Downloading: using computer software as an investigative tool.Consider the following scenario. At 9 o'clock one Monday morning, the owner of a local business makes a frantic call to your agency's fraud unit. She reports that she arrived at work early that morning and was surprised to find the office manager, a 5-year employee, already busy at the computer. He appeared extremely nervous, and as the owner approached the computer, she discovered that he had gained unauthorized access to the company's payroll files. When asked why, the office manager nervously responded that he thought the system had miscalculated the withholdings on his last paycheck, and he was only "checking it out." Suspicious of this response, the owner checked the computer's access log for the payroll system, something she had not done for some time. Her inquiry revealed that the office manager had accessed the system before and after each payday for the past year. Investigating further, the owner made a startling star·tle v. star·tled, star·tling, star·tles v.tr. 1. To cause to make a quick involuntary movement or start. 2. To alarm, frighten, or surprise suddenly. See Synonyms at frighten. discovery. The company that prepares her firm's checks had been issuing 60 paychecks every pay period, even though she employs only 55 people. Confronted with the discrepancy, the office manager admitted to "borrowing" some funds. Heavy drinking
When the police responded, the owner promised to cooperate with the investigation. Yet, she also informed the officers that she could not afford to have her business disrupted in any way. This unfortunate business owner had fallen victim to a computer manipulation crime, an offense that involves changing data or creating records in a computer system to commit another crime,(1) in this scenario, embezzlement embezzlement, wrongful use, for one's own selfish ends, of the property of another when that property has been legally entrusted to one. Such an act was not larceny at common law because larceny was committed only when property was acquired by a "felonious taking," i. . Although the law enforcement community has recognized the seriousness of these crimes for more than a decade,(2) investigations typically have been complicated, time-consuming, and disruptive to the victim's business operations Business operations are those activities involved in the running of a business for the purpose of producing value for the stakeholders. Compare business processes. The outcome of business operations is the harvesting of value from assets . However, using a technique known as downloading, law enforcement agencies A law enforcement agency (LEA) is a term used to describe any agency which enforces the law. This may be a local or state police, federal agencies such as the Federal Bureau of Investigation (FBI) or the Drug Enforcement Administration (DEA). now can use their computer software as an investigative tool to solve computer manipulation crimes quickly and easily. NOT FOR COMPUTER EXPERTS ONLY Downloading is the process of transferring a computer program, file, or other electronic information from a remote database or other computer to a user's own computer.(3) When investigating computer manipulation crimes, law enforcement officers can download the victim's computerized financial records to a disk, return to their office, and use their agency's software to reorganize re·or·gan·ize v. re·or·gan·ized, re·or·gan·iz·ing, re·or·gan·iz·es v.tr. To organize again or anew. v.intr. To undergo or effect changes in organization. the data into a format that enables them to detect falsifications. Specifically, downloading enables investigators to sort, select, and organize entries in whatever manner the investigation demands. This method makes analyzing the data much easier than manually examining journals, ledgers, or check registers in whatever manner the entries might be organized, such as by date or check number. Investigators can examine only those entries that may be evidence of a crime - such as checks with false payees, fictitious Based upon a fabrication or pretense. A fictitious name is an assumed name that differs from an individual's actual name. A fictitious action is a lawsuit brought not for the adjudication of an actual controversy between the parties but merely for the purpose of voided void·ed adj. Heraldry Having the central area cut out or left vacant, leaving an outline or narrow border: a voided lozenge. checks, or checks for large dollar amounts - without searching every computer entry and every canceled check by hand. By reducing the number of computer entries investigators need to compare to hard-copy evidence (for example, canceled checks, vouchers, or invoices), downloading permits easy detection of any discrepancy and/or falsification falsification /fal·si·fi·ca·tion/ (fawl?si-fi-ka´shun) lying. retrospective falsification unconscious distortion of past experiences to conform to present emotional needs. the embezzler embezzler n. a person who commits the crime of embezzlement by fraudulently taking funds or property of an employer or trust. used to conceal the crime. In short, downloading allows law enforcement agencies to use commercially available software to analyze volumes of data without seizing computer equipment, disrupting the victim's business, and manually searching every piece of evidence. Downloading possesses clear advantages over the methods traditionally used to investigate computer manipulation crimes. TRADITIONAL INVESTIGATIVE METHODS Some investigators note that investigations into computer manipulation crimes comprise 90-percent detective work and 10-percent computer work.(4) This division between detective and computer work also is reflected in the two types of software law enforcement officers traditionally have used to solve these crimes - investigative and application software. Investigative Software Investigative software allows users to search computer systems, particularly the computer's hard drive, for hidden files or data, that subjects sometimes conceal in a deliberate attempt to thwart law enforcement. For instance, drug traffickers Noun 1. drug trafficker - an unlicensed dealer in illegal drugs drug dealer, drug peddler, peddler, pusher criminal, crook, felon, malefactor, outlaw - someone who has committed a crime or has been legally convicted of a crime might hide information about their foreign bank accounts on a hard drive. Investigative software packages typically prove most useful in cases involving uncooperative subjects whose business is crime. In such cases, investigators must serve a search warrant and seize all of the components of the computer system,(5) a cumbersome, time-consuming, and disruptive process. In computer manipulation cases, however, subjects most often commit their crimes against their employer, who operates a legitimate business. Furthermore, these subjects usually have limited computer expertise; rather, they have a general understanding of how the victim's computer system works and where its weaknesses lie. This limited knowledge allows them to manipulate the system, but not to hide files. For this reason, traditional investigative software is inappropriate in these types of crimes.(6) Application Software Investigators primarily use application software - which includes programs for word processing word processing, use of a computer program or a dedicated hardware and software package to write, edit, format, and print a document. Text is most commonly entered using a keyboard similar to a typewriter's, although handwritten input (see pen-based computer) and , spreadsheet, and database functions - to document and later to present their findings to the proper authorities. By doing so, they do not use the software to its fullest potential. Because of increased compatibility among computer systems, many of today's application software packages permit the easy downloading of data created in other software packages. As a result, white-collar crime white-collar crime, term coined by Edward Sutherland for nonviolent crimes committed by corporations or individuals such as office workers or sales personnel (see white-collar workers) in the course of their business activities. investigators can use today's application software to do more than write reports and present evidence. With the ability to download, investigators can use application software as an investigative tool. GUIDELINES guidelines, n.pl a set of standards, criteria, or specifications to be used or followed in the performance of certain tasks. FOR DOWNLOADING EVIDENCE Preparation Investigators first should try downloading on a small scale, such as in a case where an embezzler only had access to the computer for a short time or where the organization's receipts or disbursements are small. By starting out with smaller cases, investigators will gain the experience and confidence they need to solve those cases involving greater amounts of data. As with any new investigative technique, before downloading, investigators must become thoroughly familiar with the functions and limitations of their agency's application software. In particular, they should know what data files it can translate into a readable format. Procedures First and foremost, investigators must secure the victim's system. This ensures that the subject no longer can access the system to change or destroy data, or worse, to steal additional funds. Methods to secure the victim's system vary, but generally they consist of changing the passwords for all users and from all points of entry, including computers in the office and telephone lines that allow users to access the system from remote locations. The subject also must be prevented from entering the premises after the passwords have been changed, which may mean placing the subject on administrative leave and notifying co-workers that this person no longer has clearance to enter the workplace. After securing the system, investigators should determine what software the company uses to maintain its financial data. Some small companies contract with computer firms for customized financial software packages, and as a result, may not know what format they use. Fortunately, these computer firms often customize a product by making only minor modifications in a standard software program. In such cases, investigators can determine which program the victim uses by viewing a directory of its financial files and checking the three-symbol extension after each file name. For example, WKS Lotus 1-2-3, Version 1A file extension. and WK1 represent two types of Lotus[R] software. If the victim and the agency use the same file format, the downloading process entails merely copying the necessary files to a disk. If not, the company's system or the agency's software may be able to convert the data into a compatible format. Specifically, if the victim's or agency's software can save the file in the American Standard Character Information Interchange (ASCII ASCII or American Standard Code for Information Interchange, a set of codes used to represent letters, numbers, a few symbols, and control characters. Originally designed for teletype operations, it has found wide application in computers. ), a standard data information format, then any spreadsheet or database program can read the file. Although not all software packages can convert data to ASCII, they can transmit data to a printer and produce a hard copy of the file. By the same token, with a slight variation in print commands, users can send data to a file instead of to the printer. Once created, this print file can be copied to a disk. Special software, called a print file reader, can read the data and convert it to a format that the agency's application software will understand. Downloading's Investigative Counterparts In addition to downloading, investigators can use the password-based security controls built into many computer systems to discover who made the fraudulent entries and when. In many cases, computer access logs reveal that suspects enter the system after-hours and on weekends, when they have no legitimate reason to do so. In such cases, suspects will be hard-pressed to deny the evidence, as well as to explain why they needed to access the computer system at times when no one could witness their actions. LEGAL CONSIDERATIONS Although law enforcement officers traditionally have seized entire computer systems to investigate white-collar crimes, victims of computer manipulation cases usually cannot afford to have their businesses disrupted in this manner. Downloading allows investigators to access computerized records without removing the computer itself. Still, search warrants may be required, and investigators should consult their department's legal advisor or the local prosecutor for guidance. Another important area of consideration involves the admissibility ad·mis·si·ble adj. 1. That can be accepted; allowable: admissible evidence. 2. Worthy of admission. ad·mis of computerized records in court. In general, computerized records are subject to the hearsay rule hearsay rule n. the basic rule that testimony or documents which quote persons not in court are not admissible. Because the person who supposedly knew the facts is not in court to state his/her exact words, the trier of fact cannot judge the demeanor and credibility , the best evidence rule, and the authentication (1) Verifying the integrity of a transmitted message. See message integrity, e-mail authentication and MAC. (2) Verifying the identity of a user logging into a network. requirement.(7) Investigators should seek legal advice in these areas as well. Furthermore, as with any piece of evidence, establishing a proper chain of custody The movement and location of physical evidence from the time it is obtained until the time it is presented in court. Judges in bench trials and jurors in jury trials are obligated to decide cases on the evidence that is presented to them in court. helps to ensure the admissibility of computerized records in court. To accomplish this, investigators must document fully the procedures they used to obtain and store the downloaded data, including where, by whom, and under what circumstances they gained access to the victim's system, and which specific files they downloaded. These files must be maintained on a write-protected disk, which prevents data from being altered. To provide additional protection against data loss, investigators should use copies of the downloaded files to sort, select, and organize the data during the investigative process and should remember to back up the files periodically. HELPING BUSINESSES PREVENT COMPUTER EMBEZZLEMENT White-collar crime investigators should encourage businesses to institute security procedures to combat computer manipulation crimes.(8) First, companies should institute computer access controls. Specifically, employees authorized au·thor·ize tr.v. au·thor·ized, au·thor·iz·ing, au·thor·iz·es 1. To grant authority or power to. 2. To give permission for; sanction: to access the computer should have access codes or passwords. Computer systems should recognize authorized users authorized user Radiation physics A person who, having satisfied the applicable training and experience requirements, is granted authority to order radioactive material and accepts responsibility for its safe receipt, storage, use, transfer and disposal , as well as their level of authority, and admit them accordingly. For example, the payroll clerk might be permitted to sign on to the system only every payday, while an office assistant might be denied access entirely. Computer systems also should change access codes periodically. In addition, companies should establish and maintain internal accounting controls. These include separating financial duties so that the person who keeps the records is not the same person who prints the checks; periodically rotating duties; developing and documenting financial policies and procedures Policies and Procedures are a set of documents that describe an organization's policies for operation and the procedures necessary to fulfill the policies. They are often initiated because of some external requirement, such as environmental compliance or other governmental , such as defining authorization limits for checks; and conducting periodic internal audits and surprise inspections. Third, the computer system should log every unusual occurrence automatically. For example, a system might search for checks that are out of sequence; transactions that are out of the ordinary - too high, too low, too many, too often; or an employee who repeatedly attempts to gain access improperly. To be effective tools, however, these reports must be inspected periodically. The business owner in the opening scenario who fell prey to computer embezzlement failed to check her computer's access log on a regular basis. Finally, employers should pay attention to their workers. The behavior of employees who deviate from the firm's standard operating procedures standard operating procedure Medtalk A technique, method or therapy performed 'by the book,' using a standard protocol meeting internally or externally defined criteria; a formal, written procedure that describes how specific lab operations are to be performed. or merely from their own past performance levels may signal that something is amiss a·miss adj. 1. Out of proper order: What is amiss? 2. Not in perfect shape; faulty. adv. In an improper, defective, unfortunate, or mistaken way. . CONCLUSION In the past, businesses locked up their books and records to prevent destruction, falsifications, and losses. Unfortunately, today's technology enables embezzlers to manipulate data and falsify falsify, v to forge; to give a false appearance to anything, as to falsify a record. records, even at their leisure from their own homes. Law enforcement agencies must accept the fact that financial records, once falsified by pen and pencil, now can be altered by computer. Fortunately, investigators can fight back by using their agency's own computers to detect false entries quickly and accurately, establish criminal intent, and successfully prosecute embezzlers. By using downloading as an investigative tool, white-collar crime investigators can take a "byte" out of computer crime. Endnotes 1 U.S. Department of Justice, National Institute of Justice, Office of Justice Programs, "Computer Crime," NIJ Noun 1. NIJ - the law enforcement agency that is the research and development branch of the Department of Justice National Institute of Justice Department of Justice, DoJ, Justice Department, Justice - the United States federal department responsible for Reports, January/February 1990, by C. Conly and J.T. McEwen, 3. 2 A 1986 survey conducted by the National Institute of Justice determined that between 63 and 84 percent (range based on differences in jurisdiction size) of responding police chiefs and sheriffs believed that computer crime investigations would be a "significant cause of future workload in their departments." Follow-up contacts with selected respondents revealed specific concerns over computer manipulation to commit fraud and embezzlement. J.T. McEwen, U.S. Department of Justice, National Institute of Justice, Dedicated Computer Crime Units, June 1989, 8. 3 Charles Sippl, The New Webster's Computer Terms (Costa Mesa Costa Mesa (kŏs`tə mā`sə), city (1990 pop. 96,357), Orange co., S Calif., on the Pacific south of Santa Ana; inc. 1953. It is a transportation, residential, and light industrial center. , CA: Lexicon Publications Inc., 1990), 120. 4 Ibid, 49. 5 Supra A relational DBMS from Cincom Systems, Inc., Cincinnati, OH (www.cincom.com) that runs on IBM mainframes and VAXs. It includes a query language and a program that automates the database design process. note 1, 5. 6 Certain software packages prove advantageous in rare cases involving a computer-literate subject who tampers with the victim's software or hardware to facilitate the embezzlement. An example of this is a bank computer specialist who designs a hidden program that "slices" a penny of earned interest from every customer's account and deposits the proceeds into a personal account, a scheme known as the "salami method." 7 See John Gales John Gale is the name of:
plural of velum. , 673 F.2d 86 (5th Cir. 1982); Hatton v: State, 498 N.E.2d 398 (Ind. App. 4 Dist. 1986); American Oil Co. v. Valenti, 426 A.2d 305 (Conn. 1979); Barbiarz v. Hartford Special Inc., 480 A.2d 561, 567 (Conn. App. 1984); King v. State ex rel ex rel. conj. abbreviation for Latin ex relatione, meaning "upon being related" or "upon information," used in the title of a legal proceeding filed by a state attorney general (or the federal Department of Justice) on behalf of the government, on the instigation of Murdock Acceptance Corporation, 222 So.2d 393, 397 (Miss. 1969); United States v. Russo, 480 F.2d 1228, 1241 (6th Cir. 1973); United States v. Sanders, 749 F.2d 195, 199 (5th Cir. 1984); Monarch Federal Savings and Loan Association Federal Savings and Loan Association An institution chartered by the federal government whose primary function is to collect savings deposits and to provide mortgage loans. v. Genser, 383 A.2d 475 (N.J. Super. St. Ct. Ch. Div. 1977); Palmer v. A.H. Robbins Co., Inc., 684 P.2d 187, 201 (Colo. 1984). 8 Jack Bologna Bologna (bōlô`nyä), city (1991 pop. 404,378), capital of Emilia-Romagna and of Bologna prov., N central Italy, at the foot of the Apennines and on the Aemilian Way. , How to Detect Embezzlement (Madison, WI: Assets Protection Publishing, 1994), 7-8. For additional information on downloading, contact Leonard Drinkard, U.S. Department of Labor, Office of Labor Management Standards, Room 831 Federal Office Building, 1240 East Ninth Street, Cleveland, Ohio "Cleveland" redirects here. For the Cleveland metropolitan area, see . For other uses, see Cleveland (disambiguation). Cleveland is a city in the U.S. state of Ohio and the county seat of Cuyahoga County, the most populous county in the state. 44199-2054, phone 216-522-3855. RELATED ARTICLE: The Benefits of Downloading Downloading allows investigators to: * Use a familiar software package to examine, analyze, and organize volumes of data * Reduce considerably the time required to investigate and document a case * Limit greatly the intrusion into the victim's business by avoiding the need to seize hardware and software to investigate the crime * Authenticate (1) To verify (guarantee) the identity of a person or company. To ensure that the individual or organization is really who it says it is. See authentication and digital certificate. (2) To verify (guarantee) that data has not been altered. work papers Noun 1. work papers - a legal document giving information required for employment of certain people in certain countries work permit, working papers and schedules that document a loss and can be used in court because they represent an exact copy of the original data * Eliminate errors that might occur if investigators needed to enter data into the computer from hard copies of ledgers, journals, check registers, canceled checks, etc. RELATED ARTICLE: Investigative Tips Guidelines for Downloading Investigators should: * Try downloading on a small scale to gain confidence * Become familiar with the functions and limitations of your agency's application software * Secure the victim's system to prevent unauthorized access * Determine the victim's software package (If the package is the same as your own, copy the data onto a disk, if it is not the same: - convert to an ASCII file A file that contains data made up of ASCII characters. It is essentially raw text just like the words you are reading now. Each byte in the file contains one character that conforms to the standard ASCII code (see ASCII chart). and use spreadsheet or database software to read; or - create print file, copy onto disk, and use print file reader software to convert data) Preventing Computer Manipulation Crime Business owners should: * Institute computer access controls * Establish and maintain internal accounting controls * Program computers to record unusual occurrences * Regularly review security logs * Note employees who deviate from acceptable procedures or performance levels. Source: Jack Bologna, How to Detect Embezzlement (Madison, WI: Assets Protection Publishing, 1994), 7-8. Arthur L. Bowker, M.A., and Leonard N. Drinkard are investigators with the Office of Labor Management Standards, U.S. Department of Labor, Cleveland, Ohio. |
|
||||||||||||||||
Printer friendly
Cite/link
Email
Feedback
Reader Opinion