IT insiders can manipulate system for own advantage

[InfoSec News <isn () c4i org>]

http://www.canada.com/technology/story.html?id=67537E96-8C12-4907-B68A-EB4FE7D68FB5

Peter Kuitenbrouwer  
Financial Post 
March 25, 2003

Bruce McGrath worked in information technology at the head office of
the Liquor Control Board of Ontario, in Toronto, for more than five
years. During that time, he helped design a new system to link the
electronic journals at 600 LCBO stores to one central database. And,
police claim, Mr. McGrath, 39, wrote in some extra programming
language.

It is alleged that those modifications allowed Mr. McGrath to walk in
to any of three LCBO locations, buy a bottle of wine for $16 to $20 on
his bank debit card, and ask for $300 in cash back. The debit card
reader would electronically approve the transaction. Then, after Mr.  
McGrath left the store with his wine and his cash, police allege, the
computer would automatically cancel the authorization for the cash
withdrawal. That way, the $300 was never debited on his account.

Police allege Mr. McGrath stole more than $80,000 this way. Charged on
Jan. 21, he will appear in court on April 8.

None of the charges has been proved in court and Mr. McGrath claims he
is innocent.

As information technology spreads to encompass almost every aspect of
commerce, activities like these are becoming more technically complex,
forensic investigators say.

Increasingly, investigations focus on people who understand the inner
workings of complex databases and who can use that knowledge to
manipulate systems to their advantage.

"The motives and mindset are still the same as they were 20 or 30
years ago," says Roddy Allan, a forensic accountant with Kroll
Lindquist Avey, which employs about 75 in Toronto and is frequently
retained by major firms when they suspect foul play in their
workplaces. "The computer is just a new tool."

Mr. Allan told of one case where a man went to a bank machine and
deposited $250,000 in cheques. Normally, those cheques wouldn't clear
until the bank verified the funds were in the account. In this case,
during the night an accomplice inside "got the passwords and released
the holds on the cheques." The fraudsters then withdrew the cash in
another country.

Technology can facilitate fraud, Mr. Allan says. "You can delete
computer records where maybe there isn't a parallel hard copy, or
alter documents electronically." But new tools also facilitate
investigation, such as recovering deleted emails which are cached on
unused space on a computer hard drive.

"You leave little digital trails all over the place," he says, his
hand skittering across the table like a spider. "The files people
think they've deleted can be recovered using sophisticated computer
forensic techniques."

In 2001, accounting giant KPMG, surveyed the largest companies in 12
countries on the subjects of "e-fraud and security-related issues." Of
the 1,253 responses, 179 came from Canadian firms. Although
respondents said their systems are secure, less that 35% reported
having security audits performed on their e-commerce systems.

"The survey results illustrate how executives can be misinformed about
the actual vulnerabilities of their network systems," KPMG concluded.  
"Poorly trained and/or poorly qualified system administrators, poor
reporting procedures for security breaches, or dishonest employees are
often the cause of this misinformation."

In the LCBO case, the missing cash came to light during a routine
audit between the LCBO and the bank, according to Detective Leonard
McGowan of the fraud squad at the Toronto Police Service.

Det. McGowan alleges that Mr. McGrath went back into the computer
system within 24 hours of the transaction and made modifications to
ensure that the missing funds did not turn up on the LCBO's records.  
Police also allege that Mr. McGrath, during routine maintenance of the
computers at LCBO locations, removed hard paper copies of cash
register tapes to cover up evidence of the transactions.

"The purchase would show but the cash back would not," saysDet.  
McGowan. "The person would have to have access to the entire banking
and accounting system at the LCBO."

Det. McGowan says that when he told Mr. McGrath he would be arrested,
Mr. McGrath "did the right thing" and turned himself in at a Toronto
police station on Jan. 22. He is charged with one count of fraud over
$5,000, one count of using a computer system to commit fraud over
$5,000, and one count of mischief, "to wit, altered account data
relating to his own bank transactions using the Liquor Control Board
of Ontario's Retail Point of Sale System contrary to the Criminal
Code."

None of these allegations has been proven in court.

Det. McGowan said he expects a long, complex trial. "We ran a test
recently using the same techniques. We were able to duplicate exactly
what he did.

"I don't expect this to be pled out at all," he said. "We're alleging
pretty fancy computer work. We're going to have to prove that he could
do it and did do it. The records are there."

A woman who answered the door at Mr. McGrath's home last week, in a
new section of northern Oakville, said that Mr. McGrath was not at
home.

Clayton Ruby, the lawyer retained by Mr. McGrath, said his client is
innocent.

"The bank designed the computers," Mr. Ruby said. "The bank controls
them. There's no way of doing what the police say happened. The police
has not produced any evidence of what technique [they say was used].  
This gentleman is innocent of any wrongdoing."

Sherri Haigh, spokeswoman for the LCBO, said, "We can confirm there
have been charges laid against Mr. McGrath. This is a police matter. I
can't get into this any further. He worked for us for a number of
years in IT. He no longer works for us. Any issues respecting LCBO
systems have been addressed. We'll wait to see what happens in court."



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn'
in the BODY of the mail.