a day in the life of a cyber syndicate

A day in the life of a cyber syndicate*

ACFE SA Chapter Annual Conference

24-26 August 2009, Sandton

Adv Jacqueline Fick: PwC Advisory

*connectedthinking

Contents

Meet The BossA day from the diary of The BossHow to ruin The Boss’ dayConclusion

Disclaimer: The names, contact details, addresses and telephone numbers used in this presentation are fictitious. Thesequence of events as contained in the diary entries are based on the experience and knowledge of the presenter, gained during

the investigation and prosecution of cyber syndicates.

A day in the life of a cyber syndicate

PricewaterhouseCoopers

August 2009

Meet The Boss

Resume

• I am a thirty seven year old South African male, but do have a passportfrom another country.

• My skills include:

- Computer skills, including programming, network administration,thorough knowledge of operating systems (Microsoft and open source)

- Ability to network

- Well-developed interpersonal skills

- Entrepreneurial skills

- Sound financial management skills



August 2009

Meet The Boss

Education

Graduated from Malini High School with honours.

• Completed a degree in Computer Science.

- Completed several IT courses to stay up to date.



August 2009

Meet The Boss

Career History

Owned and taught at a computer college in Pietermaritzburg:

• Average student count was 100 per year.

• Also presented several training workshops for government departments.

Owned and operated a travel agency:

• Offices in Durban, Johannesburg and Botswana.

Free-lance computer expert:

• Programming, computer repairs, network administration.

A day from the diary of The Boss

An hourly account of his activities



August 2009

The day starts …

Calls:

1. Phone Mpimpi for appointment at 12:00 (0723670545).

2. Phone Shooter for appointment at 13:00 (0798685409).

Errands:

1. Arrange trip to London and Botswana.

To do:

1. Check email download of log files.

2. Analyse data.

3. Check for new version of spy software.

4. Check bank account.

Time: 7:00



August 2009

Business intelligence

Calls:

1. Phone Big Daddy to confirm goods are ready.

2. Phone Ms Works about BAS (011 555 7890).

Errands:

1. Pick up the goods before breakfast and place neworder.

To do:

1. Breakfast with Mr. SASSA and Doc Health at 8:15.

2. Discuss rewards and way forward.

Time: 8:00



August 2009

Meet the team

Calls:

1. Phone Mr. Stationary to confirm meeting at 15:00.

Errands:

1. Get cards before meeting.

To do:

1. Meet with the boys.

2. Discuss action plan for the week.

3. Feedback on operations.

Time: 9:00



August 2009

Disciplinary matters

Calls:

1. Phone Mr. Fuzz to confirm meeting and venue.

2. Phone Mpimpi to confirm meeting.

Errands:

1. Transfer money: account 406067558 (R10 000).

2. Get gift for Big Daddy and hand to Shooter.

To do:

1. Meeting with Shooter.

2. Agree on plan of action to sort out leaks and enforcediscipline.

Time: 10:00



August 2009

Taking stock of business

Calls:

1. Call Mr. Parlour to catch up on things.

2. Call Mpumalanga.

3. Call Gangsters Paradise.

4. Call North West to confirm arrangements.

Errands:

1. Check emails for log files.

To do:

1. Update business plan.

2. Draft contingency plan and do cash flow analysis.

Time: 11:00



August 2009

Sorting out troublesome employees

Calls:

1. Call Big Bucks and Easy Cash and confirm venue formeeting.

Errands:

1. Pick up CD’s and hand to Mpimpi.

To do:

1. Meeting with Mpimpi (take Shooter with) to reviewcommitment to organisation.

Time: 12:00



August 2009

New business opportunities

Calls:

1. Phone Lady Network to tell her cards are ready (084577 7871).

Errands:

1. Get cards and payment schedule from Ms Organised.

To do:

1. Meeting with Big Bucks and Easy Cash.

2. Determine amount of financial assistance they need fortheir children’s bursaries.

3. Discuss future business opportunities in new market.

Time: 13:00



August 2009

Contingency planning

Calls:

1. Call Big Daddy to inform about meeting with Mr. Fuzz.

2. Phone La Law about retainer and update on trials.

Errands:

1. Fax update report on dockets and trials to La Law.

To do:

1. Meeting with Mr. Fuzz.

2. Buy him a big lunch and confirm regular appointments.

Time: 14:00



August 2009

Closing a deal

Calls:

1. Call Mr. Learning Curve to confirm BAS (082 2225676).

2. Call Mr SITA to get update on security (012 555 6667).

Errands:

1. Get update on BAS entities.

To do:

1. Meeting with Mr. Stationary and Mama Big Meals.

2. Agree on business transaction and involvement of otherparties.

Time: 15:00



August 2009

Interview shortlist

Calls:

1. Call Big Daddy about possible new IT recruit and toestablish what building material he needs for his house.

2. Phone Ms HR to hear who might be interested in newbusiness opportunities.

Errands:

1. Email business plan to Big Daddy for his input.

To do:

1. Identify gaps and skills shortages in business plan.Time: 16:00



August 2009

Review operations

Calls:

1. Phone Ulundi about installations.

2. Phone the boys for update report.

3. Phone Mr. SASSA for update.

Errands:

1. Order building material for Big Daddy and send detailsto Mr. Stationary.

To do:

1. Check email for reports on new installations.Time: 17:00



August 2009

Reconciliations

Calls:

1. Phone Shooter for feedback report on assignment.

Errands:

1. Go to Mama Big Meals to confirm menu for dinner.

To do:

1. Do recon on bank statements.

2. Do recon on log files.

3. Check for updates on software.

Time: 18:00



August 2009

The day ends…

Calls:

1. Call Sassy Mama to confirm venue for meeting.

2. Call to Mr. Fuzz to follow up on hooter and flash.

Errands:

1. Pick up payment.

2. Pick up Dudu’s car.

To do:

1. Meet with Sassy Mama at garage.Time: 19:00

How to ruin The Boss’ day

Look for the things that are not thereBenefits of effective public private partnershipsPrevention is better than prosecution



August 2009


Look for the things that are not there

Investigating cyber crime calls for a new approach:

• Look for the things that are not there.

• Follow the money.

• Pro-active versus re-active.

• Why would cyber criminals target your business/government department?

• Don’t think that criminals prefer businesses over government.

• Combining the old and the new.

• Value of intelligence, informants and section 204 witnesses.



August 2009


Benefits of effective public private partnerships

Fight cyber criminals with what they are after: Information.

• Sharing of information within the business/government department.

• Industry forums.

• Cooperation between government and private sector.

• Sharing of information and cooperation between government, privatesector and law enforcement.



August 2009


Prevention is better than prosecution

Successfully investigating and prosecuting cyber crime has proven difficult:

• Focus on prevention rather than on waiting until you become a victim.

• Start at home.

• Make cyber security a business objective and integrate into businessstrategy and planning.

• De-mystify cyber security.

• Information Assurance and a Defence in Depth strategy:

- Prevent, detect, react and recover.

- Layered defence approach.



August 2009

Conclusion

• Cyber criminals are intelligent, educated and well-versed in the skill ofsocial engineering.

• Often have close ties with traditional crime syndicates.

• Leave their cyber fingerprint behind.

• Well-organised, highly resourced and not afraid to resort to violence.

• Criminals do not distinguish between private and public sector and neithershould we!

• Prevention is better than prosecution.

• Benefits of effective public private partnerships.

© 2009 PricewaterhouseCoopers Inc. All rights reserved. “PricewaterhouseCoopers” refers to the networkof member firms of PricewaterhouseCoopers International Limited, each of which is a separate and independentlegal entity. PricewaterhouseCoopers Inc is an authorised financial services provider.

We are only as strong as the weakestlink amongst us!

A special word of thanks to Inspectors Sunethe Potgieter and Stephan Gouws ofthe Commercial Branch Pietermaritzburg and my former Scorpions team, who

work tirelessly to put cyber syndicates behind bars.

a day in the life of a cyber syndicate

Documents

cyber syndicateaugust

pricewaterhousecoopers

boss day conclusion

phone mpimpi

phone shooter

phone big daddy

computer skills

update business plan