Bank Crime Investigation Techniques by means of Forensic IT

1
Bank Crime Investigation Techniques by means of
Forensic IT

• Technological Crime Trends

Gina Carlettis Scotiabank Canada
2
Agenda

• Risk Mitigation
• Prevent, Detect Respond
• Focus on Technological Crime and Forensics
• Technological Crime Trends
• Business Impact/ Potential Risk
• Computer Forensics
• Forensic Tools
• Technology as an Investigation tool
• Recommendations
• QA

3
Risk Mitigation

• Technological Crime Investigators
• Understand the value of the business assets.
• Identify the threats in the environment.
• Review security measures in place.
• Mitigate residual risk to an acceptable level.

4
Prevent, Detect and Respond Strategies

• Prevent the act of preventing the unwanted event
• The best protection
• Anti-Skimming Devices
• Monitors Systems
• Staff and Customer Education, Training/Awareness
• Detect the act of detecting the unwanted event
• Identification of high risk customers and
  services.
• Detection of attacks either being planned or in
  progress.
• Respond after the fact investigation
• Investigations gather facts, reports to business
  lines with recommendations and risk assessments.

5
Focus on Technological Crime and Forensics

• Profile of an Investigator
• Manage and respond to time sensitive Electronic
  Crime Investigations.
• Intelligence analysis used to identify new
  suspect profiles that may be involved in money
  laundering, fraud or other criminal activity.
• The identification of new technological crime
  trends and exploit vectors.
• Provide computer forensic support to
  investigations such as Defalcation, Irregular
  practice, Bank Card Fraud, etc.
• Provide technical assistance in personal security
  incidents.

6
Technological Crime Trends

• Computer crimes have become increasingly common
  due to the prevalence of computers today. As
  technology advances and becomes more
  sophisticated, so does computer-based crime.
  Computers have been used for embezzlement, money
  laundering, fraud, organized crime and various
  other illegal activities, e.g. identity theft.
• Note Computer and cyber forensics as well as
  electronic surveillance are now common tools used
  to investigate fraud.

7
Technological Crime Trends - Continue

• Phishing - A form of social engineering personal
  information from victims (customers) via spoofed
  emails/websites.
• Pharming Criminals hack a Domain Name Server,
  or a users computer/wireless router, to direct
  unsuspecting individuals to a fake website to
  steal their user ID and password.
• Crimeware - Malicious software/hardware that can
  infect the victims (customers) computer to
  capture, record and transmit data to be used
  fraudulently. e.g. keyloggers, trojans.

8
Technological Crime Trends - Continue

• Online Social Networks websites that allow
  people of common interest to share experiences.
  In the social networking site Myspace, the
  fraudsters have discovered ways to inject
  malicious code and deceive users to divulge
  confidential information.
• Vishing - Is also a social engineering method
  that incorporates the use of Voice Over Internet
  Protocol (VOIP) and traditional phishing tactics
  to garner confidential personal information.
• Skimming (ATM/POS) - is where the data in the
  card's magnetic strip is copied to a duplicate
  card without the card owner's knowledge

9
Technological Crime Trends - Continue

• Mobile Devices - is a pocket-sized computing
  device, typically utilizing a small visual
  display screen for user output and a miniaturized
  keyboard for user input. May result in
  confidential information being lost
• Unsecured data warehouses and/or tape backup
  delivery channels - Security breach resulting in
  loss of confidential information, putting
  consumers and organizations at risk of crimes,
  such as identity theft.
• Regulations - Compliance with SOX, AML/ATF, Basil
  II and others regulatory requirements are driving
  security improvements and policy.

10
Business Impact/ Potential Risk

• Reputation Risk
• Identity Theft
• Financial Losses
• Information leakage and targeted attacks

• Threat to network security
• Hinder user productivity
• Bandwidth Consumption
• Legal Risk

11
Computer Forensics

• The simple definition of computer forensics
• ... is the art and science of applying computer
  science to aid the legal process
• Computer forensics is done in a fashion that
  adheres to the standards of evidence that are
  admissible in a court of law
• e-discovery, requires the proper tools and
  qualifications to meet the Court's procedural
  criteria

12
Forensic Tools

• Digital Media Acquisition Examination
• Computer Hard Drive
• DVD
• USB
• Phones
• Smart phones
• Servers
• Email accounts
• Log analysis
• Web logs
• Systems logs
• Application logs
• Telephone logs

13
Technology as an Investigation tool

• Types of Investigations
• Irregular Practices
• Insider Threats
• Fraud Investigations
• Money Laundering and Terrorist Financing
• Harassment
• Inappropriate Internet Use
• Pornography
• Privacy
• Technological Tools
• Email Analysis
• Forensic Analysis of Digital Media
• Forensic Analysis of Systems
• Cyber Forensics

14
Recommendations

• We need to focus on understanding and mitigating
  fraud related risks
• We all need to embrace the idea of becoming
  Anti-Fraud Professionals
• Employee, customer and police awareness training
• Security development training
• Implantation of new technology such as one time
  passwords and anti-skimming devices
• Separation of duties in critical security
  functions
• Strict policy restrictions
• Regular auditing
• Monitoring systems/trigger programs
• Adequate logging
• Encryption

15

• Thank you!

Gina Carletti, Bcomm - ITM, CISSP Senior
Manager Technological Crime Forensics Tel
(416) 933-3020 Mobile (647) 282-7067 Email
gina.Carletti_at_scotiabank.com