Richard T. Ainsworth, a lecturer at the Boston University School of Law, has written a fascinating report on the use of "zappers" - programs which divert funds for systematic embezzlement of tax obligations. The paper is "Zappers: Tax Fraud, Technology and Terrorist Funding." 

Ainsworth’s paper has a wealth of information that will interest all information assurance (IA) specialists but will be of particular interest to software quality assurance auditors, financial auditors and anyone who teaches IA. It also has implications for anyone involved in vulnerability analysis.

The paper tells the story of a huge tax-evasion case in Connecticut; apparently the owners of a grocery chain stole $17 million in taxes over a decade. In another case, a married couple withheld more than $20 million in taxes over four years and supplied the stolen money to the Lebanese organization Hezbollah, described in the Encarta Encyclopedia as a “Lebanese political party and militia group committed to promoting Islamic activism in Lebanon” and by the Council on Foreign Relations as “a terrorist group believed responsible for nearly 200 attacks since 1982 that have killed more than 800 people.”

The author points out that embezzlement (skimming) has long been accomplished without computer manipulation: “It is a simple matter of keeping two tills, one for the taxman and the other for the owner.” However, he writes, “the use of technology in skimming frauds is functionally related to two factors[:] (a) business size, and (b) the fraudster’s perceived risk of detection.”

One original application of computing to this kind of fraud was observed in Australia, where a family used homegrown software to estimate the limits on how much cash they could pocket without having their fraud detected. They also hired a computer consultant to set up fake records to fool the tax inspectors. In this case, the fraud was detected by accident when a telephone tap on someone else’s phone line allowed police to discover the shipment of large sums of hidden profits by the family to accounts overseas.

In Québec, when the Canadian value-added tax (the GST, or Goods and Services Tax) was applied widely to retail commerce in 1991, independent consultants scurried to offer dishonest small and midsized business operators automated methods for cheating the government of its tax revenue. A few years ago, Revenue Québec, with the help of the Sureté du Québec (the provincial police) arrested and brought to trial several suppliers of zappers, including Audio Lab LP, which in June 2007 “pleaded guilty to developing a Zapper to ‘add-on’ to its own commercial software (Softdine) that it provided to restaurants for use in their POS [point-of-sale] systems.”

Whitepapers

• Getting in Compliance With Government Data Regulations By Leveraging Online Security Technology
• How to Offer the Strongest SSL Encryption
• Maximizing Site Visitor Trust Using Extended Validation SSL
• Seven Steps to Reducing your Security Risk
• The Latest Advancements in SSL Technology
• Vulnerability Management For Dummies

View more SECURITY whitepapers

Webcasts

• Mobile Data Security
• Best Practices for Deploying WAN Optimization for Disaster Recovery
• Key Considerations for a Successful 802.11n Deployment
• Solutions to the Toughest IT Challenges in Remote Offices
• Lowering the Cost of Email Archives
• High Availability for SQL Server 2005 Using Array-Based Replication and Host-Based Mirroring Technologies

View more SECURITY webcasts

Special Reports

• The Evolution of Network Security
• Taking Virtualization Up a Notch
• The self-managed network

View more SECURITY special reports