COMPUTER-RELATED FRAUD IN GOVERNMENT AGENCIES: PERPETRATOR INTERVIEWS
Document Type:
Collection:
Document Number (FOIA) /ESDN (CREST):
CIA-RDP89B01354R000400480030-3
Release Decision:
RIFPUB
Original Classification:
K
Document Page Count:
29
Document Creation Date:
December 23, 2016
Document Release Date:
December 11, 2012
Sequence Number:
30
Case Number:
Publication Date:
May 1, 1985
Content Type:
REPORT
File:
Attachment | Size |
---|---|
CIA-RDP89B01354R000400480030-3.pdf | 1.7 MB |
Body:
Declassified and Approved For Release 2012/12/11 :CIA-RDP89B01354R000400480030-3
COMPUTER-RELATED FRAUD
IN GOVERNMENT AGENCIES
PERPETRATOR INTERVIEWS
-Department of Health and Hurr,an Services
. Richard P. Kussero~
Inspector General
MAY .1985
Declassified and Approved For Release 2012/12/11 :CIA-RDP89B01354R000400480030-3
Declassified and Approved For Release 2012/12/11 :CIA-RDP89B01354R000400480030-3
EXECUTIVE SUMMARY
.The President's Council on Integrity and Efficiency directed the Inspector
General of the U.S. Department of Health and Human Services, to follow-up on
its 1983 study, "Computer-Related Fraud and Abuse in Government Agencies," by
interviewing the perpetrators of computer-related fraud cases: Staff from
HHS/OIG interviewed 46 perpetrators regarding how and why they committed their
crimes. Although not a statistically valid sample, those interviews provide
the following information on computer-related fraud among government agencies.
? The perpetrators were insiders, i.e., they were Federal employees, or
employees of state, local, and private agencies administering Federal
programs. In general they were young, good employees with an average of 5
years employment with the agency. Most had-above average performance
ratings, and most had been promoted at least once. Just over one-fifth
had a prior criminal record.
They held a wide variety of positions within the agencies ranging from a
senior program manager to an entry level clerk. T_he more common positions
were caseworkers, clericals, and data entry technicians. Most were in a
position to cause checks to be issued, although many did not-have direct
access to the computer.
? Typically, the perpetrators committed their crime by manipulating input
data to cause funds to be issued, and most were aided by co-conspirators.
They generally used one of three schemes: modifying existing cases in a
benefit or payroll system; creating false cases in those systems; or
creating false claims in a'reimbursement system. Many destroyed the paper
or electronic evidence of their crimes.
? On the average, the period of~criminal activity took place over. six
months. The number of illegal transactions per case ranged from 1 to 200
with a median of 8. The reported average loss per case was $45,000, but
about one-fifth of -the cases exceeded $100,000.
? Three-quarters of the perpetrators reported that they stole money in
response to a situational stress. Most commonly it was a personal finan-.
cial problem. or_disgruntlement with the job. Others, not motivated by
stress, had discovered vulnerabilities in the system and could not resist
that temptation.
? Nearly half reported that they didn't even think about the consequences of
their actions when they committed the crime; others assessed the risks of
getting caught as minimal. Many reported that they were personally aware
of crimes like theirs or had heard of such crimes.
Declassified and Approved For Release 2012/12/11 :CIA-RDP89B01354R000400480030-3
Declassified and Approved For Release 2012/12/11 :CIA-RDP89B01354R000400480030-3
? Most perpetrators were aware of computer security controls but assessed.
.them as weak. They described ID numbers and passwords as simplistic,
edits and screens as known and therefore avoidable, and supervision as lax
or naive regarding automated systems. They pointed out. that access to or
within computer systems was often not restricted. The perpetrators also
made a number of recommendations on how to strengthen government computer
systems.
In order to address the vulnerabilities noted in this study, it is recommended
that:
? computer fraud perpetrators be routinely debriefed;
automated system controls be strengthened;
? security and system control guidance to State, local, and private agen-
cies be reevaluated;,
line managers receive training on internal and system controls; and
personnel security procedures be reviewed.
Declassified and Approved For Release 2012/12/11 :CIA-RDP89B01354R000400480030-3
Declassified and Approved For Release 2012/12/11 :CIA-RDP89B01354R000400480030-3
ACKNOWLEDGEMENT
This report represents another step: forward in our effort to better understand
computer-related fraud in government agencies. But this step could not have
.been taken without the support of others both within and outside of the
Inspector General community. I want to recognize the efforts of-staff from IG
offices who-reviewed their files to identify new cases and to provide locating
information on old ones. The Department of Justice's Bureau of Prisons and
the Probation Division within .the Administrative Offices of the U.S. Courts
provided valuable ,assistance in locating perpetrators and setting-up inter-
views.
I would also like to acknowledge the help of the 46 perpetrators who volun-
tarily met with us during the study to discuss "their side of the story."
This. report could never have been written without their cooperation.
Finally, I would like to thank the members of my staff -Jack Molnar, Project
Manager, Gail Shelton, Jane Tebbutt, Lois Terry, and Denise Washington -for
their many efforts iri support of this project.
Richard P. Kusserow
Inspector General
U.S. Department of
Health &-Human Services
Declassified and Approved For Release 2012/12/11 :CIA-RDP89B01354R000400480030-3
Declassified and Approved For Release 2012/12/11 :CIA-RDP89B01354R000400480030-3
TABLE OF CONTENTS
EXECUTIVE SUMMARY ...................................... ..... .i
ACKNOWLEDGEMENTS .............. ................................iii
INTRODUCTION ................................. .... ...........v
OBJECTIVE..... ... ... ............................... ....vi
SCOPE AND METHODOLOGY ................................ ..........vi
FINDINGS
I. Who Were The Perpetrators? .......... ......... ........1
II. What Jobs Did They Have?... .......................3
III. How Were The Crimes Perpetrated? ........................5
IV. Why Did They Commit The Crime? ..........................11
.. ... ,.
V. What Was .The Work Environment?.... .. ..... .... ...13.
VI. How Would Perpetrators Strengthen The Systems?..........14
CONCLUSIONS AND RECOMMENDATIONS .................................16
APPENDIX A: A Perpetrator Tells His Own Story
Declassified and Approved For Release 2012/12/11 :CIA-RDP89B01354R000400480030-3
Declassified and Approved For Release 2012/12/11 :CIA-RDP89B01354R000400480030-3
INTRODUCTION
In 1982, the. President's Council on Integrity and Efficiency (PCIE), concerned
about the apparently growing incidence of computer-related fraud and abuse,
commissioned the Inspector General- of the Department of Health and Human
Services (HHS/IG) to study the problem. PCIE's charge was to provide a
perspective on the nature and scope of computer-related fraud and abuse and on
what the IG community should do to upgrade its audit and investigative skills
and activities to deal with the problem.
In response, the HHS/IG surveyed the Federal agencies to gather all cases of
computer-related fraud and abuse identified from the period January 1978 -
through March 1982. That survey obtained 172 cases (69 fraud and 103 abuse)
which were analyzed for perpetrator characteristics, techniques of per-
petration, losses, methods of detection, and controls. The June 1983 report
of this study, "Computer-Related Fraud and Abuse in Government Agencies,"
included the following findings:
? Fraud cases primarily involved theft of cash or diversion of assets,
usually through-input manipulation in benefit or payroll systems. Most
abuse cases involved use of computer time for outside business or
entertainment.
? Most perpetrators were Federal, nonsupervisory employees. Four out of
five of the fraud perpetrators earned $20,000 per year or less. Two-
. thirds of the fraud perpetrators were functional users of the computer
system, rather than-data processing personnel.
? Confirmed losses ranged up to $177,383 per case, although actual losses
were thought to be higher in many cases.
? Operating personnel found over half of the frauds and over two-thirds
of the abuses. More importantly, half of the cases were detected by
accident, which was twice the incidence of detection by either controls
or audits/reviews.
The report recommended that the IG community upgrade its expertise through
computer training and awareness programs, and also that controls in automated-
-systems be given especially close scrutiny. Because the survey responses were
incomplete in some areas, the PCIE felt that more study was called for.
Specifics about the controls in the environment of the victimized systems were
thought to be a particularly vital area for further inquiry.
Declassified and Approved For Release 2012/12/11 :CIA-RDP89B01354R000400480030-3
Declassified and Approved For Release 2012/12/11 :CIA-RDP89B01354R000400480030-3
OBJECTIVE OF THE STUDY
The PCIE therefore asked the HHS/IG to expand upon the original study by
.interviewing the perpetrators identified in the original study. The objective
was to determine what the perpetrators would-tell us about their crimes and
the vulnerabilities in government computer systems. Specific study questions
included:
? Who were the perpetrators?
? What jobs did they have?
? How was the crime committed?
? Why was the .crime committed?
? What was the work environment?
SCOPE ANO METHODOLOGY
To accomplish this objective, we first had to identify perpetrators involved
in the 69 computer-related fraud cases from the original study. That study,
to preserve confidentiality and encourage cooperation, had not identified
individual perpetrators, and therefore used only data descriptive of the
crime. Upon our request for identifying and locating information for each
perpetrator, the agencies were able to identify perpetrators from 60 of the
original 69 cases.
Because most of the crimes had been committed over three years_earlier, much
of the locating information was no longer correct. In addition to using tra-
ditional field work .techniques to locate the perpetrators, we were assisted by
two other agencies: the Bureau of Prisons at the Department of Justice
located those who were in Federal Correctional Institutions or in pre-release
programs; and the Division of Probation in the Administrative Office of the
,United States Courts assisted by locating perpetrators under the supervision
of Federal Probation Officers. Overall, we were able to locate perpetrators
for 39 of the original cases. The primary reason for failing to get such
locating information on the others was that many of the case files had been
archived. This was particularly true of Department of Def ense cases where the
perpetrator-had been discharged from military service.
We were able to interview 29 perpetrators from 21 of the original cases. We
were unable to interview the others because perpetrators in 9 cases were not
.prosecuted, 7 perpetrators refused to be interviewed, and 2 cases were still
.open.
Because more cases had occurred since the original study two. years earlier, we
requested that IGs identify all computer-related fraud cases occurring after
the original request for cases. That request yielded 18 additional per-
petrators of which we interviewed 17 (one refused). We were able to interview
three of these newer cases during their pre-sentencing period.
Declassified and Approved For Release 2012/12/11 :CIA-RDP89B01354R000400480030-3
Declassified and Approved For Release 2012/12/11 :CIA-RDP89B01354R000400480030-3
In total, we interviewed 46 perpetrators (29 original and 11 new) who were
involved in. 39 cases of computer-related fraud... These cases involved seven
Federal agencies.
Department of Agriculture
Department of Defense
Department of Health and Human Services
Department of Justice
Department of Labor
Department of the Treasury
Veterans Administration
The findings 'of this study are based largely on discussions with these ~46 per-
petrators. In addition to the data gathered during the discussions, other
sources of information, such as case files, FBI "rap" sheets, and the survey --
questionnaires from the original study, were used in the analysis. The 46
discussions do not represent a statistically valid sample of government
computer-related fraud cases. They represent the voluntary comments of per-
petrators identified for this study, and are presented to add new insights to
our understanding of this relatively new type of crime.
Declassified and Approved For Release 2012/12/11 :CIA-RDP89B01354R000400480030-3
Declassified and Approved For Release 2012/12/11 :CIA-RDP89B01354R000400480030-3
I. Who Were The Perpetrators?
When I got .out of the Navy I was job hopping. I took the PACE test
to find a secure government job and was hired as a casework repre-
sentative. I was promoted and knew I had a career. A FEDERAL
CASEWORKER
Perpetrators Were Employees, Not Outsiders
Persons using computers to defraud the government could be anywhere given
today's technology. However, as was found in the original study, virtually
all perpetrators were employees of an agency administering a Federal program.
With-virtually all of the computer-related frauds being committed by _
employees, two related points can be made: (1) since none of the perpetrators
who had gained access to the government computer system was from outside the
agency, none was a beneficiary, client, or hacker; (2) all of the perpetrators
were authorized users, i.e., it was a necessary part. of their job either to
query, enter, or modify data in the computer system or to direct the operation
of the computer system.
Just over half of the perpetrators were Federal employees, while the remaining
employees represented State (16 percent), local (16 percent), and private (12
percent) agencies. The private sector employees were under contract to a
government agency to administer a Federal program or manage an automated
system; all acted independently, rather than as part of a corporate scheme.
It should be noted however that many of the perpetrators had co-conspirators
who were not employees, but none of those personnel gained direct access to
the computer (discussion of co-conspirators in Section III).
The one perpetrator who was not an agency employee was a health care provider.
A terminal was placed at his facility by the fiscal intermediary to expedite
the submission of State Medicaid claims.
Perpetrators Were Young, Good Employees
In general the perpetrators appeared to be the younger employees. of the
agency. While those contacted during the study ranged in age from 20 to 50,
their median age was 30 at the time they committed the crime.. In comparison,
the average age of Federal employees is about 40.
Three-quarter's of -the perpetrators told us that they had attended college.
A third of those attained at-least a bachelor's degree, with some doing post
graduate work. -The other two-thirds reported spending between one-and four
years in college, with some attaining an associate degree. Even among those
who did not attend college, many had attended classes in business or computer
academies.
Declassified and Approved For Release 2012/12/11 :CIA-RDP89B01354R000400480030-3
Declassified and Approved For Release 2012/12/11 :CIA-RDP89B01354R000400480030-3
During our meeting with the perpetrators, we asked them about their job per-
formance ratings. In general, they reported that they were good employees;
only two noted unsatisfactory performance appraisals. Two-thirds noted that
they had received above average, excellent, or outstanding ratings and one-
third reported that they got average or satisfactory performance evaluations.
It was not uncommon for the perpetrator to be considered one of the better
employees in the off ice -- the one to whom other employees went to with
problems. Many were also "students of the computer system," and were called
upon to ;assist others. Additionally, a quarter of the perpetrators told us
that they had received awards for their performance. Ironically, four-of -
those award recipients received their award for designing or implementing the
computer system they ultimately stole from. For example, a programmer with a
Federal agency working on a payroll system got a cash award in 1981 when he
set up the electronic funds transfer for his agency's payroll system. In
1982, he used that same system to steal to support his cocaine habit.
Another indicator of the perpetrators' success with the agencies, is the fact
that about three-quarters had been promoted or advanced in job respon-
sibilities while at the agency.
Based upon our discussions with the perpetrators, it appeared that most of
them had sought out permanent, government employment. For -example, for a
third of the perpetrators this was the job they sought after getting out of
.school. For another third, they had consciously sought out a permanent,
government job after having worked elsewhere.
Although they were among the younger employees of the agencies, the computer-
related fraud perpetrators had spent an average of over five years with the
agency before they began to commit the crime. Time on the job before the
crime ranged from-one year to 20 years, and varied by type of employer. While
Federal employees had been with their agency for an average of six and a half
years when they committed their crime, this figure dropped to five years for
State employees and three for employees of local public agencies.
Some Had Criminal Records
One of the most surprising findings that resulted from our discussions with
the perpetrators was that almost one-quarter of them had prior criminal
records when they were hired by a government agency. While a few admitted
that they had hidden that fact from their employer, others reported that they
were hired under special programs for ex-felons or that their employment was
an acknowledged condition of their probation. The earlier crimes of the per-
petrators ranged from rape and armed robbery to-white collar crimes of
embezzlement and forgery. For some, the computer-related fraud was their
second crime, but for others, it was but one'in a series of criminal activi-
ties. It is also noteworthy that while 18 percent of the Federal employee
perpetrators had previous criminal records, this figure was as high as 43 per-
cent for State and local employees. None of the private employees had a
former criminal record.
Declassified and Approved For Release 2012/12/11 :CIA-RDP89B01354R000400480030-3
Declassified and Approved For Release 2012/12/11 :CIA-RDP89B01354R000400480030-3
.Time on the job before the fraud was committed varied between those with a
criminal record and those without one. For example, only 14 percent of those
without criminaY records committed their computer-related fraud within one
year of being hired, as compared to 40 percent of those with a criminal
record. Similarly, the median length of employment with the victimized agency
for ex-offenders was only 3 years, in contrast to 6 years for those without a
criminal record. And, two-thirds of the ex-offenders were~in the specific job
-from which they committed the crime for less than one year, compared to only
one-third of those without prior records. Apparently the opportunity to com-
mit fraud was seized- more quickly by those with prior records. Carla and
James are two such perpetrators.
When we talked to Carla it was in a Federal prison. This was her
third time in jail. In the early 1970's, she was sentenced to 3
years in a State prison for forgery and was later convicted of
welfare fraud in the mid-I970's. In fact, she was on.probation for
welfare fraud when she was hired by a county welfare agency as a
clerk-typist in their data center.. An A.A. degree in accounting,
hard work, and good evaluations won her a data center supervisory
position within one year.
At about this time, she met James, a data input technician working on
the same program. James had been hired under a special program for
ex-offenders. He had been arrested and convicted at least five times
in the six years prior to being hired. The charges included theft of
government property, credit-card theft, forgery (27 counts) and fire
arms violations. During our interview, he readily admitted that he
was a career criminal. During. his first year on the job, he too had
been promoted, but he also acquired a drug addiction that could not
be financed by his $10,000 per year salary.
Together, James and Carla developed a plan to steal to support his
drug habit and supplement her salary. Four months, fifty cases, and
$120,000 later they were caught by a computer match.
II. What Jobs Did They Have?
I didn't need to sit at a terminal to do my job. I just filled
out forms. In keypunching, they never check anything. They just
entered what was on the form. A FEDERAL VOUCHER CLERK
Perpetrators Had A Broad Range Of Jobs
The perpetrators held a wide variety of jobs at the time they committed the
crime. The positions ranged from secretaries to .senior program managers and
from entry level clerks to highly trained systems analysts.
Declassified and Approved For Release 2012/12/11 :CIA-RDP89B01354R000400480030-3
Declassified and Approved For Release 2012/12/11 :CIA-RDP89B01354R000400480030-3
The-most commonly occupied job type (35 percent) was that of caseworker. This
is a relatively discreet group of employees in entitlement programs who deter-
mine eligibility and the amount of the payments to be made to program benefi-
ciaries. Most of these employees met directly with the public, but some made
decisions based upon the case files. None were in supervisory positions.
(See Table A).
The next most frequently held job type (28 percent) was that of computer sup-
port or technical personnel. These are both professional and support staff
whose raison d'etre was the computer system itself. About half could best~be
characters-as data entry technicians, i.e., non-supervisory employees, who
sat at video terminals and entered data into the system., More often than not
they made no evaluation of or deci"sion on the data; they just entered it. The
remaining technicians were more involved with the overall operation of the
computer. Three were computer professionals who either designed and wrote
programs, or supervised the operation of large management'in~formatton systems.
The others were support personnel working in the data center doing such things
as loading decks of cards, hanging tapes, or managing the hard copy output.
'The third most common position (26 percent) was held by persons with clerical
-titles. This category included employees whose primary responsibility was to
review and process paper, such as case files, payroll forms, or vouchers and
bills for goods. or services rendered to the agency. As a normal part of their
job they were functional users of the computer, but they would not spend all
of their time at a terminal.
Of the remaining five perpetrators, four. were line managers heading up major
management information systems or financial operations, and one was a health
care provider..
TABLE. A: PERPETRATOR JOBS
JOB
TOTAL
#
%
SUPERVISORS-
%~WITH DIRECT
COMPUTER ACCESS
CASEWORKER
16
0%
12%
TECHNICIAN
13
'38%
100%
CLERK
12
1%
67%
OTHER
5
100% ~
80%
TOTAL
46
24~
59%
Declassified and Approved For Release 2012/12/11 :CIA-RDP89B01354R000400480030-3
Declassified and Approved For Release 2012/12/11 :CIA-RDP89B01354R000400480030-3
Direct Computer Access Not Universal
In order to perform their jobs, all the perpetrators needed to modify data in
the system or have access to the computer itself. However, not all actually.
sat at a terminal or worked on a computer. Just under half of the per-
petrators performed their jobs through the creation of input documents away
from the computer. (See Table A). These documents would occasionally be
reviewed and then were submitted to technicians who would enter the data.
This is particularly true for the caseworkers. Only 2 of the 16 caseworkers
loaded data directly into the computer as a normal part of their job. However
many caseworkers did have "query-only" access to the computer system to review
the status of cases.
Typical of this are benefit program field offices-where caseworkers have
"query-only" computer terminals they can go to in order to review the status
of specific cases. However, when they want to make a change in a case they
must complete a form. That form is reviewed by one technician and submitted
to?another technician to be entered into the computer. system.
Most Worked For Benefit Programs
Just over three-quarters of the perpetrators worked for benefit programs that
issued funds, and were in a position to issue those funds. About half of
these employees worked for. federally administered entitlement programs such as
Social Security or the Black Lung program. A third worked for State or
locally administered grant programs such as Food Stamps or Unemployment
Insurance. The remainder were employees of private companies managing finan-
cial transactions for the Medicaid or Medicare programs.
The remaining perpetrators worked in administrative or staff positions, most
of ten. in various parts of payroll operations.
III. How Were The Crimes Perpetrated?
I brought the screen up with a phoney ID. I created a phoney
beneficiary and a phoney claim using my mother's Social Security
number. I just keyed it in. A PRIVATE AGENCY CLERK
Most Perpetrators Issued Funds
The 46 perpetrators interviewed for this study were involved in 39 different
criminal cases. In four instances we interviewed two perpetrators per case
and on one case we were able to reach four. Accordingly, the analysis of how
the specific- computer-related frauds were committed will be based upon 39
cases.
Declassified and Approved For Release 2012/12/11 :CIA-RDP89B01354R000400480030-3
Declassified and Approved For Release 2012/12/11 :CIA-RDP89B01354R000400480030-3
In 85 percent of the cases, the perpetrators caused negotiable financial
instruments to be issued. Most frequently U.S. Treasury checks were issued,
but checks were also caused to be issued against State agencies and private
financial organizations. In addition to. checks, a f ew cases involved Food
Stamp coupon issuances. The Stamps were usually converted to cash at about
75 cents for a dollar's worth.
The cases that did not involve negotiable financial documents included:
1. restoration of annual leave;
2. modification of income tax deductions;
3. keeping funds returned to the agency;
4. sale of false ID cards; and
5. sale of information.
Virtually All Were "Data Diddlers"
"Data diddling" is a commonly used term to describe those computer crimes
where an employee commits the crime by manipulating data before or during the
input process, or during output from the Computer system. Examples are:
changing the name, address, or bank account of a beneficiary to that of the
perpetrator or the perpetrator's co-conspirator; or erasing the history of a
payment so that a duplicate check is issued.
Over 90 percent of the cases involved data diddling. This is consistent with
the finding in the original study that most cases involved manipulation of
data. Almost all the cases involved manipulating input to the data system,
but a few involved the manipulation during both the input and output pro-
cesses. These cases involved Food Stamp issuance, and output data manipula-
tion was necessary to bypass controls, such as separation of duties, and to
conceal the fact that illegal stamps were issued.
As noted earlier, not- all of the perpetrators had direct access to the com-
puter, nor did they require direct access to-the computer system to commit
their crimes. In fact, half of the cases of input manipulation were not com-
mitted with "hands on" access to a computer. In these instances the per-
petrators, based upon their substantial knowledge of the system, were able to
create documents that were later entered into the system. by another person.
When entered, they modified data in the system to cause the illegal transac-
tion.
The three cases that would not be described as data diddling were ail com-
mitted by computer experts. In one instance, data from a criminal justice
information computer system was sold. The two other cases were technical com-
puter crimes often referred to as "Trojan Horses" which occur when a person
with programing expertise places a small, illegal computer program within a
larger normal operating program. The small program is difficult to detect and
generates the illegal transactions when the larger program is run.
Declassified and Approved For Release 2012/12/11 :CIA-RDP89B01354R000400480030-3
Declassified and Approved For Release 2012/12/11 :CIA-RDP89B01354R000400480030-3
In one of these cases, the names and addresses of .three friends of a Federal
programmer were inserted in place of three employees in the agency's payroll.
After the program was run, the sub-program was deleted so that the check went
to the perpetrators' friends; but a review of the computer. tape showed that
checks were issued to the employees. The second "Trojan Horse" case was quite
similar. A technical consultant from a private company working on a Federal
benefit program caused his wife's name and address to be inserted in place of
a beneficiary when the program to issue the entitlement check was run.
Three Schemes Predominate
The crimes committed by the perpetrators were dictated by the purpose of the
computer system on which the perpetrator worked, and in virtually all cases
involved the manipulation of data in either on-going payment systems or one-
time payment systems. On-going payment schemes occur on benefit r~ ogram .
systems where a person or family is eligible for a specific benefit such as
Social Security, unemployment insurance, or a paycheck.
Once eligibility is established, funds are issued on a regular basis., One-
-time payment schemes occur on financial systems designed to issue funds to a
vendor, provider, or beneficiary i-'n response to a specific bill or voucher for.
goods or services. With regard to .data in these payment systems, perpetrators
had two options. They could either create unauthorized files or records, or
manipulate existing files or records. This leads us to the three predominant
schemes used by the perpetrators that account for 35 of the 39~cases. (See
Chart I).
.Chart I:
~~REATE ONGOING ~CRE~ITE uNE-TIP1E
MANIPULATE ONGOING ?uTNER
Declassified and Approved For Release 2012/12/11 :CIA-RDP89B01354R000400480030-3
Declassified and Approved For Release 2012/12/11 :CIA-RDP89B01354R000400480030-3
The most common scheme, accounting for almost half of the crimes, was the
manipulation of data on existing cases in an on-going payment system. This
type of crime occurred in such programs as Social Security or other entitle-
ment programs. In such instances, the beneficiary already existed in the
program data base as a valid case. Then, seizing upon an opportunity when the
beneficiary died or lost eligibility for example, the perpetrator redirected
the check to himself or a co-conspirator. In other instances, perpetrators
have caused duplicate payments to be issued to relatives who are valid cases
on the system. A third way of taking advantage of existing cases was to iden-
tify and reactivate dormant cases and to have the benefits sent to a co-.
conspirator. The following is acommon-example of this scheme.
Bill, a caseworker, got a notification that a beneficiary had died..
Instead of terminating that person's eligibility, he went to a,bank
and opened up an account in that beneficiary's name (and Social
Security number). He then simply completed an input form that
changed the address so that the check would be sent to his bank via
direct deposit. Bill then periodically drew money out of that
account. Bill didn't have to do very much modification to the case
file in the computer. All he did was change the routing of the
check.
With the second scheme, .the perpetrators created false claims in a one-time
payment systems .and had the payments go to co-conspirators. This accounted
for about a quarter of the cases. Most frequently they authorized a payment
to a co-conspirator for bogus bills such as would be received on a purchase '
order or for reimbursement to beneficiaries for medical services. For
example:
Tom was a voucher examiner. His job was to review bills for comple-
teness and then give them to data entry technicians to be loaded into
the system so that a payment could be made. One day Tom started sub-
mitting bogus bills to the technicians. They were just like real
bills from doctors and physical therapists because there was MD or PT
after every name. That was one of the edits in the system. However,
the names and addresses were not real medical professionals, they-
were Tom's friends. Over 18 months they stole $250,000.
In the third common scheme, false records were created and added to files in
on-going payment programs. This was more difficult to accomplish than other
schemes because of the documentation required to establish eligibility. In
some of these cases the perpetrator used the identity of co-conspirators,
while others went through the process of creating false identities.
Declassified and Approved For Release 2012/12/11 :CIA-RDP89B01354R000400480030-3
Declassified and Approved For Release 2012/12/11 :CIA-RDP89B01354R000400480030-3
Some employees used both versions of this scheme with a food stamp
program. First they had friends come to the office and apply for
food stamps. They needed real Social Security numbers and matching
names because that was a control in the system. Once they had the
real name and number, they put false income data on the application
and their friends become eligible for benefits..
Then when the Cuban and Haitian boat lift people began arriving, the
.eligibility system broke down. The newcomers become eligible for
benefits but didn't have Social Security numbers. In order to by--
pass the Social Security number control, the program officials
adopted a system of pseudo-Social Security numbers, that could be
issued in each office. The perpetrators didn't need their friends'
names or numbers now; they could just create false beneficiaries with
pseudo-numbers. And they did,. .
In the schemes that involved on-going payment systems, it was not uncommon for
the perpetrator to periodically terminate their illegal cases or claims. This
was done to prevent detection. For example, cases were terminated_to avoid a
quality control audit of cases or a programmatic requirement for a periodic,
face-to-face recertification of the case. Other perpetrators, would keep a
bogus case going for only a specific number of months -usually 3 to 6.
It was also common, when creating or modifying a case in an entitlement
program, for the perpetrator to initiate the periodic payments with a large
payment. These payments are typical of adjustment in benefits caused by
retroactive eligibility or accounting for previous underpayments. This was
often not a separate act but was done by the perpetrator at the time the case
was initially modified or created.
Most Took Steps To Cover Up Their Crime
As would. be expected with a white collar crime, most of the perpetrators took
specific steps to cover up their crime. In almost half of the cases the per-
petrators destroyed the hardcopy evidence of their crime. This occurred most
.often when the perpetrator, such as a caseworker, did not have direct access
to the computer. In such cases they would destroy the input document they had
given to the input technician. But some perpetrators also had to destroy com-
puter output evidence of their crime, such as printouts or alerts produced
when their crime was picked up by a screen or edit in the system. A per-
petrator who had worked for a Federal agency said, "At first I was really ner-
vous. I had to put the case file in my brief case and walk out of the
building. When I got home I burned it. When I did it and realized how easy
it-was, I knew how bad the system was."
A few perpetrators reported that they did not have to worry about destroying
evidence of their crime. Instead they relied on virtually nonexistent filing
systems or on routine, periodic destruction of hardcopy to cover up their
crime for them. Some perpetrators also used the computer to cover up their
crime. For example, they reported that they were able to delete the record of
their illegal transaction from the system, or they relied on routine purging
of transactions from the system to cover up the crime.
Declassified and Approved For Release 2012/12/11 :CIA-RDP89B01354R000400480030-3
Declassified and Approved For Release 2012/12/11 :CIA-RDP89B01354R000400480030-3
10
Most Used Co-conspirators .
In the original study, the survey data indicated that most of the perpetrators
(75 percent) acted alone. However, based upon interviews with the per-
petrators we found that three-quarters of the computer-related fraud cases
involved co-conspirators. Beyond the psychological value of providing moral
support, co-conspirators served other specific needs. Most frequently the
perpetrators used co-conspirators who were outside the agency. These persons
were often used to provide a false ID and address and/or receive and cash
checks. In some cases, fellow employees conspired in the crime. In such
cases, this was usually necessary to bypass controls such as separation of
duties. In only a few cases, did a perpetrator use both internal and external
co-conspirators.
Most of those who did not use co-conspirators felt very strongly that this was
the only way that they could commit the crime. One senior level manager
summed it up for this group when he said, "I couldn't have. done it if I had
had to involve someone else." These perpetrators were generally older
employees, and interestingly, 60 percent of those who had acted alone had --
received awards, compared to only 20 percent of those who used co-
conspirators. All but one of the perpetrators with a former criminal record
used co-conspirators.
Only a Few Had To Bypass ID and Password Controls
Almost half of the perpetrators told us that the computer systems did not
require them to use an identification number and/or password to get data into
the system to commit their crime. This occurred for two reasons. First, as
already noted, many perpetrators didn't need direct access to the computer
system to commit their crime. (However, some of these perpetrators did have
to forge a supervisor's signature on the data entry document.) Secondly, some
,perpetrators worked on systems that simply did not require ID or password
controls for each user. This situation would typically occur where a bank of
terminals would be brought on line at the beginning of the day and shut down
in the evening. During the day any number of staff would have access to the
system.
In the remaining cases, nine perpetrators used their own ID and/or password to
commit the crime, while only eleven had to make up or steal an ID number.
Usually when perpetrators used their own ID/password it was on systems that
did not record the users identification number with the transactions, so there
was no permanent record of who made the data entry.
Those who needed another ID/password identification to commit their crime
didn't seem to have too much difficulty getting it. Some just sat at the ter-
min al during their free time and made up possible identifying combinations
until they found a valid one. In two cases a~ three alpha characters would
serve as an identifier and all the employees knew it. So it wasn't very dif-
ficult to get into the system in that office. In three other offices, the ID
number was simply an employee's initials. In these cases the perpetrator just
stole an-other worker's ID.
Declassified and Approved For Release 2012/12/11 :CIA-RDP89B01354R000400480030-3
Declassified and Approved For Release 2012/12/11 :CIA-RDP89B01354R000400480030-3
11
Frequency, Duration, and Loss Varied Greatly
The number of times-the perpetrators committed their criminal act ranged from .
one to 200. This was dictated in part by the type of scheme they used.. For
example, if the perpetrator created or manipulated data in an entitlement
.program, that one criminal act would yield a monthly check as long as the per-
petrator kept that case active.- However, if the perpetrator created false
bills in a voucher payment system that crime would. usually yield only one
check. To illustrate this fact, ;one perpetrator only made four unauthorized
entries into a benefit program computer and got over $100,000. Another
entered 55 false bills into a state bill payment system and only got $1,000.
The median frequency for committing the criminal act was only eight times,
which serves to demonstrate the potential efficiency of using a computer to
commit a crime and how infrequently the perpetrators needed to exploit the
vulnerabilities in the system.
The duration of the crime also affected the number of times the illegal act
was committed. The time from when the first illegal act was committed until
the perpetrator was caught, or voluntarily stopped prior to being caught,
ranged from one month to 72 months. The median duration of the crimes was six
months.
The reported amount of direct financial loss to the government agency ranged
from no loss to $350,000. The average loss per case was $45,000. Eighteen
percent of the cases involved losses greater than $100,000, which is somewhat
higher than the 7 percent reported in the original study. There were two
cases of no dollar loss. One was selling of information and the other was
issuing false ID for immigration purposes. Although none of the perpetrators
admitted to stealing more than had been identified in their case as submitted
to the court, .some implied during the interview that more was stolen.
IV. Why Did They Commit The Crime?
I had personal problems because I was $20,000 in debt. But I
had also worked my butt off for them and they passed me over for
a promotion. I was good and. deserved more. I decided _to get back
at them. A FEDERAL PROGRAM MANAGER
Perpetrators Stole Under Stress
Because eight perpetrators refused to admit committing a crime, we were not
able to discuss -their motives during the interview. Consequently, analysis of
motives is based upon 38 discussions. Three-quarters of the perpetrators
reported that they were responding to .or were influenced by a specific
situational stress when they committed their crime. Most of these perpetrators
stole money because of a specific family problem such as medical bills,
potential eviction or loss of a home, or loss of spousal income. Others
,reported that specific debts caused them to steal, and a few said they stole
to support a drug habit.
Declassified and Approved For Release 2012/12/11 :CIA-RDP89B01354R000400480030-3
Declassified and Approved For Release 2012/12/11 :CIA-RDP89B01354R000400480030-3
12
Still others in this group reported that their primary reason for committing
their crime was because they were disgruntled. Some were mad at the organiza-
tion, while others were seeking revenge on an immediate supervisor. A systems
analyst for a private .company confided: "I had given my soul to-that company
and I got burned. That company ended up being my life and I got caught in the
stigma of this lousy contract. with the government. They wouldn't transfer me
out. I had to show them." Furthermore, a. third of those who stole because of
a specific personal problem noted that they were also unhappy employees and
that fact made it easier for them to commit their crime.
Although most perpetrators started stealing to meet a specific need or in
response to other stresses, few voluntarily stopped once that need was met.
Only one in six of the perpetrators voluntarily stopped.
Temptation and Boredom Influenced Others
A quarter of the perpetrators reported committing their crime because an --
opportunity presented itself rather than because of some driving problem. In
some cases it was a specific event such as funds being returned to the office,
or the accidental discovery of a vulnerable procedure in the system. However,
for others it was the result of boredom or free time. In such instances the
perpetrator, often sitting at a terminal, would play with the system or play
"beat the system" in idle time until they won the game. For example:
Connie, a terminal operator for a state program, enjoyed exploring
the system. She worked in the reimbursement section and found out
that there was an emergency payment program with no screens for
payment under $1,000. "When it started I was playing with the
terminal on a break. I typed in my friend's name and then I hit
return; it was processed-. I could have cancelled it, but I didn't."
Only Some Feared Being Caught
Perpetrators reported that a factor that significantly contributed to their
committing a crime was that they didn't fear being caught or punished. Over
half said that they didn't even think about the consequences of their actions.
They reported that they acted on impulse, or that they just didn't care. One
programmer said, "the drugs were in control. I didn't even think about being
caught."
Most of the other perpetrators who said that they realized that they might
lose their job, go to jail, or be forced to pay restitution, felt that the
chances of being caught were minimal. The primary factor here was that most
felt that management was not sensitive to crime from the inside, so they
weren't being watched.
Declassified and Approved For Release 2012/12/11 :CIA-RDP89B01354R000400480030-3
Declassified and Approved For Release 2012/12/11 :CIA-RDP89B01354R000400480030-3
13
V. What Was The Work Environment?
Everyone had an ID number and there was a password to bring
the system up. But the codes and ID numbers were on the wall,
so everyone and anyone could see them. No one cared. A STATE
CLAIMS EXAMINER
Controls Seen As Weak
Not suprisingly,.most perpetrators rated computer security and internal
controls in their offices a~ weak and not a significant barrier to their
crime. While over 80 percent of the perpetrators were able to identify
specific examples of computer security, three-quarters of these said it was,
weak.
The most common examples of security noted by the perpetrators were various
types of~access controls. Most systems required personal ID codes and/or _
passwords. However, as mentioned earlier, perpetrators easily found ways to
bypass the ID and password controls, or did not need direct access to the
system. Usually however, the access code gave the user full access to the
system. In only a few cases was the user limited to specific files or types
of transactions.
Other common controls noted by the perpetrators were screens, edits, or alerts
that were built into the system. Generally these features would limit the
amount of checks that could be issued or would send a hardcopy message back to
the office that. a specific, atypical transaction had been initiated. A third
form of control noted by the perpetrators was separation of duties. In such
instances people who made eligibility or payment decisions were not permitted
to do data entry.
While access controls, screens, and separation of duties were designed into
most computer systems, poor implementation at the user level often undermined
their intent. Access controls were often simplistic, or were bypassed in
daily practice in the interest of productivity. For example, it was not
uncommon for ID numbers to be the users' initials or any 3 digits. Also,
passwords and operating codes were often issued in memos or manuals. Ter-
minals, once brought on-line by an authorized operator, were often left on
when the operator left the terminal. Edits and screens in the system were
well known to all system users and the perpetrators-usually just steered clear
of them. A few perpetrators reported that it was not uncommon, when a backlog
or special event arose, for managers to lift the edits or screens to speed -up
the input process.
The security intent of separation duties would be breached when, due to
staffing changes, a person was trained in both input and output duties or
simply when terminals were left unattended after being brought on-line. For
example, some offices have separate terminals for query-only and input. A
number of caseworker perpetrators, who had query-only authority, said. it was
easy to just walk in and sit down at an input terminal under the guise of
,doing only a query and then to enter an illegal transaction.
Declassified and Approved For Release 2012/12/11 :CIA-RDP89B01354R000400480030-3
Declassified and Approved For Release 2012/12/11 :CIA-RDP89B01354R000400480030-3
14
Perpetrators Were Aware Of Other Crimes
Another factor that influenced the perpetrators was their perception that the
system was vulnerable. Two-thirds of them reported that they were aware of
other crimes ".like theirs." Half of these said they knew of specific crimes,
while the others said they had heard of such crimes. In the wake of a com-
puter crime, it was common for the modus operandi of the perpetrator to be
spread by rumor. In a few instances the crime seemed to pervade the office.
This was particularly true when supervisors were part of the scheme. For
instance, a supervisor in one food stamp office recruited workers to be part
of a crime by showing them how to commit the crime. We were able to interview
four perpetrators from one case, but it was estimated by one that as many as
30 people were involved. In another office, the number was estimated at 14.
Perpetrators Said Supervision Was Weak
The perpetrators frequently volunteered that, "no one was watching me," when
discussing how and why their crime was committed. These reports of weak
supervision fell into two categories.
First were weaknesses associated with more traditional forms of supervision.
Perpetrators reported that supervisors didn't review their work either because
they were a trusted employee, because their supervisor was too overloaded to
review everything, or simply because work generally wasn't reviewed. If and
when work was reviewed, it was reviewed for productivity and for errors.
Employee crime appeared to be a low priority at best.
The second form of weak supervision was of a more technical nature. Some per-
petrators reported that their supervisor knew what their job was, but did not
know how they did their job at the computer terminal. This is because super-
visors often came up through the program when the job was done manually and
had never learned how the job is done on the automated system. Accordingly,
perpetrators were able to take advantage of such supervisory naivete. One
perpetrator told us, "One of the largest problems you have is that managers
have no knowledge of the systems. I finished my project 3 months ahead of
time and my supervisor didn't know." Another perpetrator who was paying bogus
bills to friends said, "My supervisor didn't know anything about the system.
Those old ladies watched me all day and never caught me."
VI. How Would Perpetrators Strengthen The Systems?
I would impress people with the idea of computer security
or any security. We knew no one was watching. A FEDERAL
CASEWORKER
During the discussions with the perpetrators we asked what could have pre-
vented them from committing their crime or how they would eliminate the
vulnerabilities in the computer system they had exploited. What follows
are their more commonly cited recommendations.
Declassified and Approved For Release 2012/12/11 :CIA-RDP89B01354R000400480030-3
Declassified and Approved For Release 2012/12/11 :CIA-RDP89B01354R000400480030-3
15
Random Case Validation
Perpetrators who modified existing cases or created false cases said they
exploited the fact that cases weren't verified. They said that when case
files were reviewed, it was just a paper review. No one actually spoke to the
beneficiary. In fact, one of the major problems. perpetrators had in con-.
cealing their crimes was dealing with periodic case recertifications. It was
common for a perpetrator to have to terminate a false case when a recer-
tification notice went out. Perpetrators recommend that. supervisors randomly,
openly, and on an ad hoc basis contact beneficiaries to verify their existence
and the status of their case. It appears that a very small sample, with only
a telephone inquiry, would have raised the risk of detection sufficiently to
preclude some of the crimes.
Rotate Caseload
Some perpetrators were able to conceal their crime and control their bogus
cases because they were permanently assigned a specific caseload. Case
assignments are often based on alphabetical order or the end digit in the
beneficiary's ID number. Perpetrators recommended rotating caseloads to
assure that one person doesn't have permanent control of a case.
Identify Workers With Their Transactions In The Database
Perpetrators noted that they were able to anonymously enter bogus data into
the system. Most systems which the perpetrators worked on did not identify
the input technician and/or caseworker with the transaction. Consequently,
the perpetrators felt that the system "wasn't being watched." The per-
petrators recommended that the system identify the persons who authorizes
and/or inputs each transaction.
Limit Access Within The System
Perpetrators noted that they were often able to commit or cover-up their crime
by using override or force codes in the system. Such codes give the per-
petrator the opportunity to delete data from the system or to bypass edits and
screens. Perpetrators recommended that system users' access be limited to
only the codes or types of transactions they need to do their job and suggest
that this be controlled by each user's ID and password.
Enforce Security Features
Some perpetrators were able to commit their crimes despite computer security
features specifically designed to prevent such crimes. Sometimes computer
controls were bypassed to promote office efficiencies, while in other
situations they were not in effect because of benign neglect. Perpetrators
recommend that the purpose and value of computer system controls be stressed
to first line managers and that. persons in charge of computer security
periodically evaluate the implementation of specific controls.
Declassified and Approved For Release 2012/12/11 :CIA-RDP89B01354R000400480030-3
Declassified and Approved For Release 2012/12/11 :CIA-RDP89B01354R000400480030-3
16
CONCLUSIONS AND RECOMMENDATIONS
Investigations of computer-related fraud cases are generally limited to the
facts necessary to prosecute the alleged perpetrator. The findings from
interviews with perpetrators described in this report add to earlier findings
reported by Inspectors General which were based on data in their files. For
example, interviews reported the involvement of co-conspirators in many more
cases than IG files suggested. Similarly, interviews provided more descrip-
tive information on how the crimes were perpetrated and the effectiveness of
system controls.
Debrief Perpetrators Routinely
Law enforcement officials and criminologists often interview persons convicted
of economic crimes to identify the characteristics of a subset of per-
petrators. Because computer fraud is a relatively new area of economic crime,
we believe that interviewing these perpetrators will add to the growing body
of .knowledge in this area; and .that findings from interviews can be used by
.management and Inspectors General to prevent additional fraud cases. We
recommend, therefore, that:
? Inspectors General routinely debrief perpetrators of computer fraud to
identify the specific vulnerabilities in their computer systems;
? Inspectors General provide feedback to management on the findings from
perpetrator interviews and assure that controls are instituted to
correct vulnerabilities; and
? Inspectors General, program managers, and systems security officers
include perpetrator case histories in training on computer crime and
computer security, both to heighten awareness and to ac t. as a
deterrent.
Strengthen Automated System Controls
Perpetrators reported that the existing controls in the victimized systems
were weak and easily bypassed. IDs and passwords were simplistic and/or
public knowledge and gave the user access to the whole system, rather than
only the applications or transactions necessary for the user's job. A number
of the victimized systems did not identify or maintain a record of the speci-
fic individual who authorized or input the data, creating the atmosphere of
anonymity and severely hampered later review or investigation. Screens and'
edits were easily circumvented by users or lifted by management in the
interest of productivity. These findings suggest the need to implement addi-
tional controls to strengthen the integrity of automated systems and prevent
the perception that "no one is watching." We therefore recommend that:
? All payment systems be capable of enforcing personal accountability, by
including such features as personal identification and authentication,
and audi t trai 1 s;
? Access controls in such systems limit user access to only the programs,
records, or transactions required by the user's job responsibility; and
Declassified and Approved For Release 2012/12/11 :CIA-RDP89B01354R000400480030-3
Declassified and Approved For Release 2012/12/11 :CIA-RDP89B01354R000400480030-3
17
?. Management periodically review the adequacy and implementation, of all
automated systems controls and security features, as required by OM6
Circulars A-71 (TM-1) and A-123.
Guidance to State, Local, and Private Agencies
Federal agencies have a substantial investment in State, local, and private
computer systems, both because the Federal government finances most of the
development and maintenance costs of such systems, and because those systems
control the allocation of Federal funds. Yet these systems appear to be
vulnerable. About half of the perpetrators worked for State, local, or pri-
vate agencies that were administering Federal. programs. It is recommended-
that:
? Federal agencies re-evaluate, their guidance to State, local, and pri-
vate administering agencies regarding computer security and controls;
and
? Vulnerabilities in State, local, or private agencies computer system be
addressed with the same vigor as those in Federal systems.
Training and Awareness of Line Managers
The original study observed IG investigators were not fully aware of internal
control procedures for automated systems. Nor were they. aware of specific
vulnerabilities in their agency's computer systems. Training in these areas.
was recommended. It appears that a similar lack of sensitivity to controls
and potential vulnerabilities exist among line program managers. The poten-
tial for employee crime has not been stressed and some managers see system
controls more as impediments to productivity than necessary security features.
It is recommended that:
? IGs and/or system security officers provide training and awareness -
programs targeted to line program managers; and
? Procedures be established for "advertising" the existence of internal
and system controls to indicate that "someone is indeed watching."
Review Personnel Security Procedures
In the course of locating the perpetrators we learned that l in 5 had a prior
.criminal record. Some were hired by the agencies under special placement
programs for ex-felons. In light of our findings it is recommended that:
? Inspectors General and management re-evaluate agency personnel security
policies and clearance practices for persons in positions of trust,
including all positions with access to payroll, benefit records, and
other payment data.
Declassified and Approved For Release 2012/12/11 :CIA-RDP89B01354R000400480030-3
Declassified and Approved For Release 2012/12/11 :CIA-RDP89B01354R000400480030-3
Appendix A
A Perpetrator Tells His Own Story
As a follow-up to our discussion with one of the perpetrators, he wrote down
-his own views of how and why he committed his crime. He has given us per-
mission to include it in the report in the hope that it may help prevent other
individuals and agencies from finding themselves in similar situations.
I am 44 years old and .married. I am a formerly admitted lawyer and former
claims examiner in a benefit program in a Federal regional office.
From June of 1980 to November 1981, while employed as a GS-11, I manipulated
financial disbursement computers in such a way as to cause the computers to
issue about 40 checks totalling about $54,000 to recently deceased benefi-
ciaries. I had the checks mailed to my home. I forged the beneficiary's
signatures and then deposited the checks in my personal checking account.
A more alert personnel security system, coupled with improved computer
security would have made my crimes more difficult to perpetrate. However, the
personnel security system was not designed to detect or flag likely violators.
As for computer security procedures, they were virtually nonexistent.
Password controls were lax. Audit trails were not examined by officials with
any eye to detecting crime. The computers were not safeguarded adequately
and, as a consequence, any number of us who had access to the ADP systems
could have initiated the same crimes that I initiated.
The scheme I used was basically foolproof. I could have gone on with it inde-
finitely. In fact, 18 months went by from the time I quit my job until the
Government, capitalizing on a simple and stupid mistake that I had made,
detected my crimes and caught up with me.
Before recounting the details of my experience as a Federal employee, I would
like to provide background of my own past. In a very real sense, my past
played an important role in what I.did. I grew up in a middle class home. A
reasonably good student, I attended Penn State for two years and then trans-
ferred to the University of Pittsburgh where I completed my studies and gra-
duated with a Bachelor of Science degree in Psychology. In 1969, I enrolled
in law school, graduating in May of 1973 and being admitted to the Bar in May
of 1974. It took me a total of 10 years to graduate because I worked to
finance my own way.
It is also noteworthy that somewhere in my high school and college career I
developed a serious drinking problem.- I would continue to drink excessively
and regularly until, at the age of 35, I brought my habit under control.
My alcoholism did not prevent me from obtaining a security clearance when I
was in the Air National Guard, where I served from 1966 to 1971, including the
period of May of 1968 until December of 1968, when as a result of the Pueblo
incident, my unit was activated.
Declassified and Approved For Release 2012/12/11 :CIA-RDP89B01354R000400480030-3
Declassified and Approved For Release 2012/12/11 :CIA-RDP89B01354R000400480030-3
While still in law school, I started a private investigations business, in a
small town, near a major eastern city. Most of my business involved injury
claims due to product malfunction and car accidents and law enforcement
related cases in which defense lawyers retained me on behalf of their clients.
I had the investigative business from 1971 until 1975.
In the mid-1910's, I began to suffer from frequent bouts of depression
stemming, I believe, from too much studies, too much outside work, and too
much alcohol. In addition, my family was suffering because we were constantly
short of cash. And I had another family problem. It was my mother, who, like.
me, had a drinking habit of equally self-destructive proportions. Eventually,
she literally drank herself to death. I tried to encourage her to give up
drinking and failed in my efforts, leaving me emotionally drained from seeing
someone destroying herself, while caught up in the same trap that I was in.
My investigative work also had become a source of emotional difficulty for me.
I was retained on one particularly grisly murder case that endangered my phy-
sical well-being and that ultimately led me to decide that I wanted to get
into a more conventional pursuit. It was that decision that caused me to
apply for a Federal job. That was in 1974.
I made another important decision in the year 1975 and I quit drinking.
I was somewhat idealistic about my government job. I felt I could do some
good for my program beneficiaries and their families. At the same time, I
hoped that change of scenery and pace would be good for myself and my family.
Unfortunately, I was soon to be discouraged with government service. I had
been promoted a couple of times and had outstanding ratings on my performance.
However, when a promotion that I wanted and felt that I clearly deserved was
denied me, I became an enraged, disgruntled employee.
As I look back, I realize that I grossly overreacted to the lost promotion. I
was in a rage -- over what I will leave to psychiatrists to explain. It was
one-thing to be angry over what I perceived to be an unjust personnel action.
It was quite another to experience the rage that I experienced.
For a time, I was -able to channel my rage, by involving myself in union work.
I became president of a local union for Federal employees representing
employees in four agencies. I also served as a substitute for a national
representative, when there was no such representative in my area for a time.
I found the union work to be very satisfying. I didn't get paid for it, but I
felt that I was able to help people to get a fairer shake than they were
getting.
However, the emotional problems that I mentioned still remained within me and
I made a scapegoat out of my agency. By now my family was living better than
I ever lived. My wife and I were both bringing home good salaries. .So we
didn't really need more money. Yet for reasons to this day that I am unsure
of I began to devise a scheme to steal through my agency's computer system.
Declassified and Approved For Release 2012/12/11 :CIA-RDP89B01354R000400480030-3
Declassified and Approved For Release 2012/12/11 :CIA-RDP89B01354R000400480030-3
Having grown up with traditional middle class values, I had never stolen
anything before in my life. Also, as the product of a middle class environ-
ment, I had always been astonished at the criminals I had known in my investi-
gative business because of their lack of fear of getting into trouble. Yet
now, for the first time in my life, I found myself plotting a crime -- and,
if that wasn't unpredictable enough, I found myself not fearing getting caught
or getting incarcerated.- I know from my own experiences that career criminals
do not feel humiliation when they are apprehended. They, in most cases, don't
seem to be deterred by the prospect of going to prison. For about a year and
a half, I was in that frame of mind myself. For lack of abetter term, I
would describe myself, during the time period in question as burnt out. I was
obsessed with one objective -- and that was to beat my agency illegally and to
get away with it.
My scheme went like this:
I would note the death of a beneficiary who had been receiving a monthly
entitlement check. I would be alerted to the death because I would receive a
computer message that a check had been returned with this notation, "Possible
Death of Payee. "
Next, the office would send out a letter to the beneficiary's address asking
for information as to the beneficiary's status. We would receive a response
confirming the death. I would then ascertain that there were no other
possible claimants. I would then proceed with my scheme.
First, I would remove the entire case file from the office. I took it home
and destroyed it.
Second, I would enter into the computer a message that the beneficiary had
undergone a change in financial circumstance -- a large number of medical
bills, for example. I would make a retroactive benefit totalling less than
$5,000. Anything under $5,000 I was authorized to process without
another section's participation. In theory, two persons' computer access
cards were necessary to create the benefit checks that I created by myself.
However, there was no security regarding those cards, as the cards of other
employees who may have been absent from the office, were just left lying
around, totally unsecured. Additionally, each employee had a personal ID
number to be used to log on to the computer when the access card was put in
the terminal. I was able to steal another employee's ID number by standing
behind them as they logged on. I simply watched their fingers as they typed
their ID number.
Third, I would alter the beneficiary's address. Instead of sending the check
to the beneficiary's home, I directed it to my address.' However, because you
needed two employees to complete such a transaction, I first used my own
access card and ID to initiate the change and then I used another employee's
card and ID to confirm the change. It was easy.
Fourth, I would terminate the beneficiary's case on the computer a month
later. In six months, I knew the computer would erase all memory of the case
and its history. That is why I call this a fool-proof scheme.
Declassified and Approved For Release 2012/12/11 :CIA-RDP89B01354R000400480030-3
Declassified and Approved For Release 2012/12/11 :CIA-RDP89B01354R000400480030-3
The checks would come to my house. I would sign the beneficiary's name, then
endorse it myself and then deposit it in my personal account. I quit com-
mitting the crimes in November of 1981. Four months later I resigned, and
about a year and a half later, the crimes were detected.
The mistake I made was that around the first of the year, I inadvertantly mis-
dated the date of a beneficiary's death. This, when caught in a computer
match led auditors to make a routine inquiry and they discovered several
checks going to one address.. It wasn't long before they realized that a
violation may have occurred. The Secret Service was called in. My checking
account was subpoenaed. Further inquiry established that the beneficiaries
had all died earlier than I had listed them. The authorities put together a
solid case against me.
I was indicted on many counts of mail fraud and forgery in April of 1984. I
plead guilty and was sentenced to one month in a half way house, two three-
year suspended sentences and five years of probation and ordered to make
restitution of the $54,000. I was also fined $2,000. I was also
suspended from the practice of law.
It was not money that motivated me in my crimes, it was irrational rage caused
by emotional exhaustion, the sources of which were my long time excessive
drinking, my overwork, disappointment with government service and the anguish
of watching, but being unable to help, as my mother drank herself to death.
I made as much and more money than I earned with the government. All these
factors are evidence that money or greed was not my primary motivation.
I have asked myself many. times if my agency could have done anything to pre-
dict that I, and people like me, would initiate fraud against its computer.
The answer is, yes.
The computers capable of disbursing dollar instruments were not properly pro-
tected against abuse. They were like unlocked bank vaults waiting to be
invaded. Security around these machines was almost nonexistent. So the
first thing I would say is that plant security must be considered an essential
function of personnel security. If the bank vault has money in it and if
nobody is watching, somebody, for whatever reason, is likely to steal from it.
The problem is also one of attitude. For example, one of the jobs that I had
before was as a claims examiner for aprivate-insurance company.- There was a
totally different approach to money there. Security was important to the
managers. Conversely, this attitude seemed to be lacking at the Federal
agency.
Along with improved physical security, I would point out that a more alert
personnel security system might have flagged me or someone like me for two or
three reasons.
I was a practicing alcoholic. I had a twenty-year history of heavy drinking.
My anger and rage at the agency -- most of which was unwarranted and irra-
tional, was not something I tried to conceal. If a trained investigator would
have interviewed me, I would have revealed my feelings, thereby calling atten-
tion to the possibility that I was a risk.
Declassified and Approved For Release 2012/12/11 :CIA-RDP89B01354R000400480030-3