Economics, Management, and Financial Markets [601747]

373
Economics, Management, and Financial Markets
Volume 6(2), 2011, pp. 373–380, ISSN 1842-3191

FRAUD, CORRUPTION AND CYBER CRIME
IN A GLOBAL DIGITAL NETWORK

LUMINI ȚA IONESCU
[anonimizat]
Spiru Haret University, Bucharest
VIORICA MIREA
[anonimizat]
Spiru Haret University, Bucharest
ADRIAN BL ĂJAN
[anonimizat]
Institute of Interdisciplinary Studies in
Humanities and Social Sciences, New York

ABSTRACT. Fraud cannot be eradicated, but fraud and corruption risks can be
managed like any other risks. The economic crunch c reated the premises for a
substantial increase of the computer crime and frau d. Computer crime or cyber
crime refers to any crime that involves a computer and a network, where the
computers may or may not have played an instrumenta l part in the commission
of the crime. The global total of criminal gain fro m cyber fraud is impossible to
estimate precisely, but has increased exponentially in the past 4 years. How-
ever, in the last few years, the computer specialis t and internal controllers
understood the fraud schemes and their characterist ics and they know how to
act to prevent them.

Keywords: fraud, corruption, cyber fraud, digital network

1. Introduction

Bishop and Hydoski show how in today’s highly lever aged global econ-
omy, major fraud or corruption can set off a chain reaction resulting in
serious corporate harm or failure. According to Bis hop and Hydoski since
the “Crash of 2008” led to economic conditions soft ening dramatically
around the globe, fraud risks for businesses appear to be on the rise.

374 Their research show how a slowing economy may incre ase pressure
on corporate executives to meet performance goals s et in rosier times,
or to demonstrate that the current executive team s hould be retained by
shareholders. Individual managers may feel a much g reater risk of job
loss than usual, potentially making them eager to a void having to report
a performance shortfall in their operating unit.
From all the potential loss, fraud is the most comp lex and difficult
to detect. Fraud represents intentional actions of the part of the client or
its personnel to the client’s financial statements, assets or both. Fraud is
an act of making money by making people to believe something which
is not true. Fraud is a deliberate deception perpet rated for unlawful or
unfair gain. Fraud is not an unintentional mistake, such as incorrect ac-
counting estimate, the application of a cost to an incorrect account or a
lost inventory tag during a physical count. Between fraud and corruption is
a strong connection. Most of the fraudsters and sca mmers are connected
to the company or bank, where the fraud is develope d. Inside thefts are
very difficult to detect, some of them could be par t of the management
team. Detecting fraud is the purpose of financial c ontrol and internal audit
for any kind of organization. In the last years, fr aud, corruption and
computer crime have increased significantly.

2. Cyber Fraud and Solving

Bryan et al. explained about the financial cyber fr aud and its develop-
ment. “Online financial cyber crime has increased e xponentially in the
past 4 years, forming the foundation of a trend tha t shows no signs of
abating. What began with simple 419 scams and rudim entary phishing
has grown into a highly complex underground economy generating
professional-quality software tools, legitimate bus inesses that provide
protection to cyber criminals, sophisticated stock- manipulation schemes,
and, most tellingly, a sense of community among the criminals”.[1]
There are some specific causes that determine the e xponentially
increasing of the cyber fraud. There are many compl exities involved in
making sure participants perceive the system as con venient to all in-
volved. Bryan notes that as the total population of Internet users continues
to swell, the cyber fraud underground accumulates i ncentives for its par-
ticipants to diversify their activities, forming a market with a functional
division of labor. This specialization, in turn, al lows experts to evolve
and to pass their products or knowledge on to other s, decreasing the
learning time of new entrants.

375 Bishop and Hydoski claim that as many companies exp and around
the world to source supplies from other countries, or to expand their sales
in emerging markets, they may encounter complex ris ks for which they
may not be prepared. “These risks range from briber y and corruption, to
compliance with export controls and anti-money-laun dering statutes, to
product quality risks that can endanger customers. […] Globalization,
in other words, increases the fraud risk management pressures on multi-
national companies. Each market relationship poses distinct risks that
must be taken into account when developing risk str ategies.”[2]
Bishop and Hydoski say that it is important to unde rstand personal
financial pressures and the personal needs. “Downtu rns in the economy,
such as the global recession that followed the cras h of 2008 can make it
more difficult for executives and managers to achie ve planned results. It
also puts more employees under personal financial p ressure. Fraud spe-
cialists suggest that economic pressures increase t he likelihood and the
number of individuals resorting to fraud to achieve corporate objectives
or to meet personal needs. Financial losses due to fraud are additional
costs that companies will have a hard time absorbin g, especially in down
points in the economic cycle.”[3]
Cyber fraud is strongly connected to corruption and lack of infor-
mation. Olsen notes that there is no perfect system to prevent the cyber
crime. Thus, corruption has a corrosive impact on b oth overseas market
opportunities and the broader business climate. It also deters foreign
investment, stifles economic growth and sustainable development, distorts
prices, and undermines legal and judicial systems. Olsen notes that cor-
ruption is a problem in international business tran sactions, economic
development projects, and government procurement ac tivities.
Olsen identified how computer-related crimes can be grouped into
three categories that parallel the three stages of data processing: input
tampering, throughput tampering, and output tamperi ng. Input crimes
involve the entry of false or fraudulent data into a computer, that is,
data that have been altered, forged, or counterfeit ed – raised, lowered,
destroyed, intentionally omitted, or fabricated. In put scams are probably
the most common computer-related crimes, yet perhap s the easiest kind
to prevent with effective supervision and controls (such as separation of
duties and proper audit trails). “Throughput crimes require a knowledge
of programming. The publicly reported cases of thes e crimes are far fewer
than input crimes. Output crimes, such as theft of computer-generated
reports and information files (customer mailing lis ts, research-and-de-
velopment results, long-range plans, employee lists , secret formulas, etc.)

376 seem to be increasing in this era of intense compet ition, particularly among
high-technology manufacturers.”[4]
Olsen explains the value of stored data and the sig nificant benefit for
the companies. In the global digital network, a new form of asset has
been created: the data held in the computer. Olsen says how intellectual
property maintained in computers can be extremely v aluable to foreign
governments and foreign competition. Other, more in tangible assets in-
clude valued or confidential programs, scientific d ata files, confidential
financial information, personnel records, client li sts, acquisition lists and
so on. Olsen writes that companies will greatly ben efit from strong
adherence to retention policies, and the governance of such policies, for
documents and information in hard or electronic for mats.
In some research fields it can be hard to find a pe rson who is
qualified to analyze the data, and to secure the in formation. Olsen notes
that for information that is extremely confidential or classified, a division
of responsibilities will reduce the risk that an en tire process, procedure,
or strategy will be misappropriated or otherwise ac cessed in an unau-
thorized manner. This will also ensure that no one person will possess
all the information or knowledge, thus reducing the risk of loss. Infor-
mation security control officers or custodians can be identified within the
organization to ensure that access is limited to th ose who need access to
the information.[5]
There is no perfect system for preventing cyber cri me or fraud.
Sometimes hackers attack financial institutions or their clientele with email
worm. Nemati notes how email worm spreads through i nfected email
messages. It is well known how the worm may be carr ied by attachment,
or the email may contain links to an infected websi te. Inevitably, when
the user opens the attachment, or clicks the link, the host gets infected
immediately. “The worm exploits the vulnerable emai l software in the
host machine to send infected emails to addresses s tored in address book.
Thus, new machines get infected. Worms bring damage to computer and
people in various ways. They may clog the network t raffic, cause damage
to the system and make the system unstable or even unusable.”[6] Nemati
explains the traditional way of worm detection is s ignature based. A
signature is a unique pattern in the worm body that can identify it as a
particular type of worm. However, a worm can be det ected from its
signature. But the problem with this approach is th at it involves significant
amount of human intervention and may take long time (from days to
weeks) to discover the signature. Thus, this approa ch is not useful against
“zero-day” attacks of computer worm. Besides that, signature matching
is not effective against polymorphism.

377 Masera makes recommendations to ensure the integrit y of stored data:
(1) The assurance of the information infrastructure upon which modern
societies rely is recognized as being of growing im portance for citizens,
businesses and governments. (2) The social and econ omic fabric of these
societies vitally depends upon the secure and relia ble flow, storage and
access to information managed through electronic me ans. A key question
that has to be solved is about the challenges that may hinder that as-
surance.[7] Masera notes that security is the quali ty or state of a system
that keeps anyone person or technical component) fr om carrying out
unauthorized actions that might cause unwanted inci dents with potential
risky consequences. The unauthorized actions can oc cur within, with or
from the system, and the consequences can be relate d to assets internal
or external to the system. Masera writes that the d amage caused by a
security breach can derive from unsafe conditions, from the unavailability
of services, or from the violation of the confident iality or the integrity
of the data managed by the system. All the cyber cr imes could be
prevented by increasing security for data and devel oping the internal
control.

Cyber Fraud Model

Bryan et al. observe that the carding underground c onsists of some
resource input (here, account credentials) that is extracted and processed
by suppliers (usually scammers), brought to market and retailed by mid-
dlemen (carding forum leaders), and finally purchas ed and consumed by
the demand pool (end-user carders). They presented a cyber fraud model
that is use more and more often in global digital n etwork. The model
explains the process by which criminals involved in such activity first
steal account credentials and then refine and marke t the raw data into
readily usable packages of information that “end-us er carders” finally
purchase before cashing out the accounts or buying high-value goods. It
is the most common cyber fraud model with negative consequences in
the global digital network.
According to Bryan, within the cyber fraud model se veral elements
could be identified:
1. Phishers, scammers, malicious insiders, and data base hackers attack
financial institutions or their clientele to obtain account credentials.
2. The acquirer then engages a carding market.
3. Carders in the market sell refined credentials t o “account consumers”
who may need additional help from a reshipper, mone y mule, or cash-
out provider to turn the account information into a ctual value.

378 4. In doing so, the consumer or the agents he or sh e employs use the
credentials to obtain merchandise or currency in th e legitimate economy.
This model could be developing according to the mar ket and country
where the scammers and database hackers attack fina ncial institutions
or their clientele.
The process of creating cyber fraud model is iterat ive and typically
consists of four stages: research and collecting da ta (R & C) to identify
possible scheme; promoters are scammers and middlem en, agents, others,
etc. (example: employees); developing fraud model ( DFM) – it is a
potential of source of profit, develop a pattern th at can be implemented
and coded; using innocent people who get involved i n this fraud model
with no intention (IP); collecting funds and goods from victims (FG).
The most common fraud is cyber fraud from financial institutions.
Most of the cyber frauds are developed with involve ment of the
malicious insiders. Insider threats are a real dang er for any National Digital
Information Infrastructure and Preservation Program . Bryan et al. observe
that insider threats are the primary concern of mos t major organizations.
Thus, standard malicious or greedy insiders are mor e likely to exist as
persistent concerns to organizations. Ultimately, t he relative frequency
of insider and external attacks differs according t o the type of attack. The
chart shown in Figure 2, from the 2006 U.S. Secret Service/Computer
Emergency Response Team (USSS/CERT) E-Crime Watch S urvey, illus-
trates this distinction. In proportion to attacks c ommitted by insiders,
these attacks increased significantly in 2005 as co mpared to the previous
year. [8]
We can observe that the theft of intellectual prope rty is dramatically
increased, from 16% in 2004 to 63% in 2005 for insi der attack. In the
same time the theft of intellectual property for ou tsider attack is increased
from 33% in 2004 to 45% in 2005. We consider that i nsider attack is more
dangerous that the outsider attack because could in dicate the weakness
of the system and could create premises for other f uture attacks.
Bryan et al. note that the attacks are mostly a mat ter of employees
overstepping their authority and using company reso urces for nonfinancial
gain. Attack means for information gain motives inc lude accessing pro-
prietary and trusted information on customers and o ther businesses for
personal use or for other scammers use. Most of the controllers are
concern because the information gain attacks go unn oticed due to lack
of auditing capabilities on this type of data, as n o direct financial loss
occurs. However, companies are liable for informati on breaches under
increasingly stringent laws and guidelines for the safeguarding of personal
information.

379 Here are a few methods to help us to detect a fraud , no matter its size
or type: watch the environment, watch the controls, watch employee
lifestyles, be available. Corruption became more an d more important to
investigate nowadays. Globalization and global digi tal network make
controllers job more and more difficult. Financial control and internal
audit must to detect any small fraud before scammer s will cover their
steps. In order to detect frauds, the controllers c ould use mathematical
intuition. Mathematical intuition can be replaced b y conventions about
the use of symbols and their application. [9]

3. Conclusion

Managing the risk of fraud and corruption requires an ongoing com-
mitment to acquiring fresh knowledge and skills. Qu ite often this fresh
knowledge must be obtained from outside the organiz ation and requires
training and involvement. In the global digital net work, organized criminal
groups constantly evolve new fraud schemes to part companies from
their money. Scammers and database hackers develop new twists, taking
advantage of new technologies. Bishop and Hydoski n ote that fraud and
corruption risks can be better managed by the finan cial controllers and
auditors, and the practical frameworks for managing fraud risks effec-
tively already exist. However, managing the fraud, corruption and cyber
crime requires involvement and help from all employ ees not matter
occupied position in any organization. More then th at, preventing and
detecting a fraud is possible with involvement of s takeholders and all
the partners of the organization. In a global digit al network the cyber
fraud attacks are dramatically increased based on e conomic vulnerability
models that exist in the market today. This target of the cyber crime
attack could be financial data, but also a particul ar software application,
operating system, or piece of hardware. The target could also be the
management, a specific corporate or government netw ork. The connection
between cyber crime and corruption is complex and i s affecting the
organization on long term. The resources used by ma nagement to prevent
fraud include financial resources, human resources and time. In a grow-
ing global economy, preventing fraud will be one of the most important
objective for governments and companies, as well.[1 0]

380 NOTE

This work was supported by the project “Post-Doctor al Studies in Economics:
training program for elite researchers – SPODE,” co ntract no. POSDRU/89/
1.5/S/61755, funded from the European Social Fund t hrough Human Resources
Development Operational Program 2007–2013.

REFERENCES

[1.] Bryan, K. et al., Cyber Fraud. Tactics, Techniques, and Procedures ,
CRC Press, Taylor & Francis, 2009.
[2.] Bishop, T. and Hydoski, F., Corporate Resiliency. Managing the Growing
Risk of Fraud and Corruption , John Wiley & Sons, Hoboken, NJ, 2009.
[3.] Ibidem, p. 13.
[4.] Olsen, W.P., The Anti-Corruption Handbook. How to Protect Your B usi-
ness in the Global Market Place , John Wiley & Sons, Hoboken, NJ, 2010.
[5.] Ibidem, p. 90.
[6.] Nemati, H.R., “Techniques and Applications for Advanced Information
Privacy and Security: Emerging Organizational, Ethi cal, and Human Issues”,
Information Science Reference (an imprint of IGI Gl obal), 2009.
[7.] Masera, M., “Systemic Challenges for Critical Information Infrastructure
Protection”, II. Mathematics, Physics and Chemistry, NATO Scienc e Series 196,
2004, p. 57.
[8.] Bryan, K. et al., Cyber Fraud. Tactics, Techniques, and Procedures ,
CRC Press, Taylor & Francis, 2009, p. 56.
[9.] Lazaroiu, G. et al., “Gödel on Conceptual Real ism and Mathematical
Intuition,” Recent Advances in Applied Mathematics , University of Harvard,
January 2010.
[10.] Bishop, T. and Hydoski, F., Corporate Resiliency. Managing the Grow-
ing Risk of Fraud and Corruption , John Wiley & Sons, Hoboken, NJ, 2009, p.
23.

Copyright of Economics, Management & Financial Markets is the property of Addleton Academic Publishers
and its content may not be copied or emailed to multiple sites or posted to a listserv without the copyright
holder's express written permission. However, users may print, download, or email articles for individual use.