Ways of committing information technology crimes
in the banking system of Ukraine
The banking system connected with accumulating, allocating and using state and private funds is the most attractive for particular criminals and organized criminal groups. This system features now many financial shady deals often made during various banking operations.
The normal economy requires a reliable, stable and developed banking system that will carry out payments, give credits to their clients in a proper time, make transactions on securities and so on. The destabilized financial position of the bank can result in ruining its clients.
The banking and financial systems are widely used to launder criminal incomes. Especially it concerns the international payment systems. Ukraine’s law enforcement bodies are worried about an increased number of crimes committed in the banking systems (nearly 3.1 thousand crimes were revealed there in 2002). According to Ukraine’s National bank experts, almost every third bank in Ukraine is now problematic. The banking system has transformed into a central link of the technological chain of laundering money earned in a criminal way. Proceedings are instituted against three hundred and sixty-seven officials (fifty-four of them are directors of banking establishments) that committed mercenary crimes directly in the banks .
Crimes committed in the banking system or by using it can be referred to the most dangerous economic offenses because they have a negative influence not only upon the bank itself but also on many other subjects of economic activities and state financial system as a whole.
Especially huge funds are drawn from banking accounts both of depositors and banks themselves by using computer systems. Ukraine’s Criminal Code Articles 190 “Fraud”, 200 “Manipulations with money order documents, payment cards and other means of banking account access, equipment for their manufacture’, 361 “Illegal interference with the work of electronic computers, their systems and networks”, 362 “Stealing, misappropriating, extorting computer information and obtaining it through fraud or official position abuse” and 363 “Violation of automated electronic system operating rules” provide some penalties for perpetrating those offenses.
Early 90s Ukraine started the global society computerization that became not just a factor of the technical progress but also deeply penetrated into life, professional activity, science, education and culture. Computers are now indispensable human aids.
Today our country has a highly developed system of electronic communication that cannot be absolutely reliable and protected. Such a situation gives criminals an opportunity to obtain an unauthorized access to computer information systems. The process of the society computerization results in increasing computer crimes and material expenses when compared with committing ordinary ones.
The home science of crime detection has no main elements characterizing computer crimes committed in the banking system.
The researches show that 55% of interrogated persons have not the slightest idea of these categories, 39% of them have a superficial knowledge of criminalistical characteristics of persons disposed to committing computer crimes from unscientific sources (66% - mass media, 28% foreign films and videos). The graduate students from Ukraine’s MHA institutes of higher education that should have a scientific knowledge of what they will come across in their direct practical work were mainly interrogated. Such a situation cannot be considered positive. Therefore, it is very urgent both from the practical and scientific standpoint to solve the problem of criminalistical characteristics of these crimes.
The most important element of any crime criminalistical characteristics is a combination of data on the way of committing it.
The science of crime detection defines the way of committing an offense as an objectively and objectively specified system of person’s conduct before, during and after perpetrating it. This system is characterized with leaving various external evidences that allow learning what has happened, peculiarities of the delinquent person’s conduct, his personal data with the help of criminalistical methods and means, as well as establishing the most optimum methods of exposing crimes .
In other words, the way of committing a crime includes the complex of specific actions of the criminal on preparing, perpetrating and concealing an offense. In many cases, these actions form a multiple system and are reflected in the environment thereby presenting data on the peculiar model of a crime.
Establishing the way of committing a crime mainly depends on its investigation goals, criminal case evidences (Ukraine’s CPC Article 64), right qualification, aggravating circumstances when an organized group included (Ukraine’s CC Article 41, Item 2).
It should be born in mind that the court takes into consideration the way of committing a crime to individualize the criminal person’s punishment because it characterizes not only an offense itself but also its subject . All this proves the necessity of describing the way of perpetrating an offense in the sentence and its motivation part (Ukraine’s CPC Articles 223, 334).
Criminalistical literature considers the way of stealing as a key element of the criminalistical characteristic because it determines the procedures and tactics of the inquest and investigation .
There are many various ways of committing information technology crimes in the banking system. Let us examine some of those used in Ukraine.
In June 1994, Dnepropetrovsk DHA prevented an attempt to steal $864 million by penetrating into the banking electronic payment system.
T., a programming engineer from the Prominvestbank affiliate in Dnepropetrovsk, had an access to the “Trezor” (electronic protecting system of the bank computer network) and came to a collusion with A., the deputy director of “AKS” (Dnepropetrovsk), to steal especially great funds. T. made a copy of the “Trezor” program on his floppy and entered the Prominvestbank computer network using his home computer. He made a false payment bill for 864 million UHR and put it into the e-mail box of computer bank to send to the previously specified account of “Vic-Service” (Dnepropetrovsk) in the regional Ukreksimbank through Ukraine’s National bank e-mail. After this sum was transferred to the “Vic-Service” account, T. and A. were arrested when trying to dispose of stolen money.
Such facts took places in Donetskaya oblast and the Republic of Crimea .
In July 1995, an unknown person introduced false data on the currency reappraisal into the electronic computer connected to the international communication electronic computer system of a Kiev bank by using “masquerade ”. This person changed a password of the computer system access thereby disabling the bank to get into contact with its foreign partners. Taking advantage of it, he sent payment orders that allowed writing off and transferring $172 thousand to foreign beneficiaries .
In 2002, A., a Ukrainian, interfered with the work of an X commercial bank (CB) and changed information by using “breakthrough ” and “data substitution ”. Then he stole huge money there by fraud and breach of trust.
In February, he got a credit card “Visa” there. In May, X CB started writing off commission from accounts of its payment card clients for data on an account condition in Bancomats of other banks.
When manually introducing such operations into the automated computer databases of payment card users, X CB officials wrote off by mistake $220200 instead of $1 from his special card account. In fact, this sum reflected the date “22.02.00”. His card account was renewed by $220199 to correct a mistake. After that, the balance on the special card account (SCA) was true.
In addition, since May the bank started sending notices on SCA balances to their clients through Internet. In the CB automated system protected from an unauthorized access, information on an account condition of bank clients was stored in the automated computer databases of credit card users. Everyday it was automatically sent through the computer system controlling Informix databases to that monitoring Oracle databases protected from introducing changes both on the part of bank officials and its clients. In June 2000, A. found erroneous banking operations when looking through the Internet notice.
Then he sent an e-message to the bank that he could not receive information on his card account condition through Internet. An official responded him using the bank server that everything was OK. After getting an e-letter and learning its program characteristics, A. obtained the server IP-address.
A. illegally penetrated into the Oracle database by cracking the bank server IP-address through Internet. Imitating the previous mistake made in May 2000 by bank officials, he himself “wrote off” $220200 from his credit card account. Then he sent an e-letter to the bank site informing that he could not know the condition of his credit card account through Internet. On the following day, he phoned up a bank operator and told about an erroneous reduction of his account by a huge sum on the part of the bank. After checking the Oracle database, the bank officials revealed their “mistake”: indication of “- $220200” on his account. They considered it to be resulted from the automated system malfunction and renewed his account by this sum .
The above material shows that every year the ways of committing e-crimes are changed due to the complexity of computer technique, variety and accumulation of information operations, most of which reflect the movement of funds, development of technique and so on.
A crime is easier to prevent than expose. It is an axiom. The international experience in fighting crimes shows that the most effective is an active use of various preventive ways on the part of law enforcement agencies. They include: informing people about law enforcement body activities and penalties for committed crimes. It is especially important to prevent perpetrating offenses in the sphere of high technologies because most of hacking teenagers have an illusion of their own impunity.
Materials published in mass media should not give rise to unnecessary hullabaloo around this problem but on the contrary, they should be of an educational character: inform about court practice and explain what crimes criminals are punished for.
1. Ukraine’s Ministry of Home Affairs Public Report // Militia of Ukraine. – 2003. - ¹ 2 – P.5
2. N.P. Yablokov, V.Y. Koldin Criminalistics: Textbook. – M.: MSU, 1990. – P.327
3. Procedures of investigating social property appropriation / Edited by V.G. Tanasevich. – Issue1^; General questions of investigating appropriations: Methodical recommendations / All-Union institute on studying reasons and developing measures of preventing crimes. –M., 1976. – 189 p.^; G.A. Matusovsky Procedures of investigating appropriations: Study aids. – K.: UMK VO., 1988. – 88 p.^; A.N. Kolesnichenko, V.E. Konovalova Criminalistical characteristic of crimes: Study aids. – Kharkov: Kharkov Institute of Law, 1985. – 93 p.^; Investigation of state and social property appropriation (Problems of tactics and procedures). – Kh.: High School, 1987. – 68 p.
4. V.A. Golubev Computer crimes in the banking activity. – Zaporozhye: “Pavel”, 1997 – P.18-19
5. According to the criminal case materials
6. According to the materials of Criminal Case 70001151
^macro[showdigestcomments;^uri;Ways of committing information technology crimes in the banking system of Ukraine]