The premier weekly newspaper for the legal profession in Ontario
Issue link: https://digital.lawtimesnews.com/i/50558
PAGE 12 FOCUS January 26, 2009 • Law Times Technologies open new doors for fraudsters BY GLENN KAUTH Law Times also opening up new doors for fraudsters to do their business, investigators say. "Th e thing about the new ones, especially iPhones with their Wi-Fi capability, [is] you can do the same thing as you would on a normal connection," says Tom Warren of Net-Patrol International Inc. based in Bur- lington. "Basically, everything you want from a fraudster, you take all of it and you put it in the palm of a hand now." Key to using a smartphone N for illicit activities is download- ing what's called virtual network computing software in order to control another computer re- motely. "With VNC, I can log in my network back at my offi ce and make sure people are working and so on," says Warren. "Th at for me is a very powerful tool. Now the other side of that is if I can [con- ew technologies like the smartphone are handy for business, but they're nect] to my lines at work to do good things, I can also [connect] into my work to do bad things." Lorne Lipkus, a lawyer with Kestenberg Siegal Lipkus LLP in Toronto, says the new BlackBer- ry and Apple products present a special challenge to both police and investigators trying to fi ght counterfeiting. "We fi nd that the counterfeiters have the best technology of anybody. We're increasingly to private companies for help in their work. "Th e prob- lem is that the police don't have that, but the bad guys do." At the same time, Warren says companies have yet to catch on to the need to be leery of potential fraudulent uses of smartphones. "I don't know if too many com- panies, organizations, or institu- tions are ready for what it brings." Already, Warren has found for comment by press time, but Warren says companies can do their best to stop hacking by get- ting more aggressive about track- ing who is logging onto their net- works. Still, in one recent hacking case he was involved in, it was chance that led him to the em- ployee who had been accessing a client's computers using a smart- phone. "We couldn't fi gure out what we were looking at on some I would put money on the table that out of the main insurance companies and fi nancial institutions in the country . . . they're probably infected and they don't even know it. fi nding that as soon as a new cellphone comes out, the coun- terfeiters have them." Th e technological advances mean private fi rms such as his have to keep up with the fraud- sters, which adds to costs. "It's placing a tremendous fi nancial burden on a company [and] on a brand that's trying to do things honestly," says Lipkus, who notes police without the resources to buy the latest gadgets are turning programs for his smartphone that not only let him access com- puter networks but also mask his presence. "With mine, I've also downloaded software that guards against my IP [address] being seen. It's no diff erent from any- thing else except that when you're trying to trace that IP number, you're not going to get back to me because I could be anywhere." A representative for Apple Inc. in Canada didn't return a request of the logs. Th en, the main sus- pect walked by me, and I saw the iPhone in his holster. When we asked for the iPhone, sure enough we started doing forensics on [it] and lo and behold we found ev- erything. It was luck, totally." Besides smartphones, Warren says fraudsters are still having luck even with more established tools. "Th e real major new way of break- ing into large corporations' net- works is through infection mainly out of Russia and China. I'll fi nd that the typical e-mail comes with an attachment that nobody should open up but somebody in the company will open up. Th en, a Trojan is placed in, which the an- tivirus does not fi nd because anti- virus [software] only fi nds viruses, not spyware and Trojans. What happens is it then calls back to a bot server where the attack comes in and starts taking information out of the network. I would put money on the table that out of the main insurance companies and fi - nancial institutions in the country . . . they're probably infected and they don't even know it." Trojans and spyware, of course, have been around for some time. But Warren argues the standard antivirus compa- nies were slow to meet the threat. "It was never meant to fi nd mal- ware. It was made to fi nd virus- es," he says, noting hackers have been adept at keeping ahead of the software makers. Starting from $49 /month (for one year) Now the leading criminal law research service in Canada! "Criminal Spectrum is a very easy to use service! You can quickly access statutes and cases and the links between the commentary and cases are convenient and extremely helpful." Hamish Stewart, Associate Professor Faculty of Law, University of Toronto Criminal Spectrum integrates leading authored works with the Canadian Criminal Cases decisions, a comprehensive collection of full-text unreported decisions, Weekly Criminal Bulletin case summaries, topical indexes, a case citator and search templates to make your research easier. Criminal Spectrum offers just what you're looking for to meet your criminal law information needs and includes the following authoritative works: • Canadian Criminal Cases • Martin's Annual Criminal Code with annotations by Edward L. Greenspan, Q.C. and The Honourable Justice Marc Rosenberg • Martin's Related Criminal Statutes with annotations by Edward L. Greenspan, Q.C. and The Honourable Justice Marc Rosenberg • Canadian Criminal Procedure, Sixth Edition by The Honourable R.E. Salhany, Q.C. • Sentencing: The Practitioner's Guide by Gary R. Clewley and Paul G. McDermott • Youth Criminal Justice Act Manual by The Honourable Justice Peter J. Harris and Justice Miriam H. Bloomenfeld • Drug Offences in Canada, Third Edition by Bruce A. MacFarlane, Q.C., Robert J. Frater and Chantal Proulx • McWilliams' Canadian Criminal Evidence, Fourth Edition by The Honourable Justice Casey Hill, Professor David M. Tanovich and Louis P. Strezos • Criminal Pleadings & Practice in Canada, Second Edition by The Honourable Justice E.G. Ewaschuk • Criminal Law Quarterly Choose the package you want Essential Edition • Select Edition • Classic Edition • Premiere Edition For a FREE product demo contact your Account Manager at: 1.800.263.2037 • 1.800.263.3269 • www.canadalawbook.ca Canada Law Book is A Division of The Cartwright Group Ltd. LT1215 www.lawtimesnews.com Criminal Spectrum (LT 1-2x4).indd 1 1/21/09 3:10:04 PM PDF's of the CCC's pages exactly as they appear in the law reports complete with headnotes Complicating the task of people involved in computer fo- rensics is the fact that fraudsters are able to buy larger amounts of storage at cheaper prices, says Kevin Lo, a director with LECG in Toronto. "Four or fi ve years ago, when we'd go and acquire information from a computer, we were talking maybe an 80-gi- gabyte drive. At that point, we had some pretty good technol- ogy that can acquire the infor- mation within a few hours. So now we're dealing with home computers where for the price of $200 or $300, you can buy a terabyte. A few years ago, peo- ple didn't even know about this word yet. "For us to pinpoint informa- tion that's useful, it's like a nee- dle in a haystack." Fortunately, improvements in search technology are help- ing investigators. "Th ey're mov- ing to some really advanced al- gorithms," says Lo. He points to what are called conceptual searches, which take account of the diff erent meanings a word may have, particularly in cross- cultural contexts. "If I'm search- ing for the word Coke, it can be referring to Coca-Cola soda or pop . . . So gone are the days you can rely on something called a keyword search." For Lipkus, it's precisely the fact that fraud is increasingly taking place across borders and oceans that make it such a diffi - cult crime for police to investigate. "Th is is a global problem, and it's being fought on a local level," he says, noting that someone who goes to police in York region, for example, might fi nd themselves frustrated in attempts to report a fraud. "Th ey're not equipped to deal with that fi le. Who they would be after is a very large crim- inal organization in China." For companies, Warren says that although fraudsters will fi nd their ways around attempts to close holes in their networks, a good way to protect themselves is to get more than one opinion on their security policies. "Dif- ferent companies have diff erent approaches to how they secure a network," he says. "It's always good to get fresh blood in to see what's there," he LT