Objective

• To assess the impact of technology on the ability to more effectively commit white collar crime
• To assess the impact of technology on the ability to investigate and prosecute white collar crime.

Introduction

The continuing growth of computer use and technology throughout the world of business and government is steadily adding new horizons to the problem of white collar crime. Procedures for transferring, exchanging, and keeping records of money, securities, titles, and money substitutes such as checking accounts, credit cards, letters of credit, and money orders, are done by use of computer and data communications technology. Negotiable securities, bank accounts, accounts payable, credit ratings, etc., are now stored digitally as data within a server and transferred from one place to another through the internet or by satellite.

In spite of all businesses and individuals conducting transactions in the digital world, in practically all white collar crime some form of “paper” is used as a means of deception or as a tool for concealing the true purpose of a transaction.

The ability to conceal transactions is enhanced by the computer. In a matter of seconds a computer can be instructed to transfer large amounts of money and the instruction can be just as easily removed leaving no trace of the fact that a temporary change was made inside the computer. A computer can deal with large volumes of data at very low cost, increasing the possibility of creating large groups of victims in a single act, such as creating large numbers of “personalized” letters, paychecks, or as in the Equity Funding case discussed below, insurance policies.

Technology dominates processes for control of inventories, so that large-scale thefts of goods can be executed and cover-ups manipulated through digital systems. Padded payrolls or fictitious payees can be invented and paid, and false verifying documentation can be entered into these systems, making the transactions difficult to identify.

Through the use of computers, individuals and groups who perpetrate frauds and embezzlements enhance their method of operation and create new takes on old scams, enabling them to steal larger amounts of money while at the same time lessening the chance of detection. For example, an early case of embezzlement by computer occurred over a period of three years, garnered the perpetrator over $1.5 million and was detected by accident. In this case the chief teller of a New York savings bank received a customer’s deposits, pocketed the money, and typed into the computer the information and instructions necessary to transfer money into the customer’s account from one of hundreds of other accounts which had shown little or no activity for several years. Every three months the chief teller temporarily transferred the “electronic money” back to the appropriate account for the purpose of calculating quarterly interest. Whereas this elementary bookkeeping manipulation could easily have been detected by a system audit this did not happen. The embezzlement was detected when the New York Police raided a bookie, found that one of the bookie’s best customers had at times bet $30,000 in a day. A background check of the bettor revealed that he was the chief teller of the savings bank who earned only $11,000 per year.

The Equity Funding Insurance fraud is an example of a case in which technology served as an essential tool for accomplishing a major fraud which clearly will ultimately result in well over $100,000,000 in losses to stockholders, customers and reinsurers, and involved manipulation of over $2 billion in money and assets. This fraud involved mass conspiracy and continued for many years; it never could have reached such vast proportions or lasted so long without the aid of computers. To sustain its image as a successful company and satisfy its need for cash during a recession period in which sales of its special mutual fund/insurance package dropped alarmingly, the Equity Company produced fake insurance policies. The fake policies which were recorded in the computer were sold for cash to other insurance companies in the business of reinsurance. The company was thus able to report steadily increasing earnings during a recession which caused the price of its stock to rise considerably. When, after viewing the computer printouts, the auditors for the reinsurers asked to see the actual original paperwork, such as policy applications and policies, they were stalled until forgeries of these documents could be produced by a division of the company set aside solely for the purpose of producing such forgeries. The executives from whom the auditors requested the spot check of original documents were able to tell which of the requested documents had to be specially forged by noting a secret code number on the computer printout. The computer also was programmed with a special code which caused the system to skip the billing procedure on fake policies.

More recently, in 1976, a criminal group simply used a file clerk in the office of a nationwide credit reporting company to alter the credit rating data entered into the computer. Individuals with poor credit ratings were solicited and were willing to pay as much as $1,500 to have their ratings altered. These altered credit ratings made it possible to victimize nationally known credit card companies, banks, department stores, and other businesses.

Technology also introduces people who might otherwise never commit a crime, such as people who write the instructions (program the computer), people who provide original data to the computer or who convert data from the English language into language or symbols which the computer deals with; and people who operate and maintain computers. These ‘opportunists’ exploit weaknesses in technology systems.

But technology, even though only a tool to manipulate data, is often felt to be a mysterious monster beyond understanding as related to the needs of the average law enforcement investigator. Understanding technology is no more of a problem to the white collar crime investigator than understanding financial investigation, banking procedures, accounting, sale and transfer of securities, and similar specialized areas. Just as the white collar crime investigator should learn how to recognize a problem in these areas and when to seek expert assistance, he should do so when confronted with technology related investigation issues.

The purpose of this chapter is to cut through the mystery and technical confusions which frequently inhibit investigators who should deal with computer issues. It is not intended to make the reader an expert on computers, or to address the very considerable technical issues which technology presents. Rather, it is to give the investigator a basis for dealing with these computer issues as they arise, to develop some sense as to when and where he will need expert assistance in this field, and to help him communicate with these experts.

In addition, the investigator should also consider the utility of the computer, not only as a tool for fraud, but also as a tool to assist law enforcement in fraud investigation. The computer’s ability to handle and analyze large amounts of information in an organized manner may be of great assistance in analysis of situations, to help detect patterns of possible fraudulent activity, and even to determine the modus operandi of a crime. Examples of such use will be discussed later in this chapter.

COMPUTERS IN BUSINESS DATA PROCESSING

What is Business Data Processing?

Business data processing deals with a flow of information needed to run a business. In manufacturing and selling types of businesses, such information might be divided into many separately processed elements such as payroll, accounts receivable, accounts payable, inventory control, production scheduling, sales scheduling, production monitoring, sales monitoring, cost analysis, general ledger accounting, etc. Many of these sale elements also would be pertinent to banking insurance securities, publishing and other businesses which also have need for other specialized types of information such as loan payment accounting, demand deposit accounting, premium payment accounting, policy files, pension payments, customer securities accounts, direct mail addressing, subscription lists, etc. Government agencies use computers to process information elements such as payroll, tax registers, purchasing control, traffic violations, and licensed vehicle numbers.

COMPUTER-RELATED CRIME AND INVESTIGATION

What was once commonly referred to as computer crime, is currently known in professional investigative circles as Cyber Crime. The term Cyber Crime, better reflects the full spectrum of technology used to commit or facilitate crime. The nature, prevalence, and impact of cyber intrusions against businesses in the United States is on the rise. There are three general types of cybercrime:

1. Cyber attacks are crimes in which the computer system is the target. Cyber attacks consist of computer viruses (including worms and Trojan horses), denial of service attacks, and electronic vandalism or sabotage

1. Cyber theft comprises crimes in which a computer is used to steal money or other things of value. Cyber theft includes embezzlement, fraud, theft of intellectual property, and theft of personal or financial data

1. Other computer security incidents encompass spyware, adware, hacking, phishing, spoofing, pinging, port scanning, and theft of other information, regardless of whether the breach was successful

According to the Bureau of Justice Statistics survey, In 2005, among 7,818 businesses-

1. 67% detected at least one cybercrime

1. Nearly 60% detected one or more types of cyber attack

1. 11% detected cyber theft

1. 24% detected other computer security incidents

1. Most businesses did not report cyber attacks to law enforcement authorities

1. The majority of victimized businesses (86%) detected multiple incidents, with half of these (43%) detecting 10 or more incidents during the year

1. Approximately 68% of the victims of cyber theft sustained monetary loss of $10,000 or more. By comparison, 34% of the businesses detecting cyber attacks and 31% of businesses detecting other computer security incidents lost more than $10,000

1. System downtime lasted between 1 and 24 hours for half of the businesses and more than 24 hours for a third of businesses detecting cyber attacks or other computer security incidents.

Cyber crime also includes attacks against individuals through fraud, theft, and other crimes. Basically any crime that can be committed, can probably be executed more efficiently with technology. The cyber investigator assigned to, or supporting white collar crime investigations, must be knowledgable in all aspects of technology crime.

Business implications

Technology has created revolutionary changes in the record keeping and bookkeeping systems used in businesses and government. The operational procedures which businesses and government use depend less and less on visual reviews of individual transactions. For example, in non-computerized business data processing, there are a number of checkpoints where the flow of paperwork would stop completely if certain actions were not taken. It might be that a Mr. Jones in the accounting department will not approve a request for payment until he has physical possession of documents from both the purchasing department and the receiving department, indicating with appropriate signatures that the item had in fact been ordered and received.

In automated systems there is less reliance on the usual check by Mr. Jones, and more reliance on checks generated by the automated system itself . As another example, on a payroll system it may be a clerk who makes changes in an employee’s master file, for example, pay rates, deductions, etc. Between the clerk and the hard drives which stores these data, there may be no visual review, enabling a crooked clerk to change the master file with ease. Operational procedures have advanced to a point where business and government now employ automated means for producing all their records such as payroll accounting can be virtually handled, including the pre-signing, printing and mailing of checks.

New procedures, of which the above are only a small sample, combined with rapid growth of new types of specialized technology workers, who are sometimes transient in nature in their employment, and therefore often untested by time and service in their employment, make the computer highly vulnerable to misuse and abuse. The computer has created new opportunities for accomplishing embezzlement and fraud or theft of property or valuable information. By virtue of its entry into every phase of living, the computer’s importance has grown to a point where it has become an object for attack or sabotage.

The problem of investigating cases which involve computers are little different from cases which involve other white collar crime weapons such as false financial statements, false invoices, worthless securities, false entries in accounting ledgers, and the like. In the case of computers, the specific weapon might be a false entry in an output document or a false computer program, with the following complication:

1. Large transactions can be accomplished in a matter of seconds.

1. System complexity makes it difficult to detect errors, and even harder to detect a program change which has been changed back again.

The investigator must use all the investigative techniques discussed elsewhere in this book in approaching a computer-aided crime. As would be the case in obtaining expert technical assistance from an accountant in examining a complex set of books, so too should the investigator obtain expert assistance when necessary to examine and deal with the contents of a computer system.

The following examples are presented for the purpose of indicating the variety of crimes in which computers served as an essential tool, to help with recognition of those factors which determine the investigator’s role when confronted with the computer-related crime.

EXAMPLE

In 1976 a management consultant providing doctors with services such as obtaining payment for back medical billings (for which he received a 25% fee) learned through acquaintances in Blue Shield and through examination of Blue Shield’s computer manuals, that the computer system was programmed to examine the dates, as well as the other specifics on requests for payment.

If the date on the request for payment was less than a year old, the computer was programmed to recognize it as a possible duplicate, on the presumption that monthly bills are sent out and that the most recent could have been sent while payment was in the mail. However, if the date was over a year old, even though all other information was the same, the computer was not programmed to consider the possibility that the request was a duplicate. The consultant arranged to meet and eventually conspired with the claims supervisor to submit duplicate claims from his various clients dated over one year old. The conspirators ran a test claim, found that it worked, and started to file duplicate claims.

The Blue Shield computer fraud was discovered as an ancillary result of hearings being held by a commission investigating fiscal management in the state’s Department of Health. The investigation involved all standard investigative procedures such as:

1. Interviews with the doctors and their office personnel

1. Interviews with Blue Shield personnel

1. Identification of the suspect, criminal history check, and identification of associates

1. Interrogation of suspect who at first denied knowledge and subsequently confessed and agreed to cooperate

1. Submittal of “marked” claims to the claims supervisor to further test the system and gather evidence of the insider’s operations

1. Obtaining search warrants on suspect’s house, Blue Shield, and all banks used by conspirators

An added feature of this case was the employment of a state government computer consultant, interviews with Blue Shield computer personnel, and interviews with the defendants for the purpose of making recommendations for changes in the Blue Shield claims processing system.

The investigator’s attention is particularly directed to the following facts:

1. No computer program changes were required to commit the fraud

1. Collusion by an insider was required

1. The investigation was performed by investigators with no special qualifications in technology

Other cases

One of the most famous cases of fraud occurred in 1973 when a graduate student with expertise in computers found a set of a telephone company’s computer system instructions in a garbage can. These documents gave him the entry code into the telephone company’s computer system and also the quarterly loss figures allowed by the company on its various materials and repair parts distributed to its personnel in the field. Using a touch-tone telephone, the schemer entered orders for items from the company’s systems manual, which he had obtained by befriending some telephone company personnel. To prevent detection by establishing a pattern, he varied the parts orders by quantity and location. He also kept the orders within the loss allowance so as not to exceed the tolerance programmed into the computer.

The fraud continued for two years and involved over one million dollars. It was discovered only through the report of an informant. The defendant at his trial rationalized that he wasn’t really stealing because there was no loss.

The investigator should note from this case the difficulty in detecting certain computer crimes and the involvement of persons not normally involved in criminal activity.

There are numerous individual variations of computer-related criminal approaches which have surfaced, such as the following:

A payroll programmer chopped a few cents off each paycheck and added them to his own. Note that the company’s accounts balanced.

Two clerks in a bank worked in the section that handled mutilated checks. Mutilated checks could not be handled by the computer equipment which reads the magnetic ink character record at the bottom of all checks. The clerks deliberately mutilated their checks so the computer would reject them. When the checks were delivered to their section, they just threw them away so that their own accounts would not be charged with the checks they had written.

A bank programmer whose program calculated savings account interest, instead of dropping off fractions of pennies, had them added to his own account.

A computer consultant found a blank form used for adding a new employee to the company payroll. He added his own name to the payroll list and picked up his check as it came off the automatic check writing equipment. Note the ease with which a visiting outsider gained access.

Two systems analysts set up their own company while working for another company that sold metal ores. Their own company bought ore from their employer and sold the same ore back to their employer at a profit. The entire transactions were accomplished by a computer which they controlled.

A computer expert working for a bank typed his own bank account number on hundreds of blank bank deposit slips. He took actual deposits from various firms, replaced their deposit slips with his own, writing in the firm’s account number and handling the deposit slips and money to the tellers. Because the computer thief used a magnetic typewriter and because he knew that the computer was programmed to read the magnetic tape before any other notations, all the money went into his own account. He collected $50,000 in one day.

The above examples and those discussed earlier in this chapter by no means exhaust the possibilities of technology crimes. They have been discussed here primarily to show that while the investigator will often require the assistance and advice of those who are familiar with computer applications and technology, the crimes themselves differ only in mechanics, but not in substance from other white collar crimes. The investigator’s own role is central and essentially unchanged merely because computers are involved.

POTENTIAL COMPUTER WHITE COLLAR CRIME PERPETRATORS

The following provides a general idea of the possible perpetrators of white collar computer-related crimes, and their modus operandi:

Systems Programmers

1. Deliberate installation of errors or logical oversights into the computer program providing a weak point which can be exploited over again and again

1. Disclosure of protective measures to outsiders

1. Disabling or neutralizing the protective features of programs

Computer Operators/Data Entry

1. Deliberate substitution of programs which have been tampered with

1. Disclosure of organizational and procedural safeguards

1. Copying of files for sale to competitors or other buyers

Maintenance Personnel

1. Use of test programs to examine or copy files or alter system programs

1. Disabling protective hardware.

Users

1. Impersonation of other users

1. Falsifying own files to deceive third parties

1. Penetration of operating system and alteration of object programs

SUMMARY

All investigators are concerned with the storage and retrieval of information ranging from investigative leads to evidence. Investigators store such information in their heads, on scraps of paper, in narrative reports, and in indexed manual filing systems. Law enforcement agencies use computers for storage and retrieval of many varieties of information. This section describes some uses of computers for analytical aid in investigation of white collar crime.

The investigator should visualize the computer as an immense filing cabinet in which almost unlimited amounts of information can be stored, and from which the information can be retrieved in a form designed specifically for his needs including reports, videos, photograph, documents, and audio recordings. This would be a cabinet in which it would hardly matter in what particular drawer a particular bit of information is located, or how long it has been in there since the computer provides almost instantaneous examination of the cabinet’s total contents. This imagined system is practically attainable if the investigator is able to effectively categorize or index the desired information. Even when an investigator cannot put ail desired information from a report into the computer, he can have the computer direct him to the location of the original document which contains the information.

The computer’s ability to store and organize vast amounts of information, and to be programmed for easy retrieval of this information in any order or form desired by the user, makes its use an excellent way for an investigator to store information on complex cases which cover long periods of time. Many cases involve large amounts of details which are difficult to keep track of manually. The computer can also be used to monitor any data for the purpose of identifying significant patterns which might be of interest to the investigator, such as who communicated with whom, and how often, over what period of time, etc.

The National Institute of Justice provides links to free or low cost investigative software at http://www.nij.gov/topics/technology/pages/software-tools.aspx#lawenforcementinvestigation.

Student Case study FIVE – Stock Fraud

Assignment

1. Review the case study then, using open source research, identify a stock fraud scheme and summarize the key elements of the crime.

1. What special skills would an investigator need to investigate this type of crime?

Overview

How ‘Pump and Dump’ Works. First, there’s the glowing press release about a company, usually on its financial health or some new product or innovation.

Then, newsletters that purport to offer unbiased recommendations may suddenly tout the company as the latest “hot” stock. Messages in chat rooms and bulletin board postings may urge you to buy the stock quickly or to sell before the price goes down. Or you may even hear the company mentioned by a radio or TV analyst.

Unsuspecting investors then purchase the stock in droves, pumping up the price. But when the fraudsters behind the scheme sell their shares at the peak and stop hyping the stock, the price plummets, and innocent investors lose their money.

Fraudsters frequently use this ploy with small, thinly traded companies because it’s easier to manipulate a stock when there’s little or no information available about the company. To steer clear of potential scams, always investigate before you invest.

FBI Press release – CEO sentenced to 240 months in prison 9/24/2007

The major shareholder who also served as Chairman and CEO of TeleServices Internet Group, Inc., was sentenced to 240 months in federal prison today for operating an intricate stock fraud and money laundering scheme that cost public investors more than $15 million in losses, US Attorney Christopher J. Christie announced.

On April 9, 2007, after four hours of deliberations, a jury convicted Robert P. Gordon, 57, of St. Petersburg, Fla., of both counts contained in a two-count Superseding Indictment that was returned on Nov. 1, 2006. Gordon was convicted on one count each of conspiracy to commit securities and wire fraud and conspiracy to commit money laundering.

According to the Indictment, Gordon was the major shareholder of TeleServices Internet Group, Inc. (TSIG) and served, at various times, as the company’s CEO, CFO, chairman and director. Gordon was also the founder and chairman of Phoenix Information Systems, Inc. (Phoenix)

In convicting Gordon, the jury found that he, along with at least eight others, operated a scheme in which they used deceptive and manipulative practices in connection with the fraudulent issuance, purchase and resale of stock of TSIG from December 1996 through November 2001.

TSIG stock was publicly traded on the Over the Counter Electronic Bulletin Board System. According to the Indictment, the conspiracy involved Gordon as the chairman of TSIG, at least four licensed securities brokers, two of whom resided and worked in New Jersey, a securities attorney from Denver, Colo., and a Canadian securities broker employed at Union Securities in Vancouver.

The jury found that Gordon, with the assistance of other insiders, was able to secretly gain control of nearly 100 million free-trading shares of TSIG stock and sold those shares in the public marketplace to unsuspecting investors. In the end, Gordon and co-conspirators received millions of dollars, leaving unsuspecting investors with worthless or near worthless stock.

For instance, Gordon and several of his co-conspirators executed fraudulent agreements between TSIG and offshore entities, which they secretly controlled. Typically, the offshore entities were located in the Cayman Islands.

Gordon and his co-conspirators also entered into fraudulent consulting agreements with other entities. The consulting agreements falsely indicated that the entities provided a service to TSIG and in exchange, in lieu of monetary payment, the co-conspirators caused millions of shares of the TSIG stock to be issued in the name of the entities, according to trial testimony and evidence. The fraudulent consulting agreements allowed the co-conspirators to bypass federal securities registration requirements, including, among other things, full and complete disclosure of insider transactions.

The fraudulently received shares were then laundered through brokerage accounts that were controlled by co-conspirators and maintained in Canada and the United States. Over time, those shares were systematically sold utilizing the services of the co-conspiring licensed securities brokers, who would sustain the stock’s per share price through orchestrated transactions using prearranged sale and purchase prices. Often, the brokers purchased the TSIG shares for their retail customers’ portfolios without the customer’s authorization. Afterward, the ill-gotten proceeds were often laundered by wire transferring those funds from the brokerage accounts to an attorney trust account located in Denver and then dispersed to the co-conspirators. In total, the co-conspirators received approximately $15 million through their fraud scheme.

All of Gordon’s remaining co-conspirators have pleaded guilty and are awaiting sentencing.

Parole has been abolished in the federal system. Defendants who are given custodial terms must serve nearly all that time.