Behavioral & Computer Forensics: A New Interpretation of Human-Computer Interactions
(Blog Posting Part II)
(By Sri Ramamoorti and David Sems) In an earlier post at this blogsite, we noted that computers and software are, in themselves, tools of massive utility for communication and productivity. We also observed that they are empty of value and and neutrally benign when isolated from human manipulation. But technology can be a great enabler to perpetrate fraud. The recent, egregious case of Wells Fargo is instructive: employees and managers at Wells Fargo systematically created fake PIN numbers to accompany the counterfeit e-mails to push the cross-selling of multiple products to its customers. Bank employees took measures to the extreme and a consulting firm hired by Wells Fargo found that almost 1.5 million unauthorized deposit accounts were opened and unauthorized applications submitted for 565,443 credit card accounts. Beyond covering customer restitution charges, Wells Fargo Bank will pay $185 million in fines and penalties to settle what the Consumer Financial Protection Bureau calls “the widespread illegal practice of secretly opening unauthorized deposit and credit card accounts.” (CFPB Consent Order, 2016). It is quite remarkable that neither external nor internal auditors seemed to have caught whiff of this widespread scheme within the bank that led to the dismissal of 5,300 employees.
Internal controls are typically viewed as “systems and processes” devoid of the human element. We need to put the “people back into internal controls” so that we can have superior assessments of behavior/integrity risks, conflicts of interest, ethical lapses, etc. Technology is unlikely to catch fraud predicated on these types of “integrity failures.” We need a deeper understanding of “soft measures” and associated “soft controls.”
It is important for the computer forensic examiner to be both knowledgeable about technical operations of a computer, but also human behavior. Today’s “personal” devices, such as smartphones, play a significant role in connecting people’s digital lives. The exponential growth of mobile devices with incredible power at one’s finger tips makes these devices extremely connected to the human using them. People manage their entire lives based on what is on these devices. The amount of personal information stored on these devices is massive and unfathomable. From having reviewed many such devices the second author can guarantee that anyone, even if prepared for the worst, would be shocked at much of the content.
Recently, the second author was assisting law enforcement in a case where four individuals had smashed a stolen pickup truck into a gas station to “steal the ATM.” After a car chase, the police apprehended the suspects. What is interesting is that a subsequent forensic analysis of one of the apprehended suspects revealed his motivations—through his Google searches from the night before – “How much does a bank robber make?” Well, at least it appears he was doing career research to make sure it was the right choice for his future!
If one analyzes a computer just purely on looking for artifacts without the input of human behavioral considerations it could result in misinterpreted results. Computer forensic tools allow the investigator to rebuild or reconstruct what the end user was doing on the computer. The more difficult thing to do is determine “why” the user behaved in the manner demonstrated by the timeline. For instance, if the investigator sees a spike in files accessed in a folder – there are a few explanations. It could be that an anti-virus program has been executed and “touched” all the files –or it could be that the end user copied all the corporate secret files to take to their next employer. The rise in “ransomware” incidents at hospitals is a disturbing confluence of dark human behavior and the unavoidable dependence on technology.
Traditionally, computer experts and technology specialists have had a tendency to treat behavioral approaches as “fluff stuff,” and have ignored available insights—to their detriment. They have perhaps reaped the adverse effects from the “sins of quantification”—after all, everything is not simply mathematical, and subject to mathematical analysis—there are different levels of explanation, some far more cogent and helpful. As Einstein put it rather pithily, “Not everything that counts can be counted; and not everything that can be counted, counts.” We pay a heavy price for not bringing insights from the behavioral sciences to understand, and respond effectively to the fraud problem when cybercriminals’ are motivated to use technology in the planning, execution, and concealment of white collar crime. Technology may be the toolkit, but motivated people can use these tools for crime as well as productivity.
© Sri Ramamoorti & David Sems. All rights reserved.
BEHAVIORAL FORENSICS GROUPTM LLC
The Behavioral Forensics GroupTM LLC is a team of professionals with vast experience in detecting fraud, understanding why it occurs, and in recommending steps to mitigate fraud incidence within the corporate workplace, particularly within higher-level (and therefore more costly to the enterprise) executives. The fields of investigation, organizational psychiatry, accounting and behavioral forensics, and law enforcement are represented within the Behavioral Forensics GroupTM LLC. Acting in synergy to help organizations prevent, find, and/or reduce fraud, B4GTM is a premier, pioneering practice in this field.
We are blogging at: http://www.bringingfreudtofraud.com