http://www.canada.com/technology/story.html?id=67537E96-8C12-4907-B68A-EB4FE7D68FB5 Peter Kuitenbrouwer Financial Post March 25, 2003 Bruce McGrath worked in information technology at the head office of the Liquor Control Board of Ontario, in Toronto, for more than five years. During that time, he helped design a new system to link the electronic journals at 600 LCBO stores to one central database. And, police claim, Mr. McGrath, 39, wrote in some extra programming language. It is alleged that those modifications allowed Mr. McGrath to walk in to any of three LCBO locations, buy a bottle of wine for $16 to $20 on his bank debit card, and ask for $300 in cash back. The debit card reader would electronically approve the transaction. Then, after Mr. McGrath left the store with his wine and his cash, police allege, the computer would automatically cancel the authorization for the cash withdrawal. That way, the $300 was never debited on his account. Police allege Mr. McGrath stole more than $80,000 this way. Charged on Jan. 21, he will appear in court on April 8. None of the charges has been proved in court and Mr. McGrath claims he is innocent. As information technology spreads to encompass almost every aspect of commerce, activities like these are becoming more technically complex, forensic investigators say. Increasingly, investigations focus on people who understand the inner workings of complex databases and who can use that knowledge to manipulate systems to their advantage. "The motives and mindset are still the same as they were 20 or 30 years ago," says Roddy Allan, a forensic accountant with Kroll Lindquist Avey, which employs about 75 in Toronto and is frequently retained by major firms when they suspect foul play in their workplaces. "The computer is just a new tool." Mr. Allan told of one case where a man went to a bank machine and deposited $250,000 in cheques. Normally, those cheques wouldn't clear until the bank verified the funds were in the account. In this case, during the night an accomplice inside "got the passwords and released the holds on the cheques." The fraudsters then withdrew the cash in another country. Technology can facilitate fraud, Mr. Allan says. "You can delete computer records where maybe there isn't a parallel hard copy, or alter documents electronically." But new tools also facilitate investigation, such as recovering deleted emails which are cached on unused space on a computer hard drive. "You leave little digital trails all over the place," he says, his hand skittering across the table like a spider. "The files people think they've deleted can be recovered using sophisticated computer forensic techniques." In 2001, accounting giant KPMG, surveyed the largest companies in 12 countries on the subjects of "e-fraud and security-related issues." Of the 1,253 responses, 179 came from Canadian firms. Although respondents said their systems are secure, less that 35% reported having security audits performed on their e-commerce systems. "The survey results illustrate how executives can be misinformed about the actual vulnerabilities of their network systems," KPMG concluded. "Poorly trained and/or poorly qualified system administrators, poor reporting procedures for security breaches, or dishonest employees are often the cause of this misinformation." In the LCBO case, the missing cash came to light during a routine audit between the LCBO and the bank, according to Detective Leonard McGowan of the fraud squad at the Toronto Police Service. Det. McGowan alleges that Mr. McGrath went back into the computer system within 24 hours of the transaction and made modifications to ensure that the missing funds did not turn up on the LCBO's records. Police also allege that Mr. McGrath, during routine maintenance of the computers at LCBO locations, removed hard paper copies of cash register tapes to cover up evidence of the transactions. "The purchase would show but the cash back would not," saysDet. McGowan. "The person would have to have access to the entire banking and accounting system at the LCBO." Det. McGowan says that when he told Mr. McGrath he would be arrested, Mr. McGrath "did the right thing" and turned himself in at a Toronto police station on Jan. 22. He is charged with one count of fraud over $5,000, one count of using a computer system to commit fraud over $5,000, and one count of mischief, "to wit, altered account data relating to his own bank transactions using the Liquor Control Board of Ontario's Retail Point of Sale System contrary to the Criminal Code." None of these allegations has been proven in court. Det. McGowan said he expects a long, complex trial. "We ran a test recently using the same techniques. We were able to duplicate exactly what he did. "I don't expect this to be pled out at all," he said. "We're alleging pretty fancy computer work. We're going to have to prove that he could do it and did do it. The records are there." A woman who answered the door at Mr. McGrath's home last week, in a new section of northern Oakville, said that Mr. McGrath was not at home. Clayton Ruby, the lawyer retained by Mr. McGrath, said his client is innocent. "The bank designed the computers," Mr. Ruby said. "The bank controls them. There's no way of doing what the police say happened. The police has not produced any evidence of what technique [they say was used]. This gentleman is innocent of any wrongdoing." Sherri Haigh, spokeswoman for the LCBO, said, "We can confirm there have been charges laid against Mr. McGrath. This is a police matter. I can't get into this any further. He worked for us for a number of years in IT. He no longer works for us. Any issues respecting LCBO systems have been addressed. We'll wait to see what happens in court." - ISN is currently hosted by Attrition.org To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY of the mail.
This archive was generated by hypermail 2b30 : Wed Mar 26 2003 - 02:27:19 PST