Investigation by KPMG
- The Company: One of the
largest third party IT enabled services provider in India, providing
outsourced customer care services to leading multinational banks. - The Fraud: The BPO faced
allegations of illegal funds transfer from customers' accounts by
compromising account PINs. There was use of social engineering by employees
to find out PINs from the customers. There was employee collusion in
obtaining false company documentation to open fake bank accounts in various
banks including the same bank. Internet based transfer of funds was done
from customers' accounts into false bank accounts. - Action Taken: The
investigation process involved a combination of fieldwork, psychoanalysis
and cyber forensics. This was apart from understanding the process of the
particular bank in question. Pinning down the culprits required procuring
information such as from where the accounts were accessed, who all accessed
that particular account over a period of time, etc. This vital information
was made available by obtaining the data from the server. Data mining tools
were also used to find out if there were some specific trends and some
particular method to it. Also, the IP addresses were tracked to the cyber
cafes from where the transactions were done.
Investigation by Debasis Mohanty, a network and application security expert
- The Situation: The security
expert in question was conducting an application security audit for one of
the customers. The application was a big business portal, which has
provisions for online bidding, shopping and various other financial
transactions. - The Fraud: During the security
audit a suspicious behavior by the application itself was noticed. It was
found that there exists one hidden account with administration privileges
besides the normal administration account and for every shopping transaction
the points earned by each user are by default shared with the hidden admin
account. On digging more, it was found that the codes had been badly
manipulated to transfer any adjusted amounts to the suspect's accounts ie
the product prices may get rounded to the upper limit and the extra amount
paid by the user automatically transacted to the suspect's account. The
code was carefully modified to evade any kind of suspicions during
manipulation at the database or application end. - Action Taken: The issue was
reported to the product manager and the prime suspects were the team
involved in the product coding. Piece of code was removed and all the
un-wanted privileges associated with the hidden account was disabled.
The suspect's account was not disabled but was kept on 'high alert'
mode to catch the culprit. The application was released as per the schedule and
it was obvious that the real culprit will attempt to access the application with
that account. Nearly, after one months of the product release the administration
received and alerted when someone tried to access that hidden account. The IP
was logged by the app and it was traced back to a local cyber café. The browser
histories in the cyber café's machines were checked and the exact PC used by
the culprit was identified. With the help of local police, the cyber café owner
was run through photographs of all the developers involved in the development.
The culprit was found to be one of the developers who left the organization
three months before the release of the product. It was a case of breach of trust
and integrity where a malicious programmer intentionally created back door in an
application and flawed it to evade any kind of detection.
Shipra Arora
shipraa@cybermedia.co.in