A fraud was committed on a Core Banking System (CBS) using unauthorized access obtained using keyboard loggers.
The ‘fraud syndicate’ included, staff, external technical IT consultant, syndicated fraud users. 11 in total.
- Client: Bank
- Skills: Multi-discipline forensic skills
With the help of staff, user ID and password combinations were obtained for makers and authorizers at a branch.
Numerous anomalies in the control framework made it difficult to obtain evidence within a short window of time.
Having access to old CBS logs it was possible to create a User Behavior Analysis (UBA) and determine a possible internal staff member was the conduit to the fraud.
- User IDs and Password were obtained using physical key loggers planted by cleaning staff.
- Fraud was committed just before a long weekend which makes it possible to move the money while staff or on leave.
- Access gained was physical and due to the lack of inherent controls, fraud was possible.
- Standard controls would have been effective against the fraud.
Using UBA it was possible to identify the staff member that was material in the fraud. It was also identified that the attempt on the fraud was done more than a month prior to the fraud, however was not successful due to the maker/authorizer password changing in the interim. This is another example of complacency and getting comfortable with the current controls.