Fighting crimes committed in the bank computer systems
Date: November 05, 2003Source: Computer Crime Research Center
By:
... its information. After that, he stole a large sum of money by swindling and breaching trust.
On February 10, 2000, G.Kuzmichov obtained an international debit plastic card “BANK PLATINA-VISA ELECTRON” and personal identification number to dispose of funds that he had deposited on the “Platinum” bank special account.
G.Kuzmichov used this plastic card to pay for goods and services in the establishments operating with VISA cards, as well as a PIN-code to know his account condition or draw cash at appropriate money access machines.
The sum written off his special “Platinum” bank card account did not exceed the amount of deposited money. According to the “Platinum” bank tariffs, $1 was written off his card account to obtain an abstract of his account in the cash machine of another bank.
On April 28, 2000, CB “Platinum” employees were charging commissions from their card clients for account balance verification in the other bank cash machines.
A bank employee wrote off by mistake not $1 but $220200 from Kuzmichov’s special card account that in fact represented the date “22.02.00” when he had checked his card account balance.
On May 3, 2000, CB “Platinum” employees replenished Kuzmichov’s card account with $22099 to correct a mistake made in the computer database of their plastic card clients. One dollar was charged as a commission for an abstract of his account taken in the other bank cash machine.
On June 13, 2000, G.Kuzmichov applied again to the “Platinum” Bank for replacing his plastic card because his surname had been changed in the foreign passport. He obtained a new plastic card “BANK PLATINA-VISA ELECTRON” with the previous number of his special card account.
Besides, since 2000 the “Platinum” bank has started rendering its clients an additional service on verifying a card account balance through the Internet.
Having replaced his plastic card, G.Kuzmichov also got an opportunity to check the balance of his card account through the Internet. When verifying the balance of his card account through the Internet, he saw that on April 28, 2000, the bank had wrote off by mistake $220200 from his special card account and on May 3, 2000, it was replenished with $220199.
G.Kusmichov decided to penetrate into the bank automated system through the Internet and introduce changes into the computer database of the “Platinum” bankcard clients by imitating the mistake made on April 28, 2000. After that, he wanted to increase funds on his account by $220200 in an illegal way and receive them in cash machines.
On June 16, 2000, G.Kuzmichov informed the bank by e-mail that he could not check the balance of his card account through the Internet. On the same day, the bank employee verified that information and gave an electronic reply that there were no defects.
Having received an e-letter and scanned its program characteristics in the computer, G.Kuzmichov extracted from it an IP-address of the e-mail server that simultaneously allowed verifying the balance of card accounts through the Internet.
On June 25, 2000, the criminal illegally penetrated into the database computer system containing information on the condition of plastic card accounts by cracking the IP-address of the “Platinum” bank server and decreased the balance of his card account by $220200 by imitating the second bank mistake.
Thus, the modification of information in the Oracle database on the part of G.Kuzmichov resulted in the negative balance of his card account (-$220200).
Meanwhile, the computer database establishing plastic card expense limits contained real information on the condition of the criminal’s card account and allowed using only a sum that did not exceed a deposited one.
Continuing to deceive the Platinum Bank employees, G.Kuzmichov informed the bank operator by phone that his card account showed the negative balance and requested the bank to correct its error.
When verifying obtained information, bank employees found that G.Kuzmichov’s card account actually reflected the negative balance (-$220200). They took it for a failure in the automated system work and replenished his account with $220200. It allowed G.Kuzmichov to dispose of $220200 besides deposited funds and to accomplish his criminal intent to misappropriate a large sum of money.
Thus, on June 26, 2000, the Oracle database computer system automatically obtained data on the condition of bank client accounts adjusted for G.Kusmichov’s one illegally enlarged.
At the same time, the printed abstract of account did not indicate G.Kusmichov’s account increase because official operations are not reflected in account abstracts.
Having created conditions to steal $220200, G.Kuzmichov inquired about the abstract of his card account through the Internet and money access machines to check possibilities of obtaining those funds.
After making sure that his card account had been replenished with a sum of $220200 and he could dispose of it, G.Kuzmichov received and defalcated 143750 UAH (nearly $27122) by using his plastic card and PIN-code.
G.Kuzmichov intended to steal $220200 but he could not accomplish his purpose because his criminal actions were detected and the bank employees blocked his card account.
Article 198-1, Part 2, Ukraine’s Criminal Code, qualifies G.Kuzmichov’s actions on penetrating into the Platinum Bank automated system by using appropriate detrimental software, distorting and destroying information, as well as inflicting a great damage.
Article 86-1, Ukraine’s Criminal Code, qualifies G.Kuzmichov’s premeditated actions on stealing a large collective property of the Platinum Bank of 143750 UHR ($27122) by swindling and breaching trust.
Article 17 Part 2 and Article 86-1 Ukraine’s Criminal Code qualify G.Kuzmichov’s premeditated actions on attempting the large misappropriation of the Platinum Bank collective property of 1053339 UHR ($198743) by swindling and breaching trust.
Thus, G.Kuzmichov committed crimes specified in Articles 80-1, 86-1, 17 (Part 2), 198-1 (Part 2) Ukraine’s Criminal Code [3].
Some objective and subjective reasons favor the commitment of crimes in the bank computer systems. The knowledge of them allows preventing crimes and decreasing the probability of perpetrating offenses against bank information. The main reasons and conditions that favor the perpetration of such crimes are as follows:
- The lack of appropriate control over an unauthorized access to the bank autonomous computer or that used as a remote working station of the bank computer network to transfer data on primary bookkeeping documents when financing;
- A careless use of computers on the part of bank employees that allows the criminal to exploit them as a tool of committing crimes;
- A low level of applied software used in the bank computer systems that has no monitoring protection to check the correspondence and accuracy of input information;
- The imperfectness of password protection (or insufficient one) from an unauthorized access to information bank recourses that does not identify and authenticate a user;
- The lack of an official person responsible for the confidentiality of banking information and its security;
- The lack of a clear categorized system of access to paper and electronic documents of strict financial accounting;
- The lack of agreements (contracts) with bank employees on keeping commercial and official secrecy.
1. M.Zgurovsky The society of knowledge and information – tendencies, challenges, perspectives. – “Weekly miracle”, 2003. - ¹ 19 (444). – P.17.
2. V.Buyanov, N.Zhogla, O.Zaytsev, G.Kurbatov, A.Petrenko, N.Fedotov Information security in Russia. – Ì., “Examine”, 2003.
3. Criminal case ¹ 70001151. Court of Appeal archives in Dnepropetrovsk (Ukraine)
Add comment
Email to a Friend
| Discussion is closed - view comments archieve |
| 2008-07-03 10:03:51 - WER WER |
| Total 1 comments |
