Cybercrime on Computerized Systems

Cybercrime on Computerized Systems

This situation involves a large bank that has recently installed a new software system for handling all transactions and account storage. An employee at the company developing the software programmed a "back door" into the system, and got another employee to unknowingly install it. Some weeks later, millions were stolen from a number of accounts at the bank. This situation was chosen to highlight the amount of trust that large corporations place in programmers of critical systems. Programmers are quite capable of abusing extremely large and important systems without leaving a trace, and it is surprising that this sort of situation does not happen more often in today's world. The paper provides an analysis of this type of cybercrime, possible ways in which such a crime could have been prevented, and the consequences of such crime in general. This paper shows that a complete reliance on a single computerized system makes it easier for such a cybercrime to occur.

The focus of the Safebank investigation shifted back to the headquarters of Microsoft Corporation, reported the FBI .The investigation had originally been conducted with the cooperation of international law agencies, in an attempt to track the location of the funds moving through accounts in Europe and the Caribbean. More recently the FBI reported, in a statement given Monday by case director Walter Navarre, that "Evidence has been collected linking the crimes to an employee of the Microsoft Corporation."

The Safebank incident began last Wednesday, October 17, 2001, when the management at a Safebank branch in Boston was contacted by a customer of the bank reporting that his account suddenly contained no more money. There was no record of any transaction carried out on the account, but when backup records were checked, it was determined that the account had indeed contained the specified amount. Safebank spokeswoman Alicia Delrey said, in an interview Monday that "Safebank had no indication that a transaction of any kind had taken place. The records showed a balance of approximately a half-million on one day, and the next day these funds were no longer present in the account." A comparison check conducted by the bank showed that similar actions had occurred on nearly two hundred other accounts. All accounts affected in this way contained in the range of half a million to a million dollars. Problems were assumed to have been the cause of a bug in the new transaction software installed by Safebank two weeks earlier. The developer of the software, Microsoft Corporation, was contacted in relation to the problem. At this point, one of the Geneva branches of the Swiss banking giant UBS contacted Safebank with reports of fifty-two major transfers to unidentified accounts. These transfers consisted of amounts that matched exactly the amounts missing from certain Safebank accounts. An international alert was dispatched to banks worldwide. Within hours, a listing of accounts in foreign banks had been assembled that exactly matched the amounts missing from Safebank.

The FBI was called in to investigate the incident, while all accounts indicated were frozen. Initial investigations indicated that the accounts had been opened under a variety of assumed names, by a single individual. According to special investigator Shawn Murray, "although the accounts were not opened in person, we were able to determine, through reports given by bank employees and through bank terminal video recordings, that they were indeed opened by the same individual in all cases." Investigations pointed to Wolfgang Schlitz, a former director of the Safebank transaction software project, as one suspect. According to FBI investigators, a current Microsloth employee, who is also a suspect, provided information pointing to Mr. Schlitz. Although Mr. Schlitz was unavailable for comment, the employee was identified as Bertrand Dupont, a senior programmer on the Safebank software project. Apparently, Mr. Dupont was, while programming, given a precompiled code object by Mr. Schlitz. The object was intended to be integrated into a specific part of the system handling transactions. Mr. Dupont, in an interview yesterday, said "He told me it was a set of more optimized transaction classes that the optimizations team had produced. He was the boss, and the explanation sounded perfectly reasonable, so I didn't suspect anything. The code worked fine, and I forgot all about it until now."

The FBI investigation is currently centering on Mr. Dupont and Mr. Schlitz as possible suspects although, according to case director Walter Navarre, "We have not ruled out the possibility of other, as yet unidentified, collaborators." "The scope of this crime is unprecedented; millions of dollars were taken without a trace. If it were not for the size of the transactions involved, we may never have noticed anything," commented industry analyst Lancolm Hayes. "We should take this as a strong argument for better security controls on safety-critical sectors of the development industry," he added.

The current level of reliance on computerized systems has always elicited concern from those who see this dependence as a security risk. As the recent Safebank incident demonstrates, there is indeed cause for alarm. The fact that the bank used a completely computerized system allowed a single individual with malicious intent to steal millions. The average amount stolen through computerized means is more than twenty times higher than the average taken through more conventional, "physical," crime [1]. Although it could be argued that banks implement safety measures such as a marker or alert for large or suspicious transactions, all these transactions are computerized. The program actually carrying out the transfer can be modified not to issue such an alert by the person who has carried out such modifications, as in the Safebank case. A complete reliance on computers has created more opportunities for cybercrime, reduced the ability to prevent this crime, and made the potential consequences of these crimes more serious.

In order to evaluate this statement, I will be discussing different aspects of computer crime, relating specifically to the idea of malicious programming in the banking sector. Although there are many different types of cybercrime, focusing on this issue relates more strongly to the Safebank case. In addition to this, the paper will cover methods of halting or preventing this crime, and possible consequences, in relation to the Safebank incident.

The crime at Safebank was a cybercrime. Money was stolen through the system itself, without any physical aspect to the crime. The crime was rendered even more effective