Fraud in Canadian firms mostly an 'inside job'

Who is the most likely suspect for fraud in Canadian organizations?

A typical fraudster is a male between the ages of 30 and 49, employed at the company for three to five years, and not likely in management, according to KPMG LLP, the Canadian affiliate of global consulting firm, KPMG International.

KPMG LLP's "Profile of a Canadian Fraudster" is based on a survey of senior execs across Canada at organizations that reported cases of fraud.

The survey report identifies three common motives for fraud:

Need (28 per cent) - which may be financial, work-related, or caused by an "excessive lifestyle"

Opportunity (19 per cent) -- without which the person won't have the means to commit fraud

A character defect (14 per cent) -- greed, says the report, is a key character trait of many fraudsters.

"Bad habits" including alcohol and drug abuse, and gambling were a factor in 11 per cent of cases reported.

Fame vs. fortune

A former high-profile Canadian hacker comments on how motives have changed over the past 10 years.

A decade ago, it was more about exploration, said Michael Calce. "I think a lot of people were trying to channel their abilities to see how far they could go."

Calce gained notoriety in early 2000, for launching a series of highly publicized denial-of-service attacks against Yahoo!, Amazon.com, Dell, eBay and CNN, while he was a high school student in Montreal.

He was just 15 years old when -- using the Internet alias Mafiaboy -- he brought these large commercial sites to a halt.

Matthew Kovar, a senior analyst at Yankee Group Research Inc. in Boston estimated the global economic damage caused by Calce at US$1.2 billion.

What drove Calce to launch these devastating denial-of-service attacks?

"I just wanted to be the best hacker and was going to do whatever it took to be [recognized] as one of the elite hackers in my community," he said.

He recalled that at the time denial-of-service was extremely new and hadn't been explored much.

"I was pretty much the guy who pioneered mass denial-of-service ... My motive [was] to experiment, see how far I could go, and gain a reputation and status among my peers."

But he said today the focus appears to be monetary gain. "It's the number one motive for everyone, it seems."

Fraud -- an inside job

When it comes to fraud, the greatest threat to Canadian companies comes from their own employees.

According to KPMG's poll, 69 per cent of reported fraud cases were "inside jobs," 20 per cent perpetrated by outsiders, while 11 per cent involved collusion between insiders and outsiders.

The survey confirms what has long been held by security experts -- that internal threats are the most dangerous ones, noted Craig Silverman, co-author (along with Michael Calce) of the book, Mafiaboy: How I Cracked the Internet and Why It's Still Broken.

"But there is a flipside," said Silverman, who worked in security before moving into journalism.

"Internal people, as much as they are a threat, can be your eyes and ears," he said. He emphasized the value of corporate awareness programs that educate staff about the right way to use systems and flag things that go wrong.