Richard T. Ainsworth, a lecturer at the Boston University School of Law, has written a fascinating report on the use of "zappers" - programs which divert funds for systematic embezzlement of tax obligations. The paper is "Zappers: Tax Fraud, Technology and Terrorist Funding." 

Ainsworth’s paper has a wealth of information that will interest all information assurance (IA) specialists but will be of particular interest to software quality assurance auditors, financial auditors and anyone who teaches IA. It also has implications for anyone involved in vulnerability analysis.

The paper tells the story of a huge tax-evasion case in Connecticut; apparently the owners of a grocery chain stole $17 million in taxes over a decade. In another case, a married couple withheld more than $20 million in taxes over four years and supplied the stolen money to the Lebanese organization Hezbollah, described in the Encarta Encyclopedia as a “Lebanese political party and militia group committed to promoting Islamic activism in Lebanon” and by the Council on Foreign Relations as “a terrorist group believed responsible for nearly 200 attacks since 1982 that have killed more than 800 people.”

The author points out that embezzlement (skimming) has long been accomplished without computer manipulation: “It is a simple matter of keeping two tills, one for the taxman and the other for the owner.” However, he writes, “the use of technology in skimming frauds is functionally related to two factors[:] (a) business size, and (b) the fraudster’s perceived risk of detection.”

One original application of computing to this kind of fraud was observed in Australia, where a family used homegrown software to estimate the limits on how much cash they could pocket without having their fraud detected. They also hired a computer consultant to set up fake records to fool the tax inspectors. In this case, the fraud was detected by accident when a telephone tap on someone else’s phone line allowed police to discover the shipment of large sums of hidden profits by the family to accounts overseas.

In Québec, when the Canadian value-added tax (the GST, or Goods and Services Tax) was applied widely to retail commerce in 1991, independent consultants scurried to offer dishonest small and midsized business operators automated methods for cheating the government of its tax revenue. A few years ago, Revenue Québec, with the help of the Sureté du Québec (the provincial police) arrested and brought to trial several suppliers of zappers, including Audio Lab LP, which in June 2007 “pleaded guilty to developing a Zapper to ‘add-on’ to its own commercial software (Softdine) that it provided to restaurants for use in their POS [point-of-sale] systems.”

M. E. Kabay, PhD, CISSP-ISSMP, specializes in security and operations management consulting services. CV online.