5TH ANNUAL WHITE COLLAR
26 NOVEMBER 2008
ADV JACQUELINE FICK
Cyber crime in the private sector
Stringent security measures
Route of least resistance
Government has a big bank account too!
Types of cyber crime in Government
Interception of data
Fraud/theft by means of computers
DANGER OF ORGANISED CRIME
“The scale of the challenge should not be
underestimated. Over the long term the growth of
criminal networks in the region may have the capacity to
undermine both democratic governance and
economic prosperity. The threat is diffuse and its
boundaries difficult to identify, but the impact of such
activities will be detrimental to all Southern Africa’s
citizens. Now is a critical time to act”.
Regional Integration In Southern Africa: Comparative International Perspectives
“Organised Crime and State Responses in Southern Africa” p 115 at p 120
Identity theft has been described as the
fastest growing financial crime in the U.S.
and the “crime of the new millennium”.
(See HK Towle, “Identity Theft: Myths, Methods and new Law”,
Rutgers Computer and Technology Law Journal,
Rutgers University School of Law- Newark
, p 237 at p 238.)
A VEHICLE FOR CRIME
Corporate identities are often stolen or forged, to create for the
criminal, a vehicle for crime that appears to provide an air of
authority or legitimacy. In the same way as in non-networked
fraud, where a letter on headed notepaper can be more
effective in fooling a victim, the corporate online forgery
provides a similar vehicle. These false, stolen or facsimile
corporate identities can also be used to play a role in further
identity theft, by a means commonly known as phishing…..
These corporate names may have established branding and
other positive attributes that may be useful in the conduct of
some other further crime, such as the sale of forged products
or some elaborate fraud or scam”.
(SEE: A Marshall and Tompsett, “Identity theft in an online world” Computer Law & Security Report (2005) 21, p128 at 131.
NEW APPROACH TO COMBATING
Fighting the scourge of organised crime cannot be
based solely on the traditional enforcement approach.
Only the use of a targeted and coordinated twin-track
strategy based on repressive and preventive
measures will reach the goal considering the potential
of prevention techniques to impact on the proliferation
of organised crime, especially on its infiltration in legal
society and economy.
António Vitorino Commissioner for Justice and Home Affairs Strategies of the EU
COOL FROG CYBER PROJECT
Project authorised September 2001
Statistics and accomplishments
Mandate: Target, destroy, 1. Arrest of various suspects.
disrupt activities of international
crime syndicates, who hijack 2. Money laundering convictions
the identities of commercial banks, .
corporations and individuals 3. Development of innovative methods
in furtherance of their of prosecution e.g Hurkes case.
4. Coordinated law enforcement
and private sector in a united front.
5. Turnaround time reduced by 75%.
Profile crime areas & Targets
6. Various spoofed websites closed
• 4 Linked syndicates. on behalf of banking industry.
• Banking Industry.
• Corruption in banks. 13. DSO first to identify the problem
• Money Laundering. of identIty hijacking and to declare
. 14. Phishing – Sophisticated onslaught
• Racketeering. on banking industry.
• Crimes perpetrated
from Europe & N America.
BACKGROUND TO PROJECT PC
Authorised in terms of section 28(1)
Identifying, determining any linkages and
ultimately disrupting and prosecuting identified
syndicates and other role-players including
entities and members of the public committing
crimes within the Government Cyber/Computer
Systems. The focus is on, but not limited to the
Forgery and Uttering.
Contraventions of the Corruption Act, Act 12
Contraventions of the POCA Act, Act 121 of
Contraventions of the Electronic Commu-
nications and Transactions Act, Act 25 of
The man of virtue makes the difficulty to
overcome his first business, and success only
a subsequent consideration.
Confucius (551BC – 479 BC)
Aligning our strategies
Shared information/database SCCU
Government Departments Resources
WORKING RELATIONSHIP WITH
Joint prosecution of syndicate in KZN, that
operates across borders and across
Need for stronger cooperation in other
Sharing of information
Surprise searches, sting operations.
Extensive use of money laundering provisions.
Close cooperation with government
Extensive use of POCA offences.
Continuous information exchange with
Disruptive operations via sec 252A.
127 operations, surveillance, monitoring.
Arrests, searches, bail & asset forfeiture
Government Departments searched
Department of Education (PMB and DBN)
Department of Works (PMB and DBN)
Premier’s Office (PMB)
Department of Social Development (PMB
Searches in other provinces
Development of checklist
Rationale behind development
Application of checklist
Partial v Full mirroring (privilege)
The Law and the Investigators
WEAPON OF CHOICE
Use of hardware key loggers
Use of spy software
Win-spy Software 9.1 Pro
Several arrests made on the various
Value of section 204 witnesses.
Going after the big fish.
Always keeping the game plan in mind:
Think big – look at the things that you do not
DSO ARRESTS (cont.)
Ulundi CAS 282/05/2006
Three suspects arrested on 25 May 2006 on
charges of Fraud and Contraventions of the
Electronic Communications and Transactions
Act 25 of 2002.
Arrests were the direct result of information
received from an informer.
The IT Specialist arrested pleaded guilty to
Contraventions of sections 86(1), 86(3) and
86(4) and indicated that he is willing to give
evidence against syndicate.
First conviction in RSA on spy software
“Beginning of bigger things.”
“When the going gets tough, the tough
GETTING TO GRIPS
Putting the puzzle together
Data analysis (CAD, Forensic Auditors)
One central repository for information
Trust, trust, trust …
Identify transactions that show the money-trial
from top of syndicate through to where money
was laundered through accounts.
Show relevance and importance of computer
Show cross-pollination between Government
CHAPTER XIII: ECT ACT
'access' includes the actions of a person who,
after taking note of any data, becomes aware of
the fact that he or she is not authorised to
access that data and still continues to access
CHAPTER XIII: ECT ACT
86 Unauthorised access to, interception of or
interference with data
(1) Subject to the Interception and Monitoring
Prohibition Act, 1992, (Act 129 of 1992) a person
who intentionally accesses or intercepts any data
without authority or permission to do so, is guilty of
(2) A person who intentionally and without authority to
do so, interferes with data in a way which causes
such data to be modified, destroyed or otherwise
rendered ineffective, is guilty of an offence.
CHAPTER XIII: ECT ACT
(3)A person who unlawfully produces, sells, offers to
sell, procures for use, designs, adapts for use,
distributes or possesses any device, including a
computer program or a component, which is
designed primarily to overcome security measures
for the protection of data, or performs any of those
acts with regard to a password, access code or
any other similar kind of data with the intent to
unlawfully utilise such item to contravene this
section, is guilty of an offence.
CHAPTER XIII:ECT ACT
(4)A person who utilises any device or computer
program mentioned in subsection (3) in order to
unlawfully overcome security measures
designed to protect such data or access
thereto, is guilty of an offence.
(5) A person who commits any act described in
this section with the intent to interfere with
access to an information system so as to
constitute a denial, including a partial denial, of
service to legitimate users is guilty of an
CHAPTER XIII: ECT ACT
87 Computer-related extortion, fraud and forgery
(1)A person who performs or threatens to perform any
of the acts described in section 86, for the purpose
of obtaining any unlawful proprietary advantage by
undertaking to cease or desist from such action, or
by undertaking to restore any damage caused as a
result of those actions, is guilty of an offence.
(2) A person who performs any of the acts described in
section 86 for the purpose of obtaining any unlawful
advantage by causing fake data to be produced with
the intent that it be considered or acted upon as if it
were authentic, is guilty of an offence.
Joint co-operation with stakeholders.
Evidence gathering and establishment of
Training and transfer of skills.
Image of law enforcement agencies in South
The human factor
Security measures on systems
Success is not the result of spontaneous
combustion. You must set yourself on fire.