- Email: [email protected]
Computer fraud& security bulletin
GOMPUTERPEE!LO SECURITY BULLETIN Volume
3 Number
1
1980
NOVEMBER
Editor: MICHAEL COMER Network Security Management Ltd, London
Editorial
Advisors:
Jay J Becker Assistant Los Angeles,
Andrew School,
Associate Editor: ROBERT V JACOBSON President, International Securitv Technoloav Inc. New York -.
District
Attorney
and Director
Jocelin
Chambers
Senior
Lecturer
in Audit
Harris
Consultant
Managing Lawyer
and Banker,
J Heims Fellow
Geoffrey
Hotwitz
MRL,
Centre
for Computer
Crime,
& Management
Control,
City University
Business
Cheshire
Director,
Zeuss
of the Institute
Executive,
Ned Equity
Norman
Management,
B Parker Senior Rabarts
Timothy
Fellow
Infiltrating
the
system
Part 1, ways and means Criminals' overtime ban Audit tools CCW is watching you
New
Systems
of the Institute Harris
Insurance
Ltd. London
Investigators,
London
Co Ltd, Johannesburg
York
Northern
Management
J Walsh President,
Consultants
of Professional
Kroll Associates,
Luker Security
Security
London
Jules B Kroll President,
Alec
Data
London
Ray Ellison Senior
Donn
of National
California
Peter Hamilton
Peter
CONTENTS
ISSN 0142-0496
Telecom Consultant,
of Chartered and Walsh
1 6 7 8
Stanford
Accountants,
Management
-
Ltd. Montreal Research
Institute,
California
London Consultants,
New
York
Bribery and corruption 9 Playing possum 9 No smoke without fire 10 No copying! 10 Is the investor always right? 11
Most of the directly computer-related frauds that we have described in this Bulletin over the past two years have been fairly simple in operation, though often devastating in effect. This is in line with most published evidence of computer crime: that it is generally simple, and it usually results from lack of the most elementary controls over the computer system - perhaps because non-data processing staff are still a little scared of computers. There may, however, be more complex computer-related frauds which have either been hushed up through embarrassment, or are still running undiscovered. Robert Jacobson firmly believes in this possibility, and in the following article he explores how it may actually occur. Having provoked readers this month, next month he will outline preventive measures.
INFILTRATING THE SYSTEM - PART It WAYS AND MEANS
Elsevier International Bulletins
Modern, large scale computers depend upon a control program or operating system to direct operations, manage resources and schedule jobs. The typical operating system can be extremely
0 1980 Elsevier Sequoia S.A. No part of this publication may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, electronic, mechanical, photocopying, recording or otherwise, without the prior written permission of the publisher.
3 Number
1
1980
NOVEMBER
Editor: MICHAEL COMER Network Security Management Ltd, London
Editorial
Advisors:
Jay J Becker Assistant Los Angeles,
Andrew School,
Associate Editor: ROBERT V JACOBSON President, International Securitv Technoloav Inc. New York -.
District
Attorney
and Director
Jocelin
Chambers
Senior
Lecturer
in Audit
Harris
Consultant
Managing Lawyer
and Banker,
J Heims Fellow
Geoffrey
Hotwitz
MRL,
Centre
for Computer
Crime,
& Management
Control,
City University
Business
Cheshire
Director,
Zeuss
of the Institute
Executive,
Ned Equity
Norman
Management,
B Parker Senior Rabarts
Timothy
Fellow
Infiltrating
the
system
Part 1, ways and means Criminals' overtime ban Audit tools CCW is watching you
New
Systems
of the Institute Harris
Insurance
Ltd. London
Investigators,
London
Co Ltd, Johannesburg
York
Northern
Management
J Walsh President,
Consultants
of Professional
Kroll Associates,
Luker Security
Security
London
Jules B Kroll President,
Alec
Data
London
Ray Ellison Senior
Donn
of National
California
Peter Hamilton
Peter
CONTENTS
ISSN 0142-0496
Telecom Consultant,
of Chartered and Walsh
1 6 7 8
Stanford
Accountants,
Management
-
Ltd. Montreal Research
Institute,
California
London Consultants,
New
York
Bribery and corruption 9 Playing possum 9 No smoke without fire 10 No copying! 10 Is the investor always right? 11
Most of the directly computer-related frauds that we have described in this Bulletin over the past two years have been fairly simple in operation, though often devastating in effect. This is in line with most published evidence of computer crime: that it is generally simple, and it usually results from lack of the most elementary controls over the computer system - perhaps because non-data processing staff are still a little scared of computers. There may, however, be more complex computer-related frauds which have either been hushed up through embarrassment, or are still running undiscovered. Robert Jacobson firmly believes in this possibility, and in the following article he explores how it may actually occur. Having provoked readers this month, next month he will outline preventive measures.
INFILTRATING THE SYSTEM - PART It WAYS AND MEANS
Elsevier International Bulletins
Modern, large scale computers depend upon a control program or operating system to direct operations, manage resources and schedule jobs. The typical operating system can be extremely
0 1980 Elsevier Sequoia S.A. No part of this publication may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, electronic, mechanical, photocopying, recording or otherwise, without the prior written permission of the publisher.