It was funny. It really showed me the power of gradualism. It’s hard to get people to do something bad all in one big jump, but if you can cut it up into small enough pieces, you can get people to do almost anything.--Matt Knox

If you have little experience with geeks or technobable, this interview will test your techincal knowledge It provides great insight into a techy’s transition from a white hat to a black hat and his thoughts along the way.

Knox shows something we often see in workplace fraud; people with no previous history committing small fraud’s and escalating as their efforts go unnoticed.

Knox exemplifies the brazen acts these people commit as their confidence grows with each successful attempt to outwit their employer. In Knox's case, he did not attempt to only gain access to his employer's assets but those of every client his employer's servers had access to.

Interview with an Adware Author
PhiloSecurity.org - Monday, January 12, 2009

Matt Knox, a talented Ruby instructor and coder, talks about his early days designing and writing adware for Direct Revenue. (Direct Revenue was sued by Eliot Spitzer in 2006 for allegedly surreptitiously installing adware on millions of computers.)

Sherri: You wrote adware. You bastard.
Matt Knox: [sheepishly] Yes, I did. I got to write half of it in Scheme, which probably means that I deployed more Scheme runtime than anybody else on the planet.
S: Let’s back up a second. Why did you write adware?
M: I was utterly and grindingly broke for a little while. I started working on SPAM filtering software. That work got noticed by [Direct Revenue], who hired me to analyze their distribution chain. For a little while, the site through which all their ads ran was something like top 20 in Alexa. Monstrous, really huge traffic. Maybe 4 or 5 months into my tenure there, a virus came out that was disabling some of the machines that we had adware on. I said, "I know enough C that I could kick the virus off the machines," and I did. They said "Wow, that was really cool. Why don't you do that again?" Then I started kicking off other viruses, and they said, "That’s pretty cool that you kicked all the viruses off. Why don't you kick the competitors off, too?"
It was funny. It really showed me the power of gradualism. It’s hard to get people to do something bad all in one big jump, but if you can cut it up into small enough pieces, you can get people to do almost anything.
S: Did you feel this was the gently sloping path to Hell?
M: Oh yeah! Absolutely.[...]

Continue to the rest of the philosecurity.org blog post.

Technorati Tags: Employee Fraud Fraud Prevention

Dubbed "India's Enron", the scandal involving India's fourth largest computer software company, Satyam, has exposed overstated revenues and fictitious assets of close to $1 billion USD causing liquidity issues for this Hyderabad company.

What does all this mean for those of us in North America?

While this situation may not come as a surprise for those familiar with the bribe system often associated with Indian business transactions and day to day dealings (see the post entitled Perception Deception), it has nonetheless exposed international concern as these material misstatements have gone far beyond what anyone could have expected. This scandal has had a deep and negative impact on Asia’s third largest economy creating serious international consequences.

What can be learned?

How $1 billion in revenues and assets can be falsely generated without many parties being involved is beyond me. But I'm sure that many international companies will be taking a closer look at the financial details of the companies with whom they deal (as Enron has already encouraged in north America and beyond). The presence of international or independent auditors could have definitely helped to dampen the effects incurred from Satyam.

Satyam in crisis as India vows to end company fraud
REUTERS - Thursday, January 8, 2009 10:14 EST

India's Satyam Computer faces a crisis of "unimaginable proportions," its interim chief executive said a day after the chairman revealed profits had been falsely inflated for years.

Chairman Ramalinga Raju resigned on Wednesday in India's biggest corporate scandal in memory, after saying that about $1 billion, or 94 percent of the cash and bank balances on the company's books at end-September did not exist. The company's shares plunged nearly 80 percent.

The scandal, which some analysts dubbed "India's Enron" after the collapsed U.S. energy firm, has cast a cloud over foreign investment in Asia's third-largest economy and over its once-booming outsourcing sector.

Continue to the rest of the Reuters article.

Technorati Tags: White Collar Fraud Bank

Fraudblog.net wishes everyone a Happy Holiday!

See you in the New Year!