Natalia Akhtyrskaja , Ph.D.
Manners of misappropriation in the bank computer systems
The manner of theft in the bank computer systems presents the whole complex of modes and means that facilitate the unauthorized access to bank computer data, which illegal modification can result in withdrawing and misappropriating money of other persons.
Currently known manners of electronic misappropriation are characterized by the considerable and constantly expanded diversity that results from the sophisticated level of computing equipment and the continuous accumulation of informational operations, most of them reflecting the movement of material values, financial and monetary means.
Criminally, such premeditated actions are crimes with clearly expressed stages of criminal activity development. They differ from each other in the character and completion of a criminal action. The division into the following three phases makes it possible to give a right legal assessment to the perpetrated offence:
This stage means to seek, purchase, hire or steal a computer, modem and other tools to commit a cybercrime (finding of criminal means)^; to write a special program to overcome the protection of banking networks (manufacture and adjustment of criminal tools)^; to gather information on bank clients and protecting systems, select passwords, get over the information protecting systems (conditioning of an offence).
Here, the monetary means can be illegally moved to the criminal or third persons by manipulating bank computer data, traces being removed.
These two phases make preliminary criminal activities (inchoate crime).
On this final stage, all unauthorized transactions are completed and the criminal has an opportunity to reap the fruits of the criminal action.
The main manners of crime commitment are as follows:
- withdrawing (stealing, robbing, extorting) computer technique (CT) to receive systems blocks, hard disks or other information carriers with specified data on bank clients, depositors and creditors. Such actions are characterized by the corpus delicti of traditional crimes^;
- intercepting or secretly obtaining information on bank clients, depositors and creditors from communication channels, telecommunication equipment, office rooms for confidential talks, paper and magnetic carriers (including technological waste) through the audio, visual and electromagnetic observation^;
- gaining an unauthorized access to CT i.e. making it possible to manage information without owner’s permission. It can be done by using the following methods:
1) “after a fool” – physical penetration into the production premises: the ill-minded person with CT related things waits for a legal user near the close service room to enter there together on various pretexts^;
2) “lace” – electronic penetration into CT by connecting an additional computer terminal to communication channels through the daisy chain when the legal user leaves his/her working place for a short term, the terminal or PC operating in an active mode^;
3) “by tail” – the ill-minded person hooks up to the legal user’s communication line and waits with patience for an end-of-work signal, taps it and telecommutes to the banking system after the legal user accomplishes an active mode (it is peculiar to telephone sets holding a subscriber called number)^;
4) “computer boarding” – the ill-minded person manually or with automatic programs selects a code (password) of access to the bank system through the usual telephone^;
5) ‘slow scanning” – the ill-minded person checks the bank computer protecting system for weak and erroneous elements or program breaches to set additional access programs^;
6) “masquerade” – the ill-minded person penetrates into the bank computer system as the legal user by exploiting his/her codes/passwords and other identifying ciphers ^;
7) “mystification” - under the ill-minded person created conditions the legal user of the bank system hooks up to the illegal terminal. When generating true answers on enquiries of the legal user and keeping up his/her delusion for some time, the criminal procures codes/passwords of access or responses on them^;
8) “emergency” – the ill-minded person causes failures and other deviations from the normal work of the bank computer system. The special program is switched on. It allows obtaining an access to the most valuable data at malfunction. In emergency, all information protecting means available in the bank computer system can be switched off thereby facilitating the access to them on the part of the wrongdoer.
The asynchronous attack can be referred to the preparation stage. Misusing the asynchronous nature of the executive system, the ill-minded person forces the bank computer system to work under false conditions resulting in the partial or complete failure of the processing control. This situation can be used to make changes of the executive system, they being inconspicuous.
The simulation is the most difficult and time-consuming manner of preparing a crime. The ill-minded person simulates the computer system behavior on various conditions and optimizes the data-manipulating mode by learning the flow of funds.
For example, some strange banks have fractional amount accounts opened. The situation when funds are transferred from one bank to another and the other way round with step-by-step increase in sums can be simulated. The analysis specifies conditions, under which:
a) the bank finds out that the remittance order has not been covered with the necessary amount^;
b) the bank should receive a notification from another one that the total sum has backed a remittance order^;
c) these cycles should be repeated to remit a sufficient sum of money and make the increased number of payment orders unsuspicious.
When modifying information, the ill-minded person enters new data (as a rule, on the phase of information input-output) to change banking account records and misappropriate someone else’s money.
Such detrimental computer programs as “Trojans”, “matryoshka”, “worms” and «logic bombs” can be also used to illegally transfer money from others’ accounts . They allow the ill-minded person to secretly introduce special program modules into application software of the bank computer system to transfer some money to the false account from every bank operation or to increase its amount through the automatic recalculation of UAH balances at the changeover to the foreign currency commerce course. This program module launches and controls all manipulations with data and their bookkeeping operations at the preset moment and under favorable (for the criminal) circumstances.
“Salami” is a unique electronic method of misappropriating spare money. The criminal “writes” a special module to application software of the bank computer system. It manipulates information to remit change (resulted from the legal transaction approximation) to the false account, accountants calling this process “salami”. The criminal expects that the low size of transferred money will make banking losses practically inconspicuous, the amount of his/her account being increased by implementing many illegal transactions.
Special attention should be paid to the methods of covering traces. These actions can be hardly qualified by Criminal code articles but they allow the criminal to reap fruits of his/her ugly work. They are important to estimate the completion of a committed crime. Some of them are as follows:
Splitting amounts of money – the ill-minded person divides black money into irregular parts and transfers them to correspondent accounts in strange banks to draw by cash.
Remitting money – the criminal transfers black amounts of money to accounts of various bank clients, drives them through the chain of other bank client accounts and thereby makes it difficult to establish the origin of money. After removing traces, the wrongdoer can use these sums to his/her own discretion.
Electronic blockage – a number of the ill-minded person’s accomplices use their PCs anywhere to block the bank computer system with a simultaneous “attack” of unauthorized access. They cover the main illegal transaction by sending many false payment orders that make it difficult to fix the real channel of money leakage.
Officers from economic crime departments having no related specialization and required knowledge of computing technique usually investigate such crimes. To our opinion, it is time to establish an institute of independent experts in developing and using information protecting means, as well as those in processing bank data. Only they can competently answer questions on the mechanism of perpetrating relevant offences. It should be reminded that the main problems are to draw such experts in legal expertise and overcome the reluctance of some investigators to do it.
Besides, it should be noted that these crimes are of a latent character resulted from the mechanism of stealing money through executive system “gaps”. Especially important is to prevent and repress such offences on the preparation stage. Practically, it is very difficult to discover offences and gather criminal evidences. Therefore, some indirect features can help to fix the preparation of a crime. Among them are :
- information carriers are stolen^;
- some persons show abnormal interest to the contains of wastepaper baskets, garbage cans and so on^;
- somebody makes unreasoned manipulations with valuable data (for example, frequent transfer of money from one account to another, the availability of several accounts, implementation of transactions with delay in relevant confirmation)^;
- computer system disturbance^;
- virus emergence^;
- groundless loss of huge data arrays^;
- unauthorized persons are in the service room or representatives of maintenance and control organizations hold an extraordinary inspection of bank premises, equipment, various means of life support systems^;
- violated rules of filing computer system working time logbooks (corrections, the lack of some records or their falsification)^;
- ungrounded manipulations with data (re-recording, replacement, modification, deletion) or acquired information is not renewed^;
- key documents have no or forged signatures^;
- emergence of counterfeit or falsified documents or reporting forms^;
- some bank officials show unreasoned interest to overtime works and unrelated information or they often visit other bank departments and services^;
- a bank official shows an open displeasure or raises an objection to his/her activities controlled^;
- numerous complaints of bank clients.
The only way-out is a close interaction of three groups of law enforcement officers (investigators, experts), bank personnel (experts in bank computer technologies) and those engaged in protecting bank computer information to fight banking cybercrimes in a more effective way.
1. V. Golubev - Banking computer crimes – Zaporozhye: PH “Pavel”, 1997. – P.35.
2. P. Bilenchuk, B. Romanyuk, V. Tsimbalyuk – Computer crimes. Manual. – Kiev: Attica, 2002. – P.159-160.
3. M. Vertuzayev, Yu. Kondratyev, S. Pugachov, A. Yurchenko – Manners of cybercrimes committed by using bank payment cards. – Information technologies and protection of data. – Zaporozhye, 1999. - P.51.
^macro[showdigestcomments;^uri;Manners of misappropriation in the bank computer systems]