Embed Size (px)
Citation preview
Bank Crime Investigation
Techniques by means of Forensic IT
Technological Crime Trends
Gina Carletti’s Scotiabank
Canada
Agenda
Risk MitigationPrevent, Detect & RespondFocus on Technological Crime and ForensicsTechnological Crime TrendsBusiness Impact/ Potential RiskComputer ForensicsForensic ToolsTechnology as an Investigation tool RecommendationsQ&A
Risk Mitigation
Technological Crime Investigators:
Understand the value of the business assets.
Identify the threats in the environment.
Review security measures in place.
Mitigate residual risk to an acceptable level.
Prevent, Detect and Respond Strategies
Prevent: the act of preventing the unwanted event
The best protectionAnti-Skimming DevicesMonitors SystemsStaff and Customer Education, Training/Awareness
Detect: the act of detecting the unwanted event
Identification of high risk customers and services.Detection of attacks either being planned or in progress.
Respond: after the fact investigationInvestigations gather facts, reports to business lines with recommendations and risk assessments.
Focus on Technological Crime and Forensics
Profile of an Investigator
Manage and respond to time sensitive Electronic Crime Investigations.
Intelligence analysis used to identify new suspect profiles that may be involved in money laundering, fraud or other criminal activity.
The identification of new technological crime trends and exploit vectors.
Provide computer forensic support to investigations such as: Defalcation, Irregular practice, Bank Card Fraud, etc.
Provide technical assistance in personal security incidents.
Technological Crime Trends
Computer crimes have become increasingly common due to the prevalence of computers today. As technology advances and becomes more sophisticated, so does computer-based crime. Computers have been used for embezzlement, money laundering, fraud, organized crime and various other illegal activities, e.g. identity theft.
Note: Computer and cyber forensics as well as electronic surveillance are now common tools used to investigate fraud.
Technological Crime Trends - Continue…
Phishing - A form of social engineering personal information from victims (customers) via spoofed emails/websites.
Pharming – Criminals hack a Domain Name Server, or a user’s computer/wireless router, to direct unsuspecting individuals to a fake website to steal their user ID and password.
Crimeware - Malicious software/hardware that can infect the victim’s (customers) computer to capture, record and transmit data to be used fraudulently. e.g. keyloggers, trojans.
Technological Crime Trends - Continue…
Online Social Networks – websites that allow people of common interest to share experiences. In the social networking site Myspace, the fraudsters have discovered ways to inject malicious code and deceive users to divulge confidential information.
Vishing - Is also a social engineering method that incorporates the use of Voice Over Internet Protocol (VOIP) and traditional phishing tactics to garner confidential personal information.
Skimming (ATM/POS) - is where the data in the card's magnetic strip is copied to a duplicate card without the card owner's knowledge
Technological Crime Trends - Continue…
Mobile Devices - is a pocket-sized computing device, typically utilizing a small visual display screen for user output and a miniaturized keyboard for user input. May result in confidential information being lost
Unsecured data warehouses and/or tape backup delivery channels - Security breach resulting in loss of confidential information, putting consumers and organizations at risk of crimes, such as identity theft.
Regulations - Compliance with SOX, AML/ATF, Basil II and others regulatory requirements are driving security improvements and policy.
Business Impact/ Potential Risk
Reputation Risk
Identity Theft
Financial Losses
Information leakage and targeted attacks
Threat to network security
Hinder user productivity
Bandwidth Consumption
Legal Risk
Computer Forensics
The simple definition of computer forensics... is the art and science of applying computer science to aid the legal
process
Computer forensics is done in a fashion that adheres to the standards of evidence that are admissible in a court of law
e-discovery, requires the proper tools and qualifications to meet the Court's procedural criteria
Forensic Tools
Digital Media Acquisition & ExaminationComputer Hard DriveDVDUSBPhonesSmart phonesServersEmail accounts
Log analysis:Web logsSystems logsApplication logsTelephone logs
Technology as an Investigation tool
Types of Investigations:Irregular PracticesInsider ThreatsFraud InvestigationsMoney Laundering and Terrorist FinancingHarassment Inappropriate Internet UsePornographyPrivacy
Technological Tools:Email AnalysisForensic Analysis of Digital MediaForensic Analysis of SystemsCyber Forensics
Recommendations
We need to focus on understanding and mitigating fraud related risks
We all need to embrace the idea of becoming “Anti-Fraud Professionals”
Employee, customer and police awareness training
Security development training
Implantation of new technology such as: one time passwords and anti-skimming devices
Separation of duties in critical security functions
Strict policy restrictions
Regular auditing
Monitoring systems/trigger programs
Adequate logging
Encryption
Thank you!
Gina Carletti, Bcomm - ITM, CISSPSenior ManagerTechnological Crime & ForensicsTel: (416) 933-3020Mobile: (647) 282-7067Email: [email protected]
