IT6 (EXER MT1)

Bague, Emma Ysabel U. Class Schedule: MW 11:00-12:30 July 29, 2019

Carniyan, Joyce B.

PART 1 – COMPUTER CRIMES CHART

INTERE
BRIEF DESCRIPTION EST. OTHER
COMPUTER CRIME CASE ST
OF COMPUTER DOLLAR TARGET PERPETRATOR CHARGED GEOGRAPHY PUNISHMENT FACTS OF
TITLE HARME
FRAUD/CRIME LOSS THE CASE
D
Confide
Private,
Colloquial Case ntiality
Public or Juvenile
Name (C) Fine
Threat to Employee/Former Group International Sentence
Press Release Date Integrity Forefeiture
Public Employee (Outsider) or Country in Months
(I) Restitution
Health or
Reference/Source Availabil
Safety
ity(A)
JSTOR Evidence in United Swartz was indicted in
States vs. Aaron Swartz Federal District Court on
four felony counts: wire
July 2011 fraud, computer fraud,
2000 Private/Pu ✓
unlawfully obtaining A USA 600 months $1 million
journals blic
http://docs.jstor.org/JSTOR- information from a
Evidence-United-States-vs- protected computer and
Aaron-Swartz.html recklessly damaging a
protected computer.
USA vs. Anthony Clark They circumvented
multiple security
November 17, 2016 mechanisms created by
EA in order to
http://www.infosecurity- fraudulently obtain FIFA
magazine.com/news/fifa- coins over $16 million.
hackers-steal-16-million-from/ Specifically, the group
Private/Pu ✓
created software that I $16 M USA TBD TBD
blic
fraudulently logged
thousands of FIFA
Football matches within a
matter of seconds, and
as a result, EA
computers credited them
with improperly earned

Bague, Emma Ysabel U.
Carniyan, Joyce B.
JP and Morgan Chase &
Co.target of giant hacking
conglomerate
November 11, 2015
https://www.independent.co.uk/n
ews/world/americas/three-men-
charged-with-largest-cyber-
hacking-scheme-in-us-history-
a6730761.html
Bank Hackers Steal Millions via
Malware
Feb. 14, 2015
https://www.nytimes.com/201
5/02/15/world/bank-hackers-
steal-millions-via-
malware.html
IT6 (EXER MT1)
Class Schedule: MW 11:00-12:30 July 29, 2019
FIFA coins. They then
subsequently exchanged
their FIFA coins on the
secondary market for
over $16 million.
Three men were charged
with stealing date from
millions of people around
the world, as part of a
hacking conglomerate
that spanned the best
part of a decade. The trio
themselves allegedly
described the incident as
“one of the largest thefts
Public, ✓
of financial-related data C $100 M USA 240 months Not given
Private
in history”. Thought to
have been operating out
of Israel, the trio targeted
major corporations,
including major US bank
JP Morgan Chase & Co,
stealing personal data
and then selling it on to a
large network of
accomplices.
A group of Russian-
based hackers
(Carbanakcybergang)
managed to gain access
to secure information
from more than 100
Public, ✓ Russia
institutions around the C $1 B N/A N/A
Private (Worldwide)
world. The cyber
criminals used malware
to infiltrate banks’
computer systems and
gather personal data,
They were then able to

Bague, Emma Ysabel U.
Carniyan, Joyce B.
United States vs. Vladimir
Drinkman, Alexandr Kalinin,
Roman Kotov, Mikhail Rytikov,
DmitriySmilianets
July 26, 2013
http://www.insidecounsel.com/20
13/07/26/five-hackers-charged-
in-biggest-cyber-crime-case-i
United States vs. Ivan
Turchynov,
OleksandrIeremenko, and
PavelDubovoy, ArkadiyDubovoy,
and Igor Dubovoy
August 11, 2015
https://www.fbi.gov/contact-
us/field-
offices/newyork/news/press-
releases/nine-people-charged-in-
largest-known-computer-
hacking-and-securities-fraud-
scheme
Russia vs. Dmitry
OlegovichZubakha
February 22, 2015
https://www.tripwire.com/state-
of-security/government/10-
IT6 (EXER MT1)
Class Schedule: MW 11:00-12:30 July 29, 2019
impersonate online bank
staff to authorize
fraudulent transfers, and
even order ATM
machines to dispense
cash without a bank
card.
Two hacked into
networks, another mined
them for data, and
another provided
anonymous web-hosting ✓
C $300 M Public USA TBD TBD
services to hide the
group’s activities, and
another sold the stolen
data and distributed the
profits.
The defendants were a
well-organized group that
allegedly robbed the
newswire companies and
their clients and cheated
the investing public by
engaging in an
✓
unprecedented hacking C&A $30 M Public USA 240 months $250,000
and trading scheme.
A Russian hacker who
broke into several
American retailers’ point-
✓ 1,200
of-sale system and C N/A Public Russia $1 M
months
installed malicious
software to steal
customers’ credit card
 IT6 (EXER MT1)

Bague, Emma Ysabel U. Class Schedule: MW 11:00-12:30 July 29, 2019

Carniyan, Joyce B.
notorious-cyber-criminals- information.
brought-to-justice-2/
United States vs. Andrew Alan Auernheimer is a
Escher Auernheimer member of the group of
computer experts known
114,000
November 20, 2012 as “Goatse Security” that
e-mail ✓
exposed a flaw in AT&T I&A Public USA 42 months
addresse
https://www.eff.org/cases/us-v- security which allowed
s
auernheimer the e-mail addresses of
iPad users to be
revealed.
Bangladesh Bank Heist They obtained valid
credentials the banks
May 17, 2016 used to conduct money
transfers over SWIFT
✓
https://www.boxcryptor.com/it/blo and then used those C $81 M Private Philippines TBD TBD
g/post/cybercrime-2016-the- credentials to initiate
worst-cases-so-far/ money transactions as if
they were legitimate
bank employees.
Canada vs. Chinese hackers Chinese hackers were
believed to be the people
July 29, 2014 behind the hacking of the
premier scientific
http://www.theglobeandmail.com research agency in
Not Private, ✓
/news/national/chinese-hacked- Canada. The latest C&I Canada
Given Public
government-computers-ottawa- intrusion was discovered
says/article19818728/ by the Communication
Security Establishment,
the country’s electronic
spy agency.
United States vs. Noor Aziz and Aziz and Arshad helped
Farhan Arshad operate LinkedTel, a
business that advertise a
March 1, 2015 number of ✓
I N/A Public USA TBD TBD
telecommunications
https://www.tripwire.com/state- services, including adult
of-security/government/10- entertainment, chat lines,
notorious-cyber-criminals- psychic hotlines. They

Bague, Emma Ysabel U.
Carniyan, Joyce B.
brought-to-justice-1/
United States vs. Grunin
January 12, 2015
http://blog.internetcases.com/20
15/01/12/facebook-wins-against-
alleged-advertising-fraudster/
United States vs. Matthew Keys
April 13, 2016
https://www.eff.org/cases/united-
states-v-matthew-keys
United States vs. Ricardo Hill
November 11, 2016
http://www.reuters.com/article/us
-cyber-jpmorgan-
idUSKBN1352VT
IT6 (EXER MT1)
Class Schedule: MW 11:00-12:30 July 29, 2019
illegally reprogrammed
the telephone systems,
which they then used to
make long distance
telephone calls for
LinkedTel—all at the
expense of the victim
corporations whose PBX
telephone systems had
been hijacked.
Defendant set up more
than 70 bogus Facebook
accounts and
impersonated online
advertising companies $340,00 ✓
I Public USA TBD $340,000
(including by sending 0
Facebook falsified bank
records) to obtain an
advertising credit line
from Facebook.
Three felony violations of
the federal anti-hacking
statute, the Computer
Fraud and Abuse Act
conspiracy to cause
damage to a protected $929,97 ✓
I Public USA 300 months
computer, transmission 7
of computer code that
resulted in unauthorized
damage, and attempted
transmission of malicious
code to cause damage.
Ricardo Hill was arrested
in Florida and charged in
criminal complaint filed in 100
✓
Federal Court in I customer Public USA TBD TBD
Manhattan with accounts
conspiring to operate an
unlicensed money
 IT6 (EXER MT1)

Bague, Emma Ysabel U. Class Schedule: MW 11:00-12:30 July 29, 2019

Carniyan, Joyce B.
transmitting business.
United States vs. Fidel Salinas The 28 year old with ties
to the hacktivist group
November 26, 2014 anonymous instead 2,000
✓
faced 44 felony hacking C internet Public USA 6 months $10,600
https://www.wired.com/2014/11/f and cyber stalking domains
rom-440-years-to-misdemeanor/ charges, all of which
were later dismissed.
 IT6 (EXER MT1)

Bague, Emma Ysabel U. Class Schedule: MW 11:00-12:30 July 29, 2019

Carniyan, Joyce B.
PART II – PIE CHART AND INTERNAL CONTROL WEAKNESS AND RECOMMENDATIONS

1.

A. INTEREST HARMED B. AVAILABLE OPPORTUNITIES

Weak or non-existent
internal accounting control
system
Confidentiality
Absence of an auditor or
Integrity auditing committees
Availability
Negligence or imporper
oversights

C. PERPETRATORS / FRAUDSTERS D. EFFECTS OF FRAUDS

Employee/Former
Employee Financial Loss

Juvenile Social Impact

Moral damages
Group (Outsider) N/A
 IT6 (EXER MT1)

Bague, Emma Ysabel U. Class Schedule: MW 11:00-12:30 July 29, 2019

Carniyan, Joyce B.

2.

INTERNAL CONTROL WEAKNESSES RECOMMENDED CONTROLS

Strengthening internal controls is simply a matter of defining, or clarifying, ownership roles and responsibilities. Management must find a team approach
Audit Interaction valuable. An effective team environment encompasses members from a variety of different business units and disciplines and ma y include
representatives from: Human Resources, Compliance, Investigations, Audit, General Counsel's Office, Senior Management, and Security .
One way to strengthen internal controls is by improving the communication process. This is problematic as there is no opportu nity for management to fix
something that they're unaware is broken. Regular interaction and communication between departments is paramount in this proc ess. An effective
Communication notification system operates over a central server, delivers event messaging to predefined employee s in "real time," as the event occurs, and is sent
directly to the employees and their smart devices. This level of event notification ensures that the people who need to know about an incident are made
aware in a timely manner and fosters immediate and unified response as required.
It is imperative that there are adequate segregation of duties involving custody, authorization and control of source documen ts and records. The lack of
proper segregation of duty policies is most often the root cause of many fraud and theft events in companies without strong internal controls in this area.
Using established fraud prevention best practices, financial duties (cash disbursements) should always be segregated amongst multiple
Segregation of Duties employees. Check stock should be controlled and secured, secondary levels of management approval and dual signatures on checks and payment
authorization on amounts over pre-established financial levels should be required. Further, all employee should have individual financi al transactional
levels established which vary according to their management levels, or position of authority, business unit needs and ability to obligate the business to a
financial commitment.
While technology enables us to perform essential business functions, there are direct correlations between technology, fraud events and the internal
control process. Technological applications are probably the single greatest sources of risk and exposure that businesses fac e. Robust internal controls,
including platform and network access controls, remote usage and password protection policies, are needed to regulate the entir e computing platform.
Technology
Additionally, there must be internal controls in place for all mobile computing applications and company tele communication devices like personal
computers and smart phones. Given how quickly technology is changing, strengthening internal controls in this area revolves a round fluid processes as
the technology is not static.
It is important that we test internal controls in a controlled environment as internal controls which are only tested under "live fire," real time conditions
Testing Key Control may not actually be effective controls at all. All technology and information based tools should be tested. A perf ect example of internal control testing in
the technology area involves testing access controls and information availability via online Internet information platforms.

REFERENCE:

https://www.csoonline.com/article/2127917/fraud-prevention-fraud-prevention-improving-internal-controls.html