A view into the daily operations of a South African cyber syndicate, written in diary form. Based on the experience on the presenter during her investigation and prosecution of cyber cases.
1. A day in the life of a cyber syndicate*
ACFE SA Chapter Annual Conference
24-26 August 2009, Sandton
Adv Jacqueline Fick: PwC Advisory
*connectedthinking
2. Contents
Meet The Boss
A day from the diary of The Boss
How to ruin The Boss’ day
Conclusion
Disclaimer: The names, contact details, addresses and telephone numbers used in this presentation are fictitious. The
sequence of events as contained in the diary entries are based on the experience and knowledge of the presenter, gained during
the investigation and prosecution of cyber syndicates.
3. Meet The Boss
Resume
• I am a thirty seven year old South African male, but do have a passport
from another country.
• My skills include:
- Computer skills, including programming, network administration,
thorough knowledge of operating systems (Microsoft and open source)
- Ability to network
- Well-developed interpersonal skills
- Entrepreneurial skills
- Sound financial management skills
A day in the life of a cyber syndicate August 2009
PricewaterhouseCoopers Slide 3
4. Meet The Boss
Education
Graduated from Malini High School with honours.
• Completed a degree in Computer Science.
- Completed several IT courses to stay up to date.
A day in the life of a cyber syndicate August 2009
PricewaterhouseCoopers Slide 4
5. Meet The Boss
Career History
Owned and taught at a computer college in Pietermaritzburg:
• Average student count was 100 per year.
• Also presented several training workshops for government departments.
Owned and operated a travel agency:
• Offices in Durban, Johannesburg and Botswana.
Free-lance computer expert:
• Programming, computer repairs, network administration.
A day in the life of a cyber syndicate August 2009
PricewaterhouseCoopers Slide 5
6. A day from the diary of The Boss
An hourly account of his activities
7. The day starts …
To do:
Time: 7:00
1. Check email download of log files.
2. Analyse data.
3. Check for new version of spy software.
4. Check bank account.
Errands:
1. Arrange trip to London and Botswana.
Calls:
1. Phone Mpimpi for appointment at 12:00 (0723670545).
2. Phone Shooter for appointment at 13:00 (0798685409).
A day in the life of a cyber syndicate August 2009
PricewaterhouseCoopers Slide 7
8. Business intelligence
To do:
Time: 8:00
1. Breakfast with Mr. SASSA and Doc Health at 8:15.
2. Discuss rewards and way forward.
Errands:
1. Pick up the goods before breakfast and place new
order.
Calls:
1. Phone Big Daddy to confirm goods are ready.
2. Phone Ms Works about BAS (011 555 7890).
A day in the life of a cyber syndicate August 2009
PricewaterhouseCoopers Slide 8
9. Meet the team
To do:
Time: 9:00
1. Meet with the boys.
2. Discuss action plan for the week.
3. Feedback on operations.
Errands:
1. Get cards before meeting.
Calls:
1. Phone Mr. Stationary to confirm meeting at 15:00.
A day in the life of a cyber syndicate August 2009
PricewaterhouseCoopers Slide 9
10. Disciplinary matters
To do:
Time: 10:00
1. Meeting with Shooter.
2. Agree on plan of action to sort out leaks and enforce
discipline.
Errands:
1. Transfer money: account 406067558 (R10 000).
2. Get gift for Big Daddy and hand to Shooter.
Calls:
1. Phone Mr. Fuzz to confirm meeting and venue.
2. Phone Mpimpi to confirm meeting.
A day in the life of a cyber syndicate August 2009
PricewaterhouseCoopers Slide 10
11. Taking stock of business
To do:
Time: 11:00
1. Update business plan.
2. Draft contingency plan and do cash flow analysis.
Errands:
1. Check emails for log files.
Calls:
1. Call Mr. Parlour to catch up on things.
2. Call Mpumalanga.
3. Call Gangsters Paradise.
4. Call North West to confirm arrangements.
A day in the life of a cyber syndicate August 2009
PricewaterhouseCoopers Slide 11
12. Sorting out troublesome employees
To do:
Time: 12:00
1. Meeting with Mpimpi (take Shooter with) to review
commitment to organisation.
Errands:
1. Pick up CD’s and hand to Mpimpi.
Calls:
1. Call Big Bucks and Easy Cash and confirm venue for
meeting.
A day in the life of a cyber syndicate August 2009
PricewaterhouseCoopers Slide 12
13. New business opportunities
To do:
Time: 13:00
1. Meeting with Big Bucks and Easy Cash.
2. Determine amount of financial assistance they need for
their children’s bursaries.
3. Discuss future business opportunities in new market.
Errands:
1. Get cards and payment schedule from Ms Organised.
Calls:
1. Phone Lady Network to tell her cards are ready (084
577 7871).
A day in the life of a cyber syndicate August 2009
PricewaterhouseCoopers Slide 13
14. Contingency planning
To do:
Time: 14:00
1. Meeting with Mr. Fuzz.
2. Buy him a big lunch and confirm regular appointments.
Errands:
1. Fax update report on dockets and trials to La Law.
Calls:
1. Call Big Daddy to inform about meeting with Mr. Fuzz.
2. Phone La Law about retainer and update on trials.
A day in the life of a cyber syndicate August 2009
PricewaterhouseCoopers Slide 14
15. Closing a deal
To do:
Time: 15:00
1. Meeting with Mr. Stationary and Mama Big Meals.
2. Agree on business transaction and involvement of other
parties.
Errands:
1. Get update on BAS entities.
Calls:
1. Call Mr. Learning Curve to confirm BAS (082 2225676).
2. Call Mr SITA to get update on security (012 555 6667).
A day in the life of a cyber syndicate August 2009
PricewaterhouseCoopers Slide 15
16. Interview shortlist
To do:
Time: 16:00
1. Identify gaps and skills shortages in business plan.
Errands:
1. Email business plan to Big Daddy for his input.
Calls:
1. Call Big Daddy about possible new IT recruit and to
establish what building material he needs for his house.
2. Phone Ms HR to hear who might be interested in new
business opportunities.
A day in the life of a cyber syndicate August 2009
PricewaterhouseCoopers Slide 16
17. Review operations
To do:
Time: 17:00
1. Check email for reports on new installations.
Errands:
1. Order building material for Big Daddy and send details
to Mr. Stationary.
Calls:
1. Phone Ulundi about installations.
2. Phone the boys for update report.
3. Phone Mr. SASSA for update.
A day in the life of a cyber syndicate August 2009
PricewaterhouseCoopers Slide 17
18. Reconciliations
To do:
Time: 18:00
1. Do recon on bank statements.
2. Do recon on log files.
3. Check for updates on software.
Errands:
1. Go to Mama Big Meals to confirm menu for dinner.
Calls:
1. Phone Shooter for feedback report on assignment.
A day in the life of a cyber syndicate August 2009
PricewaterhouseCoopers Slide 18
19. The day ends…
To do:
Time: 19:00
1. Meet with Sassy Mama at garage.
Errands:
1. Pick up payment.
2. Pick up Dudu’s car.
Calls:
1. Call Sassy Mama to confirm venue for meeting.
2. Call to Mr. Fuzz to follow up on hooter and flash.
A day in the life of a cyber syndicate August 2009
PricewaterhouseCoopers Slide 19
20. How to ruin The Boss’ day
Look for the things that are not there
Benefits of effective public private partnerships
Prevention is better than prosecution
21. How to ruin The Boss’ day
Look for the things that are not there
Investigating cyber crime calls for a new approach:
• Look for the things that are not there.
• Follow the money.
• Pro-active versus re-active.
• Why would cyber criminals target your business/government department?
• Don’t think that criminals prefer businesses over government.
• Combining the old and the new.
• Value of intelligence, informants and section 204 witnesses.
A day in the life of a cyber syndicate August 2009
PricewaterhouseCoopers Slide 21
22. How to ruin The Boss’ day
Benefits of effective public private partnerships
Fight cyber criminals with what they are after: Information.
• Sharing of information within the business/government department.
• Industry forums.
• Cooperation between government and private sector.
• Sharing of information and cooperation between government, private
sector and law enforcement.
A day in the life of a cyber syndicate August 2009
PricewaterhouseCoopers Slide 22
23. How to ruin The Boss’ day
Prevention is better than prosecution
Successfully investigating and prosecuting cyber crime has proven difficult:
• Focus on prevention rather than on waiting until you become a victim.
• Start at home.
• Make cyber security a business objective and integrate into business
strategy and planning.
• De-mystify cyber security.
• Information Assurance and a Defence in Depth strategy:
- Prevent, detect, react and recover.
- Layered defence approach.
A day in the life of a cyber syndicate August 2009
PricewaterhouseCoopers Slide 23
24. Conclusion
• Cyber criminals are intelligent, educated and well-versed in the skill of
social engineering.
• Often have close ties with traditional crime syndicates.
• Leave their cyber fingerprint behind.
• Well-organised, highly resourced and not afraid to resort to violence.
• Criminals do not distinguish between private and public sector and neither
should we!
• Prevention is better than prosecution.
• Benefits of effective public private partnerships.
A day in the life of a cyber syndicate August 2009
PricewaterhouseCoopers Slide 24