$775K hacked from university

By: Tonya Mead, CFE, CHFI,  PI, MBA, MA Educational Psychology

Just today, I posted an article about a Nigerian living in St. Louis who attempted to obtain $12 million in fraudulent tax returns based upon private information stolen from the payroll records of public school employees after being deported in 1995 and re-entering the US in 1999.

Here is another fraud requiring attention. A native Kenyan (now a naturalized US citizen)  living in Georgia has been accused of “diverting more than $700,000 from the University of Connecticut to her banking accounts after posing as a representative of Dell Computers,” (para 1).

The prevalence of fraud on the African continent

Weary of the well-known Nigerian chain mail scam, I wanted to educate myself on other possible fraud scams.  According to an international intelligence firm, Diligence International Group, outside of South Africa, Nigeria “remains the country with the highest value of reported fraud cases, amounting to more than US $3 billion.” (para 4, line 2). Further, the company observed that they were “seeing an increase of fraud in public and private sectors, primarily in financial institutions where employees are scheming with clients.” Of particular note was “insurance fraud [which] is more prevalent in Nigeria and Ghana with fraud rings [that] migrate to West African countries such as Sierra Leone, the Ivory Coast, and Gambia.” Additional suspect countries include, “Algeria, Mali, Niger, Chad, Kenya.” and others, (para 5).

But back to the fraud scam

The University of Connecticut discovered the complex fraud scheme and established that within a 30 day period, the fraudster hacked into the university’s vendor payment system and diverted money from an approved Dell banking account to accounts she controlled.

Phishing

A representative of Dell Computers explained that the criminal gained access to the Dell banking accounts using a phishing scam. According to TechTarget, criminals pass through firewalls and gain access to secure accounts by “masquerading as a reputable entity or person in email, IM [instant message] or other communication channels. After gaining access, she created a fictitious Dell Computer employee name and established a free email address from a German internet service provider to further obscure her real identity and location.

Based upon this information, there are two items requiring further discussion

  1. Schools and universities as victim organizations
  2. Prevalence of criminal acts by aliens?

Universities and schools as targets

Throughout my book, I point out that schools and universities are increasingly becoming targets for cyber crime. For instance, “criminals, target their victim organizations based upon the industry sector, size, and type. In fact, Wortley and Cornish, as well as Clarke argue that situations not only make the commission of a crime easier, but they can even precipitate, or cause crime to occur. ”  (page 25). Wortley stated further that criminal behaviors can be avoided when the relevant situational precipitators are under control. What are situational precipitators?

  1. Controlling prompts
  2. Controlling pressures
  3. Reducing permissibly
  4. Reducing provocations
  5. Rewarding compliance (this is my addition based upon my own experiences and primary research). (page 105).

Here too, it is reported that the education sector earned the lowest Botnet scores in comparison to other industries and that the US Department of Education has one of the lowest FITARA scores. These rankings demonstrate the increased risk for computer-assisted, data related and cyber crime in education.

In addition to the need for tighter cyber and data security, here we’ve talked about the lack of stringent  accountability measures and internal control systems. Such systems may have helped the university catch the fraudster sooner. According to arresting officials, “the billing system has no way to verify changes made to a vendor’s profile.” (para 7).

Law abiding?

In trying to figure out whether undocumented aliens commit more crimes than native Americans, the data has been reported from opposite sides of the political spectrum.

First, the National Bureau of Economic Research determined that immigrants experience lower incarceration rates than natives.

Second, the Heritage Foundation points to these two reports (a) (GAO-05-337R) which found that  criminal aliens constitute about 27 percent of all federal prisoners, yet represent just 9 percent of the adult population.  (para 7) The other report, (b) (GAO-05-646R) analyzed a sub-set of the criminal alien population (55,322) and found that these criminals had been had been arrested 459,614 times, an average of 8.3 arrests per illegal alien, and had committed almost 700,000 criminal offenses, an average of roughly 12.7 offenses per illegal alien.” (para 8)

Getting back to fraud data

The Heritage Foundation scanned the data contained within (GAO-05-646R) and noted (which is relevant for this article), that 49 percent of the crimes committed by aliens were for ” DUI, fraud, forgery, counterfeiting, weapons, immigration, and obstruction of justice.” (para 9)

The verdict is still out as to whether aliens commit crimes at a disproportionate rate than natives. It is clear however that the education sector experiences an increased risk for hacking, data breaches, fraud and theft by way of unauthorized access to its information systems or those controlled by its third party vendors.

Resources (non-hyperlinked)

R. Wortley, “A Classification of Techniques for Controlling Situational Precipitators of Crime,” Security Journal. 14: p.63-82, 2001.

D.B. Cornish and R.V. Clarke, “Opportunities, Precipitators and Criminal Decisions: A Reply to Wortley’s Critique of Situational Crime Prevention,” Crime Prevention Studies, Vol. 16, p. 41-96, 2003.

Tonya J. Mead, CFE, CHFI, PI, MBA, MA, Certified K-12 Administrator and School Psychologist is author of Fraud in Education: Beyond the Wrong Answer and president of Shared Knowledge, LLC https://ishareknowledge.com