The Law addresses computer fraud in different ways. The law is aimed at protecting illegal access to a computer system or exceeding authorized access. It protects access to and mishandling of or misusing protected information ending up in causing harm and or monetary loss to the victim of such activities. Congress amended the act in 1986 to include intentional access and steeling something of value (Adams 1996). As the scenario has put it clearly, the criminal was either using an account on the banks computer system legally assigned i.e. the user was granted the right to use the computer as an employee but decided to misuse the privileges accorded her by the Bank by involving herself in a criminal activity. The criminal could also have hacked into the banks computer network illegally. Whichever the case, the activities are addressed in the law of computer Fraud act. The criminal had access to valuable information about the companies that were affected. Such information is classified information and therefore accessing the information and using it for obtaining monetary benefit while causing distress to the bank and its customers is a federal crime. Unauthorized cases have been prosecuted as in the case of Andrew Auernheimer who was convicted of identity theft after he illegally gained access to AT&T computer system and stole customer emails and later claimed the responsibility (Vogel 2013). In the current scenario, the Computer Fraud Act of 1986 applies because the crime was committed while someone had access to the banks computer system.
The legislation is covered as a section of the Patriot act of 2001. It addresses the money laundering crime. The law is aimed at protecting terrorist funding using United States Financial system or anonymously move funds obtained from or destined for illegal activities (Murphy 2001). Financial institutions are the main targets of international criminal rings who defraud individuals or businesses to fund other criminal activities. Such groups work with insiders in the banking systems to create and run anonymous accounts which are used to hind such funds as described. Since the criminal involved are moving money from the victim accounts to other banks in other states, it is a step of layering (Murphy,2001) a method used by criminals to cover their steps after obtaining stolen money drug trafficking money or other forms of dirty money. The money is hidden in different individual accounts and the criminal later deposit money from these activities to the banking system in other countries or put it to investment that cannot be easily traced (Murphy, 2001). In our scenario money is being moved from a bank in Georgia to other banks in different states. The money is then sent out to banks located in other countries. This means it is not a one person crime but rather many people are involved. By transferring funds from one bank or multiple banks in the United States to international Banks the patriot Act becomes applicable.
This case needs proper approach and preparation to investigate. Since the matter has already been handed over to business client lawyers, it touches other institution and it runs across state line it is not a case that the bank can investigate internally. The Bank need to work with Federal Agencies with jurisdiction over the State of Georgia and beyond and can go after the accounts in Bank A,B and C which are located indifferent geographical locations. Our main aim is to get to the root of the fraud within the Banks in the United States. The following agencies will work with VL Bank.
The lawyers of VL bank will work as the legal guides who will lead in forming the investigation team due to legal issues that the case involves. Thy have the knowledge of who has legal jurisdiction of what the investigation may involve and also the regulations guiding monetary fraud and cybercrimes. The lawyer will involve the following agencies and experts.
This is the agency mandated by the department of justice to protect the United States banking financial system. Through its Electronic Crime Task Force the Secret Services is capable of investigating Cybercrimes within and out of the US. Since the crime involve as wiring money to offshore bank accounts the agency will work with international tasks force against money laundering in the countries where the offshore banks accounts are located. From what has been mentioned in the instructions, the suspect may be working for a gang of international criminals. This could have been an opportunity the gang of international criminals found through its cyber activities. The agency will contact Bank A, B, and C and notify them of the intended crime investigation within their business. The Agency may directly investigate activities in these banks or work with the FBI or other local law enforcement agencies. The main role would be to initiate the investigation and pressure the involved agency for results. The secret services will contact the offshore banks for the possibility of finding out who are the offshore account owners in an effort to recover the lost funds or initiate international criminal prosecution. The foreign banks may be pressured to cooperate with the request from the secret services due to the countries being members of anti-money laundering partnership NB to be verified.
The FBI is the main investigative agency of the United States department of justice. The company will need to acquire the clearance to investigate it employees within the shortest time possible before the suspects interfere with evidence of their activities in the computer system. The company wills under the guidance of the FBI agent arrest the computer of the manager who has access to the business account access and the computers for any other employee who may be found to be a suspect. These are the initial suspects of the crime until they have been cleared after the investigation is complete. The computer forensic experts will also test the system for possible hacking through web based intrusions to the bank computer system. Working with the two agencies, the investigation team will set the guidelines for the investigation. They will define the type of expertise needed to effectively conduct internal and external investigation. The following experts will be involved in the investigation.
Using technology, the computer forensic experts will analyze the computer identified within the Bank as suspects. The experts will use technological tools recover deleted files in the hard disks of the computers of the suspects. They will examine the storage disks retrieve from internal suspect’s offices as well as aid the secret services in directing its team on what to look for as the agency investigated other banks across the nation. They will analyze email communications for traces of fraud or criminal related communication between the suspects and any network of criminals or accomplices. The Forensic team will be responsible of making credible judgment on the data analyzed and the findings generated in the process. The CISO will coordinate access to the network resources and the infrastructure for analysis. Working with both agencies Network Analysis experts will analyses the intrusions in the banks network. They will try to figure out how the Bank computer system was compromised and whether the compromise was within the bank or outside. These engineers will look into the origin of the any hacking activities and try to gather credible information that may eliminate suspicion from banks employees.
These are the people the Bank will need to evaluate the financial activities within the affected accounts. Their work is to investigate the way the accounts were operating and who had access. They will audit the genuine accounts and figure out whether the loss reported is the authentic. They will use their financial analysis tools to analyses the business losses as a result of the scandal. They understand the regulations that go with. They will look into the filed retrieved from the confiscated computers for information to do with other forms of investments the suspects may have other than the accounts opened in other banks. They will also asses the financial behaviors of the manager who had access to the login information of the affected companies.
Having defined the team of lead agencies and experts, the bank will take the next step of evidence gathering. The agents will lead in retrieving computers, storage disks and any paper trail from the company that may lead to evidence of fraudulent activities. As indicated in the instructions of this task, I am assuming the manager who has information the companies’ login to the affected accounts is a suspect. In the effort of clearing him or pinning him to the crime, we have to investigate his computer, his system account, and his department employees and audit their system accounts. This will require taking the computers, retrievable storage disks and any paper train that may bear important information for these investigations The FBI agents will be in charge of conducting interviews on the employees. This will be done per the logs obtained in the system that point to who accessed the accounts for the period of their existence and what activities were carried during such access. The FBI will aid the investigation of the secret services as the follow the money trail to Bank A, B, and C and if possible the offshore banks depending on affiliation with any local banks or international cooperation. After the findings, the Agencies will gather their findings and generate a report. Copies will be held by the agencies and the top management of VL Bank will be handed the report. The report will guide the bank management in decision making to what will be the next action
In the United States, there are regulations that restrict the way, level and activities investigators must adhere to or the victim company may find itself in legal trouble. In its effort to investigate the computer and financial issue in the current situation VL Bank must make sure it protects itself from effects of crossing the legal lines as discussed below.
VL Bank has to consider the privacy Act as a limitation to what information can be accessed and shared during the investigation. The investigation includes access to the Banks computer network. The network holds so much information in the customer database. There is a possibility that information of non-affected account holders may be accessed while the investigation is going on. This can be a problem if the information accessed leaks out. The account owners may sue the bank for information leak and this can result to heavy penalties against the bank. Noting also that the internal investigation involves other companies’ information being accessed, the bank must control what information goes to the investigators and for how long they can keep such information. Such information includes; Financial, Management, Tax ID and any other information the Bank requires while accounts are opened.
Under the privacy Act, the Bank investigation must maintain integrity of the data accessed. The information must be maintained as authentic evidence and the source maintained in the same authentic state it was received. The concern here then is maintaining customer information and data in the state it was received. The customer according to the privacy Act must request changes in writing. Therefore any accidental changes may result to bleach of authenticity. The suspects are also covered under the same regulations and whatever part of their personal information retrieved from their offices during search has to be maintained. So the investigators have to operate within the boundaries of these regulations.
There is a possibility of the items being investigated to contain privileged or proprietary information. This type of information could cause the bank to enter into legal issues with the companies affected by the cybercrime in question. The Economic Espionage Act of 1996(Cave 2007) covers sharing or access to trade secrets. This type of information include Financial, business engineering information and other information a company may keep as secret. In the case of the current investigation there is a possibility of such information being accessed by the investigators the legal issue would arise if any of it leaks the point at which VL Bank may suffer heavy financial penalties. This is where during evidence gathering the investigative team needs to have documentation of the chain of custody
There are important stages that the investigation will have to go through. As indicated previously, the investigation team has to be formed and put in place. The investigation team comprises law and non-law enforcement individual. Here there a need to control information flow and access. There are legal considerations the Bank during the investigation. There are requests that must be made to other companies and banks. Most of these aspects have legal implications that need the coordination of the Bank Lawyer. The lawyer needs to work with the CISO during team creation. He needs to get information on the security bleach and a theory of how it could have happened. This information would help the Lawyer determine the type of investigation and who should conduct it. Noting that the legal experts may not necessarily understand the technological aspects of the crime, the CISO should be able to make it as easy as possible for the Lawyer to understand that aspect to help the Lawyer determine the right approach to the investigation. Considering there are Legal communications to be made between the Bank, the clients and other Banks, the lawyer will coordinate such communications and verify that such communications are within the best interest of VL Bank where Legal issues may be touch©. He will communicate with lawyers hired by the other Farms on behalf of VL Bank. Here the lawyer will advise the CISO what could fall behind information shared and how the CISO need to minimize information sharing without jeopardizing the whole investigation or even turning tables against the VL Bank. This whole case revolves around various criminal and civil laws. In that case, the lawyer would offer Legal oversight over the whole operation. The Lawyer will oversee cooperation of the Bank employees. He will make them understand the need for the investigation and what their responsibilities and cooperation mean for a smooth ending. The Lawyer will also coordinate the investigators be making sure they are contained within the Legal boundaries of any banking, cyber and or Banking regulations. During the evidence gathering stage of the investigation the CISO will coordinate acquisition of computers and digital storage. It is the role of the CISO to make request through the IT management for computers and storage and any paper trail to be made available without data modification before it is too late. The CISO will coordinate a team equal to suspect computers so all will be arrested for investigation at the same time and within a short time of commencing investigation. The CISO is the link between the Bank and the investigation team as far as Digital information is concerned. The CISO should weigh all aspects of access request to digital information to make sure that accesses is only granted to what is beneficial to the investigation without also crossing the legal lines or exposing VL Bank to unnecessary speculation from the investigators.
Studydriver writers will make clear, mistake-free work for you!Get help with your assigment
Please check your inbox