Google+ ALLHACKD: Stealing Money

Stealing Money

Wednesday, 10 April 2013



Financial theft occurs when computer records are altered to misappropriate money.  This is often done by programming the computer to route money into a particular bank account, usually 'by the use of a salami technique.
A salami technique is a method used to steal small sums of money over a long period of time, with the assumption that such small sums won't be missed.  The criminal reprograms the computer at a bank or some other financial institution so that fractions of pennies will be given to a dummy account.
For instance an account might hold $713.14863, where the `863" occurs because of the multiplication involved to figure interest rates.  Normally the computers would say this person has $713.15 in the bank, rounding up the 4 to a 5. However, a computer programmed with salami in mind would slice off those extra digits and put them into a separate account.  Now the person may only have $713.14 in the account, but who's going to notice or complain about a missing penny?
The computer is not generating new money, it's only shifting valid money to an invalid account.  This can make salami thefts hard to detect.  Once the criminal's account has grown big enough on those fractions of pennies, he or she can withdraw the money and most likely will get away with the crime.  Many thieves have tried this form of bank robbery, and many have been caught, but dozens or hundreds of such operations could be going on today without anyone's knowledge (or so the ##experts" claim).
The way investigators check to see if a salami technique is being used is to have the computer make a list of all accounts, and how many times per day over a period of days a transaction has occurred with that account.  Next, any account that is accessed an exorbitant number of times per day is checked to see how much money each of these transactions represent.  If it's tiny sums, someone's up to something!
While I don't condone such thievery, I feel obligated to point out where computer criminals have gone wrong in the past and how to avoid future mishaps.  Instead of reprogramming the computer to immediately transfer those fractions of pennies to an account, they would have been wiser to simply subtract the amounts and keep track of how much money is collected in an area separate from the account files.  Then, the portions of code which print out total bank holdings should be altered to include that hidden figure in its summation, so those minuscule amounts aren't missed.  Once the figure reaches a certain point (for instance, some random value over one hundred or two hundred dollars) only then should it be transferred to the thief s account.  I say some "random" value so every transaction on the thief s account won't be exactly the same and thus suspicious.
Such thievery requires access to a computer; usually these crimes are committed by employees of the institution at which the crime occurred, and so true hacking is not necessary.  However, when an employee with limited computer access or a complete outsider pulls off a financial theft, computer hacking will surely be involved.

0 comments: