2014-09-03 Cybersecurity and Computer Crimes

Thrive. Grow. Achieve.
Cybersecurity and
Computer Crimes:
The Human Element
Leslie C. Kirsch, CFE, Manager, Raffa P.C.
September 3, 2014

CONTENTS
• COMPUTER CRIMES
• CYBERSECURITY
• SOCIAL ENGINEERING FRAUDS
• OTHER TECHNOLOGY-ENABLED FRAUDS
• EMERGING ISSUES
Cybersecurity and Computer Crimes: The Human Element | 2

COMPUTER CRIMES
DEFINING COMPUTER CRIME
• What is a computer crime? According to U.S. Department
of Justice, “any illegal act for which knowledge of computer
technology is used to commit the offense”
–Very broad definition can include anything from cyberstalking to
embezzlement
–Many traditional frauds can be conducted using or targeting a
computer; “computer-aided fraud” involves the use of a computer
to commit a fraudulent act
• Who commits computer crimes? Anyone can commit a
computer crime; it’s not limited to hackers and professional
thieves anymore
• How are computer crimes prosecuted? There are a
variety of state, federal, and international laws governing
computer crimes; because computers allow remote access,
the perpetrator does not need to be in the same area as the
targeted computer

COMPUTER CRIMES
BASIC ELEMENTS OF COMPUTER FRAUD
• State and federal laws are inconsistent and somewhat
behind the times on computer crime issues. However, there
are three basic elements that are fairly consistent across
different statutes. The perpetrator of a computer fraud must:
–Knowingly access or otherwise use a computer
–Without authorization, or exceeding authorization
–With intent to commit a fraudulent or otherwise criminal act
• Be aware, with computer crimes, international law may
matter! Electronic information may pass through computers
in other countries en route to its final U.S. destination

COMPUTER CRIMES
MODERNIZING OLD CRIMES

COMPUTER CRIMES
TYPES OF COMPUTER-AIDED FRAUD
• Manipulating computer inputs: Putting false transactions
into the system, modifying actual transactions, or removing
transactions
• Manipulating programs: Changing the instructions the
program uses to process data, e.g. skipping audit trails,
altering rounding of bank transactions (Superman III)
• Tampering with computer outputs: Tampering with end
result of computer processing – reports and files; includes
theft of confidential information

COMPUTER CRIMES
INTERNET FRAUD
• The Internet is a playground for fraudsters because it is (1)
unsecured, (2) anonymous, (3) unregulated, and (4)
temporal
• Tools for fraudsters are widely available on the Internet
–Company websites for spoofing uses
–Encryption programs
– Steganography programs (hide documents within a picture)
• Sentencing for computer crimes can be very harsh, but
there are few qualified federal investigators, compared to
non-computer crimes

COMPUTER CRIMES
COMPUTER CRIME LAWS
• Computer Fraud and Abuse Act of 1986: Criminalizes
intentional unauthorized access to a “protected computer” that
causes a loss over $1,000 – a computer that is exclusively for
the use of the U.S. government, a financial institution, or
affecting interstate commerce
• Electronic Communications Privacy Act of 1986: Makes it
illegal to intercept stored or transmitted electronic
communication without authorization
• Digital Millennium Copyright Act of 1998: Prohibits
circumventing a technological measure designed to protect a
copyright

CYBERSECURITY
CYBERSECURITY RISK ASSESSMENT
• Burden for protecting your network is always going to lie
partly with the end users – identify what knowledge gaps
exist for employees and/or clients
–Users knowingly or unknowingly override even the best controls
• Consider who would be considered “trusted” to access your
network and the mechanisms they use to connect
• Since you can’t prevent all attacks, start thinking about how
you can detect an attack and how fast you can respond!

CYBERSECURITY
FIREWALLS
• What is it? A software/hardware based security system that
controls incoming and outgoing network traffic
• How does it work? It analyzes the data that is trying to
move through the system based on set rules for what is
“trusted” and what is not
–Whitelist: A list of users that are trusted; if you’re not on the list,
you won’t be granted access.
– Blacklist: A list of users that can’t be trusted; if you are on the
list, you won’t be granted access

CYBERSECURITY
FIREWALLS
• When setting network security, you need to consider
whether you are just trying to block unsafe sources from
OUTSIDE your network, or whether you want the added
security of blocking potentially unsafe traffic WITHIN the
network
• If all your efforts are spent keeping bad actors out, then you
may be more vulnerable once they’ve gotten in (and they
will get in eventually)

CYBERSECURITY
INTRUSION DETECTION AND PREVENTION
• Intrusion detection system: Monitors network or system
activities to identify malicious activities or policy violations,
producing a report
• Intrusion prevention system: In addition to detecting
intrusions, attempts to block the unauthorized access
attempt
• There can be a lot of “noise” in intrusion detection – learn to
sort the noise from the true threats

CYBERSECURITY
DENIAL OF SERVICE (DOS) ATTACKS
• What is it? An attempt to make a machine or network
unavailable to intended users – most commonly seen
shutting down a website
• How does it work? Often, the target is bombarded by an
overwhelming volume of data that it is forced to process –
this slows it down so much that it can’t respond to real users
trying to reach it
• First major distributed denial of service attack was
committed in February 2000 by a 15 year old Canadian boy
(nicknamed “Mafiaboy”), who brought down Yahoo!, CNN,
eBay, Dell, and Amazon

CYBERSECURITY
DICTIONARY ATTACKS
• What is it? An attempt to crack a password by guessing
using hundreds or millions of likely possibilities, such as the
words in the dictionary
• How does it work? Most people tend to choose passwords
that are relatively short and use words found in dictionaries,
or slight variations (adding a digit or special character)
• Software that aids in dictionary attacks is readily available
• “Strong” passwords can defeat these attacks – simply
putting an unexpected character in the middle of the word
means the dictionary will not be able to catch it

CYBERSECURITY
MALWARE
• What is it? A variety of hostile or intrusive software programs designed
to disrupt systems, gather information, or gain unauthorized access.
• Ways to transmit it:
– Viruses
– Worms
– Trojan horses
– Rootkits
• What can it do once it’s there?
– Botnets
– Keyloggers
– RAM scraper
– Ransomware
– Spyware
– Adware
– Remote AdministrationTools
• Malware overwhelmingly targets Windows-based computers

CYBERSECURITY
MALWARE
• But how does it actually get onto a computer?
–People let in through!
• Knowingly downloaded
• Autorun from an external media storage device, including CDs, DVDs,
flash drives, or external hard drives
• Public wi-fi networks or hotel networks
– Exploiting security defects in operating systems or individual
applications

CYBERSECURITY
VIRUSES AND WORMS
• Virus – attaches to executable software and replicates
when run by inserting copies of itself into other programs
and files, usually performing some harmful activity
• Worm – replicates to spread to other computers, does not
need to attach to an existing program
• “The first worm” – the Morris worm, created in 1988 by a
Cornell grad student to “measure the size of the internet,” it
inadvertently caused millions of dollars in damages and
resulted in the establishment of CERT
• Modern viruses and worms are usually designed to take
control of a user’s computer for nefarious uses, including:
–Sending email spam
–Hosting contraband data, such as child pornography
– Executing distributed denial-of-service attacks

CYBERSECURITY
TROJAN HORSE
• A program that invites the user to run it, concealing its
harmful code
• Code might take effect immediately, or it may lie in wait and
unleash its payload later
• A common delivery method for spyware, bundled with a
desirable software download that a user wishes to install
• May provide remote access for someone, crash the
computer, steal data, install other software, access
webcam, or join the computer to a botnet

CYBERSECURITY
ROOTKITS
• A program designed to conceal a malicious program by
modifying the user’s operating system, very hard to remove
• Can keep a process from showing up in the “Processes” list
in the system’s Task Manager or hide the files that contain
the malicious program
• May also contain code to prevent the program from being
uninstalled, for instance, by running duplicates of itself
• Also describes some “desirable” programs that:
– Conceal cheating in online games
– Circumvent CD/DVD copyright protection
– Provide anti-theft protection to monitor/disable/wipe remotely
–Bypass Microsoft Product Activation

CYBERSECURITY
BOTNETS
• What is it? A group of Internet-connected computers
controlled by a master machine
• Created when malicious programs gain control of some or
all of computer’s functions
• Used for:
–Sending out spam emails
– Denial-of-service attacks
–Recruiting more bots
– Cheating in online poker (I can see your cards)
• A botnet controller may rent out the privilege of using
the botnet for a “reasonable” price

CYBERSECURITY
KEYLOGGERS
• A piece of software or hardware that (secretly)
records the keys struck on a keyboard
• Most malicious versions allow remote access to a
user to obtain the locally recorded keylogs or
uploads/emails the data to another location
• Can be used by a hacker to obtain authentication
credentials or other sensitive data (e.g. trade
secrets)

CYBERSECURITY
RAM SCRAPERS
• Gets onto point-of-sale (POS) terminals at retailers using
any of the methods of entry already discussed
• Searches the RAM (“temporary” memory) on the POS
terminal, where credit/debit card data is stored in a less
protected for while it waits to be processed
• When the data is found, it gets uploaded to remote servers
where the hackers can read it and profit from it
• Responsible for the major Target data breach of 2013
– Hackers may have stolen an HVAC contractor’s credentials in
order to get through Target’s first layers of security

CYBERSECURITY
RANSOMWARE
• A type of malware that restricts access to the infected
computer system and demands that a ransom be paid for
the restriction to be removed
– Can be by encrypting all the files on the hard drive or by locking
the system and displaying a payment message
• Enters the system like any other malware, then installs a
program that will prevent easy computer access
• Victim usually told to pay through a wire transfer, premium-rate
text message, or an online service
• Also known as “scareware” and “cryptoviral extortion”

CYBERSECURITY
RANSOMWARE

CYBERSECURITY
SPYWARE
• Software that gathers information about a
person or organization secretly and sends it
to someone else
• Can collect any kind of data, including
authentication credentials, surfing habits, and
bank information
• May change computer settings, including
browser and software settings
• A number of “anti-spyware” programs actually
install spyware!

CYBERSECURITY
ADWARE
• Software that renders advertisements to generate revenue
for the creator of the adware
• Advertisements may pop up at any time when using the
computer, not necessarily only when surfing the internet
• “Typhoid adware” – a new form of adware that doesn’t
require installation of a program in order to display
advertisements, it uses non-encrypted wireless connections
from WiFi hotspots

CYBERSECURITY
REMOTE ADMINISTRATIONTOOLS
• Lets a hacker take complete control of your computer’s
functions (
–Turn on your webcam and record you (keep an eye on the light)
–Open and close CD drives
–Open windows
– Browse files
– Play sounds
–Keylogging
• Requires basically no technical knowledge, entire online
forums are devoted to providing the tools for it
• Some “ratters” claim to just do it “for the thrill,” but some use
what they find to blackmail victims

CYBERSECURITY
MALWARE – HOW TO PROTECT YOURSELF
• Never open an unexpected email attachment!
• Have up-to-date antivirus software! Malware is constantly
evolving, so you need active licenses and updated virus
definitions to keep up.
–Enable real-time protection – that means each file is scanned as
it is downloaded and quarantined until it passes the scan
• Set appropriate user privileges – limit the number of
administrator as much as possible to stop malware from
spreading if it does reach the computer
• Remove software you aren’t using – every piece of software
on a computer is an opportunity for targeted exploits
• Make sure software you are using is patched and up-to-date
• Make regular backups that are kept separate to keep them
from being destroyed by a virus

SOCIAL ENGINEERING FRAUDS
PRETEXTING
• What is it? Creating and using an invented scenario
against a target victim to increase the change they will
divulge secret information or perform a desired action
• Fraudsters use it to trick people into divulging passwords,
password hint information (e.g. favorite sports team),
account information, or gain trust
• On the internet, pretexting is simplified – there is no body
language or verbal cues to give away the con
• Social media websites help pretexters – if you are providing
a lot of information about yourself, it is easy for someone to
pretend to be trustworthy

PHISHING
• Phishing: An attempt to obtain information like usernames,
passwords, and banking information by pretending to be a
trustworthy entity in an email sent to a large group of people
– Sometimes directs users to enter credentials into a fake website that
looks very much like the real website
– To avoid text filters, phishers may use images instead of words
– May even send a target to enter information by phone to enter
account numbers and PINs
• Spear Phishing: Targeted phishing attempt directed at specific
individuals or companies, often backed by an awareness of
personal information to increase odds of success
• Whaling: Targeted phishing attempt directed at senior
executives or other high profile targets within businesses, who
are likely to have high levels of access or power
• Clone Phishing: Duplicates a legitimate email, but changes a
hyperlink or attachment to something malicious; often uses the
phrase “UPDATED” in subject line

PHISHING – HOW TO PROTECT YOURSELF
• The first defense is training to recognize phishing attempts.
– Always assume requests to confirm any of your personal
information are fraudulent
–Most legitimate emails from business contain a piece of
information not available to phishers, like your name. Be wary of
generic emails with addresses like “Dear Customer”
–Never click on hyperlinks in these emails. If you have concerns,
manually type the website address that you know to be accurate
into your browser bar
• Software and anti-spam filters can help protect you – do not
override quarantines your filter applies!

PHARMING
• An attack that redirects one website’s traffic to another site
• Used for identity theft – redirect traffic from a website that
requires a user to log in and you can steal their credentials
• Anti-virus software and spam filters cannot protect against it
• Pharming can target an individual computer or a router,
changing it so that when you enter the address of a
legitimate website, you are directed to another website
under a fraudster’s control

PHARMING – HOW TO PROTECT YOURSELF
• Can be very difficult to identify and avoid – pharming is
commonly the result of malware intended to corrupt the way
your computer access the internet
• Make sure that you are accessing secure web connections
for sensitive information, indicated by https:// instead of
http://
• Always make sure that personal wireless networks require a
strong password for access – do not allow free access, use
the default password, or use a simple password that can be
hacked using a dictionary attack

BAITING
• An attacker leaves an infected external storage device in a
public location with a legitimate-looking (and interesting)
label, then waits for a user to access it
• As soon as a user accesses the storage device, malware is
installed on the user computer, taking advantage of auto-run
• Can also be something like a “free iPod” that compromises
the computers it is used on

BAITING – HOW TO PROTECT YOURSELF
• Never use an unknown external storage device!
• Turn off autorun on your computer
• Disable external storage device access, period

SOCIAL ENGINEERING – HOW TO PROTECT YOURSELF
• Never give out sensitive information by phone/email, etc
• Provide physical security, require employees to wear
badges and guests to be escorted
• Don’t type in passwords with anyone else present
• Lock and monitor the mail room, if you have one
• Lock phone closets and server rooms
• Control overseas/long-distance calls
• Keep trash in secured/monitored areas; institute shredding
and electronic device destruction policies
• Require that sensitive/confidential documents be locked up

OTHER TECHNOLOGY-ENABLED FRAUDS
ROGUE SECURITY SOFTWARE
• Commercial programs that claim to remove malware, but
actually install it
• Most require a user to make a decision to install the
software, then usually has an attached Trojan horse
• Often through fake websites that notify you that “your
machine is infected” and suggest a “trial download”

FRAUDULENT HOTSPOTS
• Fraudsters set up a bogus public WiFi hotspot in areas
where legitimate hotspots are common, like hotels, airports,
and cafes
• When people use the hotspot, the fraudsters are able to
access email, accounts, and software
• In London, multiple bankers’ accounts were hacked this
way; the hackers used the bankers’ email accounts to
request transfers of funds worth millions of dollars!

CHARGEBACK FRAUD
• When a fraudster takes advantage of credit card processing
times to order goods with express shipping, then cancels
the transaction after shipping to prevent payment
• Online transactions are considered “card-not-present”
transactions, which puts the loss burden on the seller – who
also likely has to pay a “chargeback fee” to the credit card
processor (the card issuer has the loss burden normally)
• The “Card Security Code” on new credit cards is partly to
combat chargeback fraud – it requires the holder to have
physical access to the card to provide the number

CATFISHING
• A “catfish” creates fake personal profiles on social media
sites
• Used to pursue deceptive online romances
• The most famous victim: Notre Dame linebacker Manti Te’o

EMERGING ISSUES
CREDIT CARD CHIPS
• Chip & PIN – cards have built-in chips, the cardholder must
enter a PIN at the time of purchase to approve the purchase
• Currently in use throughout Europe
• Replaces the magnetic strip/receipt signature combination
–Magnetic strip data can be easily stolen with a card reader
– Since a signature is easily faked, thieves can make purchases
immediately
• In Europe, it shifts liability burden to the customer, since
theoretically the only way unauthorized activity occurs is if
the PIN is shared
– In the U.S., the Electronic Fund Transfer Act of 1978 doesn’t
allow the legal liability to shift the same way

EMERGING ISSUES
CREDIT CARD CHIPS
• Why is the current system vulnerable?
–Magnetic stripes are at risk from card skimmers!
– It’s easy to steal just a credit card number, and it costs very little
money to construct a magnetic stripe card

EMERGING ISSUES
CREDIT CARD CHIPS
• So why isn’t the U.S. already using them?
– The cards themselves are much more expensive for the issuer to
produce and distribute: $2 vs. $15-20
–New infrastructure costs a lot for retailers
– Current law allows tax write-offs for the issuer for portion of fraud
losses (50%), the rest are generally passed along to customers
through fees and service charges
• Do they really reduce fraud?
– In-store fraud plummeted in the U.K. when the cards were first
introduced
– Card-not-present transactions still occur
– More complex equivalents to card readers still exist
–Secondary purchase method is still magnetic strips on chip cards
• Fraud always catches up!

EMERGING ISSUES
“SMART DEVICE” HACKING
• Everyone has “smart” phones, which means we’re all
carrying around tiny computers
• We’re not used to thinking of our phones as a vulnerability,
but they are very susceptible to fraud
• Why is your phone such a target?
–You probably use it for business and personal matters, so it could
have data that impacts both
– It’s easy to hide malware in an application download
–A controlled phone can send premium text messages
– Automatic connections to public wi-fi makes you vulnerable
• Smartphone-related identity theft is on the rise!

EMERGING ISSUES
• Increasingly, we’re being offered Internet-connected devices
for all aspects of our lives
–Home automation – remote control of lights, blinds, garage
doors, security systems
– “Smart” refrigerators
– Internet-enabled baby monitors
• If it’s on the internet, it is vulnerable to hackers
–Many of these new devices are designed without consideration
for security, since they’re not items that traditionally require
security!

EMERGING ISSUES

EMERGING ISSUES
DIGITAL CURRENCIES

EMERGING ISSUES
DIGITAL CURRENCIES
• Do they matter?
– The short answer: Maybe, kinda, who knows…
– The long answer:
• They’re potentially revolutionary, but nobody knows what to expect
• The technology that underlies the currency can do a lot more than just
exchange money, in theory at least
• But right now, they make up such a small portion of the global
economy that they don’t really matter much
– They definitely matter when it comes to law enforcement,
because they change the money laundering game completely!
• They’re easy to disregard as “fake” money, but in a lot
of ways they’re as real as fiat currency…

EMERGING ISSUES
DIGITAL CURRENCIES
• Admittedly, it’s very hard to take a currency seriously
when it’s based on an internet meme of a shiba inu...

EMERGING ISSUES
DIGITAL CURRENCIES

EMERGING ISSUES
DIGITAL CURRENCIES
• What are they? Digital currencies that are based on
cryptography (computer-based encryption)
– Decentralized
– Non-government
– Generally pseudonymous (not anonymous)
– Cap on total volume that can ever exist of each currency
• How many different kinds are there? As of August 2014, 471
different digital currencies exist
– Bitcoin dominates the digital currency market, it has more market cap
in dollars than all the other currencies combined ($6 billion)
– www.coinmarketcap.com
• Who uses them (right now, at least)?
– Sadly, criminals! (criminals are often early adopters)
– Speculators, like commodities
– Technology enthusiasts/early adopters, working toward legitimacy

EMERGING ISSUES
DIGITAL CURRENCIES
• How does it work (generally, at least)?
– Currency is “mined” by computers based on the underlying algorithm
• It’s about performing a computation that fits the cryptocurrency’s security
algorithms (like finding a new prime number)
• If you uncover something new, you get a share of your discovery’s value
and it gets added to the “public ledger”
– Pseudonymous wallet – an ID that only you know that stores your
cryptocurrency, either local or online
• One person can have many wallets, to maintain greater anonymity
• Cryptocurrency exchanges generally don’t want to know who you really
are, they don’t function like banks
• Taking your wallet offline is called “cold storage” and is meant to protect it
from theft, but the computer device used to store it is still physically
vulnerable to damage or theft (you can have backups)
– Public ledger – a fully public list of all transactions that have ever
occurred, published with wallet IDs only
– To make a transfer, you tell your business partner your wallet, and
they use an exchange to send you the requested funds

EMERGING ISSUES
DIGITAL CURRENCIES
• Bitcoin and the “Silk Road”
– What is “Silk Road”? An online marketplace in the “Deep Web”
that is known as the “Amazon.com of illegal drugs”
• Run by the “Dread Pirate Roberts”
• Shut down by the FBI on October 2, 2013; arrested the Dread Pirate
Roberts - Ross William Ulbricht – for murder-for-hire and trafficking
• By November 6, 2013, back up and running, under the leadership of
the new “Dread Pirate Roberts” (big fans of The Princess Bride,
surely!)
– All Silk Road transactions were made in bitcoins
– At that time, there were 11.75 million bitcoins in circulation – Silk
Road had done 9.5 million in bitcoin activity before it was shut
down!
– FBI seized the Bitcoins of the site and Ulbricht, making them the
holders of the world’s biggest single Bitcoin “wallet”

EMERGING ISSUES
DIGITAL CURRENCIES
• What are the benefits? Why are people excited?
– “Pure” economy – since the supply cannot be manipulated, there
is no such thing as a central banker to exercise monetary policy
– Doesn’t rely on “trust” in the transaction processing
– Extremely low transaction fees, especially compared to money
orders, which matters a lot to impoverished nations
• Decentralization means that you can make a transfer anywhere at any
time as long as you have internet access
– Can’t be stolen (in theory, at least)
– For law enforcement, pseudonymity can be a huge blessing –
once they know one bad actor, they can trace to a lot of others
• Cryptocurrencies are hard to seize though, since they’re not held by
an intermediary like a bank
• But, you can’t totally “hide” cryptocurrencies in physical space – no
stashing Dogecoins in your mattress! If I find your wallet(s), then I
have all your money…

EMERGING ISSUES
DIGITAL CURRENCIES
• What are the drawbacks?
– If someone attaches you to your wallet ID, they can see every
transaction you have ever engaged in (so much for surprising your
spouse on their birthday!)
– You can’t actually remove “trust” from monetary transactions – you
have to trust your business partners, right?
– Right now, price fluctuations mean they’re highly volatile (watch for
pump and dump schemes)
– Hard to exchange for “real-world” services and fiat currency
– Highly reliant on the activities of exchanges to transfer into real
money – exchanges use technology that is less secure than the
actual cryptocurrencies
– Virtually unregulated, so consumers are not protected
• Transaction are irreversible – if you are a victim of fraud, you have really
no recourse whatsoever, unlike your current banking/credit cards
• If your exchange/bank is attacked, you can lose everything (e.g. Flexcoin)

EMERGING ISSUES
DIGITAL CURRENCIES
Bitcoin Volatility from September 2013 – August 2014

EMERGING ISSUES
DIGITAL CURRENCIES
• A Cautionary Tale: The Mt. Gox Bankruptcy
– One of the biggest Bitcoin exchanges
– CEO has a less than trustworthy history
– November 2013 – withdrawals stop processing correctly
– Feburary 2014 – Mt. Gox claims that a bug in the Bitcoin
programming results in theft of 850,000 Bitcoins (7% of coins -$1B)
– February 28, 2014 – Mt. Gox declares bankruptcy
–When was the money taken?
• Well, the CEO moved 400,000 bitcoins around in June 2011
• From 2011-2013, Mt. Gox wouldn’t provide any financial information
• Looks almost like a traditional lapping scheme
–Who took the money?
• The explanation provided by Mt. Gox doesn’t make technical sense
• Back in July 2011, another exchange mysteriously “lost” all their deposits,
then “recovered” 49%, which were given back to depositors
• Mt. Gox “found” 200,000 Bitcoins on March 20 2014
– Liquidation proceedings are going forward in Tokyo

EMERGING ISSUES
DIGITAL CURRENCIES
• New payment mechanism tend to have a lot of fraud in their
early days (just look at Paypal)
• Cryptocurrencies need to take fraud seriously as a threat in
order to address it and gain acceptance
• Remember, Bitcoin may fail, but someday the
cryptocurrency equivalent of Google will come along…

QUESTIONS AND ANSWERS

HOW CAN RAFFA ASSIST YOU IN
PREVENTING AND DETECTING FRAUD?
A resource for the nonprofit community to help
organizations effectively manage risk and better ensure
the prevention and detection of fraud.
VISIT US AT WWW.RAFFA.COM/FRAUD

OUR WEEKLY NEWSLETTER
OU

Forensic Accounting Services Group
Are you threatened by fraud, litigation or
insolvency?
Are you selling your business, transferring
assets or structuring a new venture?
Raffa forensic accounting experts will do more to
assist you in these challenging circumstances.
Our Team’s Services:
• Fraud Investigations & Prevention
• Litigation Support & Expert Testimony
• Business Valuation & Due Diligence
• Insolvency & Reorganization

How We Empower You
• We identify and mitigate fraud risk by performing a fraud
risk assessment
• We provide fraud investigations if you are, or suspect you
are, a victim of fraud
• We provide litigation support, expert testimony and forensic
accounting services in business disputes, financial
investigations, bankruptcies, arbitrations and mediations
• We analyze, investigate and interpret complex transactions
to provide an understandable, well-researched and
unbiased valuation of your business or organization
• We have expertise in restructuring and turnaround
management for underperforming organizations

Fraud Investigations &
Prevention
• Fraud examinations and internal
investigations
• Fraud risk assessments
• Review of internal controls and
management practices
• Financial statement
misrepresentations
• Background and workplace
investigations
• Computer forensic analysis,
imaging, data mining and
recovery
• Reconstruction of accounting
records
• Continuous audit services
• Anti-fraud consulting and training
Litigation Support & Expert
Testimony
• Lost earnings and profits
• Lost value
• Breach of contract
• Breach of fiduciary duty
• Business interruption
• Contract costs and claims
• Tortious interference
• Patent infringement
• Professional malpractice
• Shareholder disputes
• Theft of intellectual property
•Wrongful termination
•Wrongful death

Business Valuation & Due
Diligence
• Mergers, acquisitions and
divestitures
• Marital dissolution
• Partner/shareholder disputes
• Estate and gift tax planning
• Financial reporting
•Compensation related
• Employee stock ownership
plans
• Benchmark studies
• Financial modeling
Insolvency &
Reorganization
• Viability analysis and survival
assessment
• Strategic restructuring
• Cash flow analysis and forecasting
• Liquidation analysis
• Evaluating creditor and debtor
positions
• Restructuring debt
• Interim management services,
including Chief Restructuring
Officer
• Preparing plans of reorganization
and disclosure statements
• Pre-bankruptcy planning and post-filing
compliance
• Bankruptcy litigation consulting to
trustees

BIOGRAPHY
• 9 years of fraud investigation and financial audit experience
• Started career with U.S. Government Accountability Office’s Forensic Audits and Special
Investigations Unit
• Led forensic audits and investigations on a variety of topics, including: Federal
contractor/grantee eligibility fraud and integrity issues; federal tax collection program integrity;
abuse of government purchase cards, travel cards, and premium class travel privileges;
employment of sex offenders and child abusers at schools and child care facilities; passport
application fraud; manufacture and marketing of herbal dietary supplements
• Designed innovative analytical strategies and investigative techniques to identify fraud
indicators in complex datasets, using software packages such as IDEA and SAS
• Identified, investigated, and ultimately referred hundreds of cases of potential fraud, waste,
and abuse to federal authorities for administrative action
• Led multiple undercover operations of varying complexity and political sensitivity
• Drafted numerous congressional testimonies and publicly available audit reports
• Designed and implemented internal quality assurance policies and procedures
EDUCATION & CERTIFICATIONS
• Bachelor of Science, Accounting – University of Maryland, College Park
• Bachelor of Science, Finance – University of Maryland, College Park
• Designated as a Certified Fraud Examiner (CFE) by the Association of Certified Fraud
Examiners
• SAS Certified Base Programmer for SAS 9
Leslie C. Kirsch, CFE
Manager
RAFFA, P.C.
1899 L STREET, NW
WASHINGTON, DC 20036
TEL. 202-955-7204
FAX 202-822-0669
LKIRSCH@RAFFA.COM

2014-09-03 Cybersecurity and Computer Crimes

More Related Content

What's hot

Similar to 2014-09-03 Cybersecurity and Computer Crimes

More from Raffa Learning Community

Recently uploaded

2014-09-03 Cybersecurity and Computer Crimes

Editor's Notes