2. INTRODUCTION
Cyber crime in the private sector
Stringent security measures
Route of least resistance
Government has a big bank account too!
DSO investigations
Types of cyber crime in Government
Identity theft
Interception of data
Spy/malware
Fraud/theft by means of computers
Hacking
3. DANGER OF ORGANISED CRIME
“The scale of the challenge should not be
underestimated. Over the long term the growth of
criminal networks in the region may have the capacity to
undermine both democratic governance and
economic prosperity. The threat is diffuse and its
boundaries difficult to identify, but the impact of such
activities will be detrimental to all Southern Africa’s
citizens. Now is a critical time to act”.
Regional Integration In Southern Africa: Comparative International Perspectives
“Organised Crime and State Responses in Southern Africa” p 115 at p 120
Mark Shaw
4. IDENTITY THEFT
Identity theft has been described as the
fastest growing financial crime in the U.S.
and the “crime of the new millennium”.
(See HK Towle, “Identity Theft: Myths, Methods and new Law”,
Rutgers Computer and Technology Law Journal,
Rutgers University School of Law- Newark
, p 237 at p 238.)
5. A VEHICLE FOR CRIME
Corporate identities are often stolen or forged, to create for the
criminal, a vehicle for crime that appears to provide an air of
authority or legitimacy. In the same way as in non-networked
fraud, where a letter on headed notepaper can be more
effective in fooling a victim, the corporate online forgery
provides a similar vehicle. These false, stolen or facsimile
corporate identities can also be used to play a role in further
identity theft, by a means commonly known as phishing…..
These corporate names may have established branding and
other positive attributes that may be useful in the conduct of
some other further crime, such as the sale of forged products
or some elaborate fraud or scam”.
(SEE: A Marshall and Tompsett, “Identity theft in an online world” Computer Law & Security Report (2005) 21, p128 at 131.
6. NEW APPROACH TO COMBATING
SYNDICATES NECESSARY
Fighting the scourge of organised crime cannot be
based solely on the traditional enforcement approach.
Only the use of a targeted and coordinated twin-track
strategy based on repressive and preventive
measures will reach the goal considering the potential
of prevention techniques to impact on the proliferation
of organised crime, especially on its infiltration in legal
society and economy.
António Vitorino Commissioner for Justice and Home Affairs Strategies of the EU
7. COOL FROG CYBER PROJECT
Project authorised September 2001
Statistics and accomplishments
Threat analysis
Mandate: Target, destroy, 1. Arrest of various suspects.
disrupt activities of international
crime syndicates, who hijack 2. Money laundering convictions
the identities of commercial banks, .
corporations and individuals 3. Development of innovative methods
in furtherance of their of prosecution e.g Hurkes case.
criminal objectives.
4. Coordinated law enforcement
and private sector in a united front.
5. Turnaround time reduced by 75%.
Profile crime areas & Targets
6. Various spoofed websites closed
• 4 Linked syndicates. on behalf of banking industry.
• Banking Industry.
• Corruption in banks. 13. DSO first to identify the problem
• Money Laundering. of identIty hijacking and to declare
special project.
. 14. Phishing – Sophisticated onslaught
• Racketeering. on banking industry.
• Crimes perpetrated
from Europe & N America.
8. BACKGROUND TO PROJECT PC
Authorised in terms of section 28(1)
Identifying, determining any linkages and
ultimately disrupting and prosecuting identified
syndicates and other role-players including
entities and members of the public committing
crimes within the Government Cyber/Computer
Systems. The focus is on, but not limited to the
following crimes:
Fraud.
Theft.
Forgery and Uttering.
Contraventions of the Corruption Act, Act 12
of 2004.
Contraventions of the POCA Act, Act 121 of
1998.
Contraventions of the Electronic Commu-
nications and Transactions Act, Act 25 of
2002.
9. INVESTIGATIVE PROCESS
The man of virtue makes the difficulty to
overcome his first business, and success only
a subsequent consideration.
Confucius (551BC – 479 BC)
10. ROLE PLAYERS
SAPS AFU
Aligning our strategies
Joint prosecution
AND
Shared information/database SCCU
SIU
Government Departments Resources
Shared investigations
SITA
Resources
Searches FORENSIC
BANKS AUDITORS
11. WORKING RELATIONSHIP WITH
ROLE PLAYERS
Joint prosecution of syndicate in KZN, that
operates across borders and across
Government Departments
Need for stronger cooperation in other
provinces
Linked databases
Sharing of information
12. INVESTIGATIVE METHODOLOGY
Re-active Methods
Surprise searches, sting operations.
Pro-active Methods
Extensive use of money laundering provisions.
Close cooperation with government
departments.
Extensive use of POCA offences.
Continuous information exchange with
stakeholders.
Disruptive operations via sec 252A.
127 operations, surveillance, monitoring.
Arrests, searches, bail & asset forfeiture
applications.
13. SEARCHES
Government Departments searched
Ulundi
Department of Education (PMB and DBN)
Department of Works (PMB and DBN)
Premier’s Office (PMB)
Department of Social Development (PMB
and DBN)
Searches in other provinces
Computers searched
Infected computers
14. OPERATIONAL CHECKLIST
Development of checklist
Rationale behind development
Application of checklist
MD5/checksum
Partial v Full mirroring (privilege)
The Law and the Investigators
15. WEAPON OF CHOICE
Use of hardware key loggers
Use of spy software
Win-spy Software 9.1 Pro
16. DSO ARRESTS
Several arrests made on the various
investigative legs.
Value of section 204 witnesses.
Going after the big fish.
Always keeping the game plan in mind:
Racketeering prosecutions
Think big – look at the things that you do not
see.
17. DSO ARRESTS (cont.)
Ulundi CAS 282/05/2006
Three suspects arrested on 25 May 2006 on
charges of Fraud and Contraventions of the
Electronic Communications and Transactions
Act 25 of 2002.
Arrests were the direct result of information
received from an informer.
The IT Specialist arrested pleaded guilty to
Contraventions of sections 86(1), 86(3) and
86(4) and indicated that he is willing to give
evidence against syndicate.
First conviction in RSA on spy software
“Beginning of bigger things.”
19. GETTING TO GRIPS
Putting the puzzle together
Data analysis (CAD, Forensic Auditors)
Covert information
One central repository for information
Trust, trust, trust …
20. RACKETEERING PROSECUTION
Identify transactions that show the money-trial
from top of syndicate through to where money
was laundered through accounts.
Show relevance and importance of computer
evidence.
Show cross-pollination between Government
Departments.
21. CHAPTER XIII: ECT ACT
DEFINITION
'access' includes the actions of a person who,
after taking note of any data, becomes aware of
the fact that he or she is not authorised to
access that data and still continues to access
that data.
22. CHAPTER XIII: ECT ACT
86 Unauthorised access to, interception of or
interference with data
(1) Subject to the Interception and Monitoring
Prohibition Act, 1992, (Act 129 of 1992) a person
who intentionally accesses or intercepts any data
without authority or permission to do so, is guilty of
an offence.
(2) A person who intentionally and without authority to
do so, interferes with data in a way which causes
such data to be modified, destroyed or otherwise
rendered ineffective, is guilty of an offence.
23. CHAPTER XIII: ECT ACT
(3)A person who unlawfully produces, sells, offers to
sell, procures for use, designs, adapts for use,
distributes or possesses any device, including a
computer program or a component, which is
designed primarily to overcome security measures
for the protection of data, or performs any of those
acts with regard to a password, access code or
any other similar kind of data with the intent to
unlawfully utilise such item to contravene this
section, is guilty of an offence.
24. CHAPTER XIII:ECT ACT
(4)A person who utilises any device or computer
program mentioned in subsection (3) in order to
unlawfully overcome security measures
designed to protect such data or access
thereto, is guilty of an offence.
(5) A person who commits any act described in
this section with the intent to interfere with
access to an information system so as to
constitute a denial, including a partial denial, of
service to legitimate users is guilty of an
offence.
25. CHAPTER XIII: ECT ACT
87 Computer-related extortion, fraud and forgery
(1)A person who performs or threatens to perform any
of the acts described in section 86, for the purpose
of obtaining any unlawful proprietary advantage by
undertaking to cease or desist from such action, or
by undertaking to restore any damage caused as a
result of those actions, is guilty of an offence.
(2) A person who performs any of the acts described in
section 86 for the purpose of obtaining any unlawful
advantage by causing fake data to be produced with
the intent that it be considered or acted upon as if it
were authentic, is guilty of an offence.
26. NATIONAL IMPORTANCE
Joint co-operation with stakeholders.
Evidence gathering and establishment of
database.
Crime prevention.
Training and transfer of skills.
Image of law enforcement agencies in South
Africa.