiners

Modern technology advances quickly. What’s innovative and fresh one day can be quickly outdated and short-lived in just a few months.

As smart devices get smarter, business and industry depend more heavily on them and the data they store, which makes fraud examinations more challenging and complex.

Read More

Global Security Advisor Proposes ‘Moon-shot’ Fight Against Cybercrime


Dick Carozza, CFE
Editor, Fraud Magazine

Marc Goodman, a global security advisor, believes the anti-cyber crime community should mount a campaign against online criminals similar to President John F. Kennedy’s challenge to land a man on the moon.

“He made a bold declaration. … We don’t have anything like that for cyber security; yet we’re handing over every aspect of our lives over to these machines with no concept of protection. … We’re all going to have to do that,” he said. “And you folks from the ACFE have the right skill sets, the right knowledge, the right network to make that happen. I invite you to join me in that fight.”

Over the last 20 years, Goodman built his expertise in cyber crime, cyber terrorism and information warfare. He’s worked with Interpol, the United Nations, NATO, the Los Angeles Police Department and the U.S. federal government.

He founded the Future Crimes Institute to inspire and educate on the security and risk implications of newly emerging technologies. He also serves as the global security advisor and chair for policy and law at Silicon Valley’s Singularity University — a NASA- and Google-sponsored educational venture dedicated to using advanced science and technology to address humanity’s grand challenges.

“Technology can be awesome,” Goodman said. “It’s had a tremendous impact on the world. … But there’s a significant downside to technology and the ways bad guys use it. …

“All the technology change is leading to a paradigm shift in crime and in fraud. Crime used to be an easy affair; it was a good start-up business. You could go out and get a knife or a gun, hide in a dark alley and say ‘stick ‘em up.’ … But eventually criminals could only rob so many people in a day. New technology helps criminals rob more people,” Goodman said.

In the Target breach last December more than “one-third of America had its information compromised. … Now one person can rob 100 million people.” Also, Target had to spend $214 for each one of the accounts hacked. He said a recent Center for Strategic and International Affairs study said that the annual global cost for cyber crime is $400 billion — about 1 percent of the U.S. GDP. 

He then shared some cyber crime developments. Here are just a few:

  • Innovative Marketing Solutions, a company in Kiev, set loose a popup box that told computer users that they had a virus, and for $49 they could download malware protector software that would solve their problems. However, users actually never had infected computers until they paid their money and downloaded the software. Before the FBI and Interpol shut them down, the business ripped off $500 million.
  • When we’re browsing on the Internet, we only see the “surface web” — underneath is the “Web Profunda” or “Deep Web,” which is 500 times larger than the web we know. “About 50 percent is involved with crime and fraud,” Goodman said. The Deep Web site, “Silk Road,” sold drugs, guns, fake IDs and hits for hire, among other nefarious goods and services. Before the site was taken down, 20 percent of all American drug users had purchased their drugs on the site, he said.
  • Most flashlight apps on phones steal contact information.
  • Those who think they’re calling their banks often are shunted via malware to criminal call centers that request, and often receive, personally identifiable information.
  •  Fraudsters are hacking pacemakers, insulin pumps and vehicle computer systems.

Goodman said that personally we should:

  • Use different passwords for every system.
  • Always use a VPN when connected to public networks.
  • Always encrypt our data.

Corporations should:

  • Implement open-source intelligence programs. Go into the Dark Web.
  • Place adults in charge of risk, fraud and security.
  • If something is really important, don’t put it in a computer.
  • “Red team” and test your assumptions; find problems before hackers do.
  • Hackers are already in the system; hunt them out.

“Technology runs the world,” Goodman said. “ … When it fails, what’s our backup plan? We don’t have one.” He said we owe it to our children’s children to not leave them a scary cyber world.

Find more conference coverage at

TMI: The Blurry Line Between Professional and Personal Data


Robert Tie, CFE, CFP
Contributing Editor, Fraud Magazine

Some of us complain about the blurring boundaries between our work and personal lives, but fraudsters love it. Why? Because the way many of us use personal email accounts and social media sites influences our approaches to working on corporate systems. However, the relatively indiscriminate sharing of personal data that so many consumer websites encourage is antithetical to the safe use of corporate information resources.

"Users are the predominant vector for cyber attacks on corporate systems," said Jim Butterworth, CFE, an ACFE faculty member and chief security officer at HBGary, a cyber-security consultancy in Sacramento, Calif. "Fraudsters know that the user is the weak link in system security."

Recent research shows how serious and widespread this problem is. In September, Symantec Corp., a maker of anti-virus software, released its 2012 Norton Cybercrime Report, which found that in the prior 12 months an estimated 556 million people around the world fell prey to cybercrime.

Responses to Norton's survey of more than 13,000 adults in 24 countries revealed that even though users were aware of the security risks they face online, many still didn't take steps to mitigate those dangers. While 75 percent of users said they believed cyber criminals focus on social networks, only 44 percent took advantage of applications that can protect them at such sites and only 49 percent use those sites' privacy settings to limit how much and with whom they share information.

When such computing habits persist at work, they can threaten the safety of corporate systems and hurt the bottom line. Another study, released in October, paints a clear, worrisome picture of how badly organizations need — but often don't have — effective cyber security programs.

The 2012 Cost of Cybercrime Study conducted by the Ponemon Institute, a privacy and security think tank, under the sponsorship of tech giant HP, found that the average annualized cost of cybercrime incurred by a sample of U.S. organizations was $8.9 million — 6 percent more than in 2011 and 38 percent more than in 2010. The 2012 report also found that the average corporation experienced 102 successful cyber attacks a week, up from 72 attacks a week in 2011 and 50 attacks a week in 2010.

It's clear that organizations — and the CFEs who serve them as employees or consultants — need to come up with effective countermeasures quickly. Sometimes, though, that's easier said than done.


Case in point: In October, a client of Butterworth's firm requested a routine assessment of its system security. During its analysis, HBGary discovered that five of the client's PCs were infected with a remote administration tool (RAT), a form of malware that surreptitiously executed commands the hackers sent it while the PC was connected to the Internet. HBGary also found that the hackers' software had been in place for more than two years, secretly monitoring the client's system and transmitting confidential information to a group that Butterworth's firm determined is located in China's Shandong province — the same region to which Google traced hackers who broke into its system in 2011.

Read more about Butterworth's case in the full article on

Know Thy Enemy: Cyber Thieves



Cora Bullock

Assistant Editor, Fraud Magazine

In his lively presentation on Monday, Cary Moore, CISSP, EnCE, discussed cyber threats, both from without and within an organization. The insider is the cyber thief who works from within the company and is often a trusted employee.

The insiders fall into the following categories:

  • Traitors - These are people who consciously decide to betray their organization. There is not much information on them in the private sector as usually they are fired, not studied. Red flags include unusual change in work habits and seeking out sensitive projects.
  • Zealots - These firmly believe that the ends justify the means, and their cause is absolutely correct. Being so highly motivated makes them especially dangerous.
  • Spies - In the private sector spies can be working for your biggest competitor. They find out such business intelligence as product development and launches, potentially costing you millions of dollars.
  • Browsers - These employees casually peruse information, not actively seeking out anything specific but will use information for personal gain. They are extremely hard to identify.
  • Well-Intentioned - Everyone wants to help, but when an employee receives a pleading email from someone purporting to be a friend or relative, they will scramble to help that person. However, they unleash costly viruses when clicking on links or opening attachments via spear phishing, whaling and smishing.

Moore advised on how to frame and conduct an investigation into these insiders. His tips included looking for bogus accounts, activity at odd or unusual times and employees turning their computer screens so people passing by can't see them.

He said ideally, don't let anyone outside of your company connect to your network, but if you must, have them sign the same network access agreement as your employees, including monitoring by IT. When you have visitors in your building, don't assume they are without suspicion. Make sure they have an escort at all times. They can walk out with your intellectual property safely stored on flash drives hidden in watches, pens, even cufflinks - "for the James Bond in all of us," said Moore.

Read the full article and find more Conference coverage.

Cyber Attacks and Insider Threats in a New World


Interview with James J. Butterworth, CFE, CGIA, GSNA, GREM, EnCE
CSO - HBGary, Inc.
Former Electronic Warfare/Cryptologist with the U.S. Navy
Featured speaker at this month’s ACFE webinar, “Threats in the Age of Wikileaks” on Oct. 27 at 2 p.m. EDT

Why is addressing this topic so vital right now?

2011 has been a benchmark year in the exploitive and intrusive nature of cyber attacks. No longer content to Distributed Denial of Service (DDoS) attack, or to simply deface a website, attackers have opened a new chapter in the history book by pursuing sensitive information for the sake of transparency. This runs counter to a corporation’s legal right to protect their information, business processes and intellectual property. 

How do you see information storage on “the cloud” influencing the vulnerability of digital information?

A corporation cannot protect what they do not possess within their sphere of control.  It must be understood and subsequently debated, “What is a cloud provider's legal obligation when considering claims of negligent enablement?" Is there a precedent to compel service providers to demonstrate tighter control over third-party digital assets in the cloud?

What will attendees take away with them after attending? What will they be able to implement immediately?

They will talk away with the knowledge of recent tendencies of cyber terrorist groups to plan and carry out operations for other than honorable agendas, as well as knowledge of how these operations are communicated, planned, shared, by whom and for what purpose. Being aware of these methods will enable CFEs to focus on internal audits for signs of insider threats. Many of the members of recent groups have come from the inside, clearly demonstrating a brazen shift in the measures they will go to support an agenda.

Find out more about Butterworth’s upcoming webinar Oct. 27 at 2 p.m. EDT here.