[ISN] IT insiders can manipulate system for own advantage

From: InfoSec News (isnat_private)
Date: Wed Mar 26 2003 - 00:03:16 PST

  • Next message: InfoSec News: "[ISN] Watching the Watchers"

    Peter Kuitenbrouwer  
    Financial Post 
    March 25, 2003
    Bruce McGrath worked in information technology at the head office of
    the Liquor Control Board of Ontario, in Toronto, for more than five
    years. During that time, he helped design a new system to link the
    electronic journals at 600 LCBO stores to one central database. And,
    police claim, Mr. McGrath, 39, wrote in some extra programming
    It is alleged that those modifications allowed Mr. McGrath to walk in
    to any of three LCBO locations, buy a bottle of wine for $16 to $20 on
    his bank debit card, and ask for $300 in cash back. The debit card
    reader would electronically approve the transaction. Then, after Mr.  
    McGrath left the store with his wine and his cash, police allege, the
    computer would automatically cancel the authorization for the cash
    withdrawal. That way, the $300 was never debited on his account.
    Police allege Mr. McGrath stole more than $80,000 this way. Charged on
    Jan. 21, he will appear in court on April 8.
    None of the charges has been proved in court and Mr. McGrath claims he
    is innocent.
    As information technology spreads to encompass almost every aspect of
    commerce, activities like these are becoming more technically complex,
    forensic investigators say.
    Increasingly, investigations focus on people who understand the inner
    workings of complex databases and who can use that knowledge to
    manipulate systems to their advantage.
    "The motives and mindset are still the same as they were 20 or 30
    years ago," says Roddy Allan, a forensic accountant with Kroll
    Lindquist Avey, which employs about 75 in Toronto and is frequently
    retained by major firms when they suspect foul play in their
    workplaces. "The computer is just a new tool."
    Mr. Allan told of one case where a man went to a bank machine and
    deposited $250,000 in cheques. Normally, those cheques wouldn't clear
    until the bank verified the funds were in the account. In this case,
    during the night an accomplice inside "got the passwords and released
    the holds on the cheques." The fraudsters then withdrew the cash in
    another country.
    Technology can facilitate fraud, Mr. Allan says. "You can delete
    computer records where maybe there isn't a parallel hard copy, or
    alter documents electronically." But new tools also facilitate
    investigation, such as recovering deleted emails which are cached on
    unused space on a computer hard drive.
    "You leave little digital trails all over the place," he says, his
    hand skittering across the table like a spider. "The files people
    think they've deleted can be recovered using sophisticated computer
    forensic techniques."
    In 2001, accounting giant KPMG, surveyed the largest companies in 12
    countries on the subjects of "e-fraud and security-related issues." Of
    the 1,253 responses, 179 came from Canadian firms. Although
    respondents said their systems are secure, less that 35% reported
    having security audits performed on their e-commerce systems.
    "The survey results illustrate how executives can be misinformed about
    the actual vulnerabilities of their network systems," KPMG concluded.  
    "Poorly trained and/or poorly qualified system administrators, poor
    reporting procedures for security breaches, or dishonest employees are
    often the cause of this misinformation."
    In the LCBO case, the missing cash came to light during a routine
    audit between the LCBO and the bank, according to Detective Leonard
    McGowan of the fraud squad at the Toronto Police Service.
    Det. McGowan alleges that Mr. McGrath went back into the computer
    system within 24 hours of the transaction and made modifications to
    ensure that the missing funds did not turn up on the LCBO's records.  
    Police also allege that Mr. McGrath, during routine maintenance of the
    computers at LCBO locations, removed hard paper copies of cash
    register tapes to cover up evidence of the transactions.
    "The purchase would show but the cash back would not," saysDet.  
    McGowan. "The person would have to have access to the entire banking
    and accounting system at the LCBO."
    Det. McGowan says that when he told Mr. McGrath he would be arrested,
    Mr. McGrath "did the right thing" and turned himself in at a Toronto
    police station on Jan. 22. He is charged with one count of fraud over
    $5,000, one count of using a computer system to commit fraud over
    $5,000, and one count of mischief, "to wit, altered account data
    relating to his own bank transactions using the Liquor Control Board
    of Ontario's Retail Point of Sale System contrary to the Criminal
    None of these allegations has been proven in court.
    Det. McGowan said he expects a long, complex trial. "We ran a test
    recently using the same techniques. We were able to duplicate exactly
    what he did.
    "I don't expect this to be pled out at all," he said. "We're alleging
    pretty fancy computer work. We're going to have to prove that he could
    do it and did do it. The records are there."
    A woman who answered the door at Mr. McGrath's home last week, in a
    new section of northern Oakville, said that Mr. McGrath was not at
    Clayton Ruby, the lawyer retained by Mr. McGrath, said his client is
    "The bank designed the computers," Mr. Ruby said. "The bank controls
    them. There's no way of doing what the police say happened. The police
    has not produced any evidence of what technique [they say was used].  
    This gentleman is innocent of any wrongdoing."
    Sherri Haigh, spokeswoman for the LCBO, said, "We can confirm there
    have been charges laid against Mr. McGrath. This is a police matter. I
    can't get into this any further. He worked for us for a number of
    years in IT. He no longer works for us. Any issues respecting LCBO
    systems have been addressed. We'll wait to see what happens in court."
    ISN is currently hosted by Attrition.org
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.

    This archive was generated by hypermail 2b30 : Wed Mar 26 2003 - 02:27:19 PST