Computer crime costs South Africa more money than heists and robberies, yet there is no law against hacking, writes David Shapshak
South Africa lost an estimated R326-million to computer crime last year, more money than in robberies or violent cash-in-transit heists, according to police statistics released this week.
And police are expecting an increase in computer crime this year, says Director Tiens Steyn, commander of the police’s technical support unit, under whose auspices the computer crime investigations unit falls.
David Brink, deputy chair of Absa, is quoted in Computer Week as saying the bank group, which has on average one holdup a day at one of its branches throughout South Africa, is losing more money through white-collar crime “where people are hacking into accounts and shaving off money for themselves”.
While banks and police do not release figures of how much has been stolen during bank branch holdups, armed gangs have netted an estimated R70-million to R100-million in the last few months in a spate of cash-in- transit heists.
A report by Steyn, released last Tuesday, lists the assistance given by his unit to other police units to investigate crime involving computers.
Fraud and corruption investigated for the Cape Town branch of the Office of Serious Economic Offences amounted to an estimated R310-million. Its Pretoria office investigated an estimated $3,7-billion worth of computer crime, which was fraudulently committed internationally by a South African-based organised crime syndicate.
The Organised Crime Unit in Cape Town investigated fraud estimated at R6-million. The Internal Security Branch’s Pretoria office investigated one case involving an estimated R10-million. A further loss of R204 000 was investigated in two cases in Pretoria and Nelspruit.
Computer crime is practised by organised criminal syndicates, disgruntled employees, embezzlers, or “hackers” – people who break into computer systems for fun or to prove their technical prowess.
Crimes involve intangible assets in digital form, such as bank accounts, being manipulated or transferred and money laundering – the transfer of money between various bank accounts and money formats (such as bonds, stocks or shares) until the original source of the money is untraceable. Credit-card, personal and financial information is frequently targeted by the organised crime community, police say.
Advances in remote data processing through the Internet or individual companies’ intranets, as well as rapidly improving telecommunications, increase the threat of computer crime.
Most major financial groups employ state-of- the-art security systems, known as firewalls, to protect their critical computer systems from tampering.
But there is little defence against employees inside the system who can be conned, persuaded or pressured into circumventing or compromising the security protocols to tamper with accounts.
“Crime via computer is difficult to prosecute, because offenders sometimes know a great deal more about computer technology than do prosecutors, judges and even members of the police,” Steyn says.
“As dependence on computer technology grows in South Africa and around the globe, it will be crucial to ensure that the rate of technological dependence does not outstrip the rate at which the corresponding social, legal and political frameworks are developing,” he says. “It is important to plan for security and crime prevention at the same time that computer technology is being implemented.”
Nic Turner reports that Farren Haydon of PCB Technologies says bank fraud is often the result of people with inside knowledge exploiting existing holes in the system rather than creating them.
Banks calculate interest to the sixth decimal point while any beyond that remains unseen, floating in the system. Programmers have been known to accumulate the unseen interest in phantom accounts and siphon the money off for their own purposes. “As far as misuse of computers is concerned, South Africa is ripe for the picking,” says Haydon.
South Africa’s computer systems are extremely vulnerable to computer crime for the simple reason that there is no law to deal with it.
A report commissioned by the Gauteng legislature to look into information technology and biotechnology was completed last year, and the South African Law Commission is currently looking at legislation to cover computer crime, which should be on the books by next year. The new laws would make hacking into somebody else’s computer or network without permission a crime.
Martin Pienaar of Nedbank says there have been no known attempts to hack Nebank’s online banking system. Where bank fraud does occur, it is as a result of collusion between criminal syndicates and insiders.