Monday, January 4, 2010

Christmas Terror in the Skies - What Really Went Wrong?

System Analysis by Fraud Detective and Security Expert Steve Lee Managing Partner of Steve Lee & Associates

Terrorist suspect Umar Farouk Abdulmutallab became the perfect Grinch who stole Christmas when he attempted to ignite explosives aboard Northwest Airlines Flight 253 en route from Amsterdam to Detroit. This near tragic incident has sparked a great deal of debate amongst our leaders and others about why it occurred, who is to blame and what should be done to prevent its repetition, even prompting President Obama to weigh in on the matter particularly after his Homeland Security Chief’s comment to the effect that the system worked.

The reactions and responses of our leaders and others to this event have for the most part been “knee jerk” and politically motivated rather than reflective of a genuine concern for the flying public and aviation professionals. No blankets on our laps? No visits to the bathroom during the last hour of the flight? Come on. If we are really concerned about explosive underwear, why not just require us to change into hospital gowns before each flight, or place our underwear into the same bin as our shoes at the security checkpoint, or just fly “commando”? That seems at least literally appropriate. If we really think the Christmas scenario is likely to be repeated, such passive procedures certainly will not prove to be effective. Check point screening procedures are designed to catch non-terrorist travelers attempting to bring more than 3 ounces of hair product on board an airplane. There are so many examples of individuals successfully bringing pistols and edged weapons through security and onto airplanes, how can anyone really be shocked that explosive material was brought aboard Flight 253? The passengers of Flight 253 are just fortunate that the perpetrator knew almost as little about the explosive and how to detonate it as did the airport security personnel in Amsterdam.

By and large, the security agencies of the United States have done an excellent job for the last eight years of detecting and interdicting threats long before they get to TSA and international security check points. However, the security check point is not the place where “the rubber meets the road” in counter-terrorism. If it were, we would all be in serious trouble. While TSA and international security standards have improved over the last eight years, protocols and security philosophy do not include behavioral evaluation, situational awareness, or threat recognition consistent with effective counter-terrorism training. To be fair, expecting TSA and international security screening personnel to have legitimate counter-terrorism experience is like expecting your coffee shop barista to be an “iron chef” or your typical security guard to know how to run a hostage rescue team. Generally, terrorist detection and intervention takes place long before a suspect sets foot into an airport.

While the immediacy of our leaders’ reactions are certainly warranted, in my opinion the focus of this reaction is misdirected. In simple terms, the actions or inactions of TSA and its international counterparts at airport security check points around the world are not responsible for this breakdown. I am also unconvinced that the fault can be laid at the feet of individual intelligence or law enforcement professionals. Rather, we should be focused on our leadership and examining the role that politician’s policies and practices in the areas of intelligence and inter-agency communication played in allowing this potentially fatal incident to occur.

What is most troubling to me about this event is the apparent breakdown in communications that took place after the suspect’s father attempted to warn authorities about his son’s “radicalization”, even though it now appears that the suspect was being tracked by some components of United States intelligence. It seems to me that there are two possible reasons why the father’s warnings were largely unheeded. First, the father may not have been considered credible, thus causing the reported threat not to be taken seriously at intake. Second, if it is true that the father spoke directly to intelligence personnel, then someone in the professional’s reporting chain failed to pass on this information to analysts or agencies where good use of the disclosures could have been made. Such intra-agency or inter-agency communication problems would be reminiscent of those with which we were faced before the World Trade Center attack on 9/11 - despite the advent of Homeland Security. If that is indeed what happened, it is simply terrifying. With effective communication technologies and protocols in place, as is generally the case these days, it is unlikely that a hardware or system failure caused any breakdown in communications. So what did?

Poor communication suggests a failure at a policy and leadership level. We all know that our national attention has been focused elsewhere – the financial crisis, the national healthcare debate and so on. If, at the national leadership level, we demonstrate by example that counter-terrorism is no longer a top priority, that we want to be more permeable and accessible to foreign interests, and that we are deeply concerned about the profiling of potential terrorist threats, then government agencies, law enforcement, security personnel and others will tend to follow that leadership, either explicitly or implicitly. Miscommunications such as the one characterized above will be more prone to occur. Well, our allies and friends throughout the world tend to follow our lead in security matters, whether or not they want to admit it. Thus, if we appear to de-prioritize our counter-terrorism efforts, if we appear to adopt a more permeable and accessible posture towards foreign interests and if we appear overly concerned about the manner in which we identify potential terrorist threats, then our international constituents will follow suit.

If you travel frequently by air, like I do, I am sure you can sense (if your “radar” is deployed) that passenger safety and security is no longer the most important concern of airlines and airport security personnel. When, for example, is the last time you sensed that a United States Air Marshall was on your flight? You may well ask: “What does this have to do with a terrorist slipping through security with explosives in Amsterdam?” It has everything to do with it. Without the re-prioritization of counter-terrorism and continued emphasis on security – even if that emphasis manifests itself from time-to-time as politically incorrect – I am deeply concerned that we are inviting another terrorist to strap on the explosive device du jour and board an airline bound for one of our great American cities.

Tuesday, December 15, 2009


The Psychological Profile of a White-Collar Criminal
By Financial Detective Steve Lee

Los Angeles, California, December 15th, 2009—I’ve been asked to comment frequently on the news this year about a lot of fraudulent business activities in 2009. You’ve seen the headlines every single day, the most well-known among them Bernie Madoff’s Ponzi scheme, continuing with the secret UBS Swiss bank accounts of U.S. tax evaders, and most recently with the Galleon Group’s insider trading debacle.

While fraud certainly persists during periods of economic growth, it conflagrates in economic downturns. Tanking financial market values, depressed real estate, smaller paychecks, reductions in employee headcount, erosion of internal controls, desperation for unrealistic returns, stockholder pressure on corporate officers, scope limitations on audit functions, as well as diminished morale, are the factors that fan the flames of fraud in a down market.

Inside the mind of a white-collar fraudster

What does the archetypal white-collar fraudster look like? Much has been written about fraudster demographics. As a group, fraudsters whether executives or employees are dominated by middle-aged white males, the most notorious among them profiled in magazine cover stories. But, what are they thinking when they commit these crimes? Based on my experience in the field, executive white-collar criminals share the following key attributes:

• Calculating and Justifying. Fraudsters typically calculate potential gains and losses before they decide to commit fraud. They know they are far less likely to go to jail for a $50 million swindle than an armed robber who heists $500 from a bank teller. This knowledge emboldens them. The fraudster justifies his actions with a simple credo: the end justifies the means. In fact, for these individuals, anything can be justified. And that’s where they become dangerous.

• Entitlement. This is a corollary to justification. Many times fraudsters defend their acts by pointing to what they believe they are entitled to. They will frequently explain their behaviors with statements like: “I would have received that money anyway” and “I’ve made a lot of money for this company and this is no more than fair compensation.” It is also typically apparent in their lifestyles. Privately, they almost invariably indulge in various forms of excess that can be astonishing; it may be the 35,000 square foot homes, multiple corporate jets, jewel encrusted Breguet or Chopard watches and/or Bugatti, Ferrari and Lamborghini exotic cars.

• Unrestrained by Ethics. Modern systems of ethics center on behavior that either is consistent with moral principles or creates what ethicists refer to as “the greater good”. While fraudsters frequently talk about ethics and engage in moralizing, their actions are almost always inconsistent with either the greater good or an acceptable set of moral rules. They frequently talk a good game around business ethics, honesty and integrity. Their public actions stand up to a cursory review. Their business activities are often suspicious on a day-to-day basis. They usually spin a cocoon of financial opacity around these activities. It is part of the permission they give themselves to act outside moral principals and the greater good. News making examples include Jeffrey Skilling at Enron, Bernie Ebbers at WorldCom, Bernard Madoff and the allegations surrounding Raj Rajaratnam and his Galleon Fund operations.

• Intuitive Behaviorists. The executive fraudster’s ongoing shenanigans rely on a keen understanding of human behavior. They use bluster, force of personality and charm to deflect skepticism and to prevent insiders from turning on them. They also use incentives, fear of reprisals and a sense of being trapped as a co-conspirator to keep insiders in line. Fraudsters count on the laziness of their victims. They gamble that a suspicious client, employee, board member or colleague is averse to “rocking the boat.” Frauds do not usually survive illumination. Victim and co-worker passivity enables executive fraud.

• Loyalty & Trust. Executive fraudsters inspire loyalty and trust not only among their employees, but also among their clients and business colleagues. As cynical as this may sound, loyalty and trust can be the pavers on the road to fraud. For example, an employer might not question a trusted employee walking out of the warehouse with a box because they assume he is conducting the firm’s business. Similarly, investors may have assumed that Madoff offered no sophisticated web-based account access because he did things the “old fashioned” way or because his methods were so proprietary that such information could give away the Madoff “competitive advantage”. We now know that the real reason was because the securities were not really there, just like the trusted employee might be walking away with the firm’s inventory to his pick-up truck. The executive fraudster bets – usually correctly –that his prey will think, “Whatever you say, you’re the boss/expert/smartest-guy-in-the-room.”

• Smart. There is a popular notion that criminals are stupid. Whereas this may be the case in the realm of violent crime, narcotics, and burglary, it is not true of executive-level fraudsters. In fact, they are among the cleverest people we encounter.

• Overconfidence. This is often where fraudsters get caught. Despite their smarts, high-level fraudsters are superstitious learners. Fraud detectives know that fraudsters sometimes observe a single data point and extrapolate it as though it were a rule. For example, if they get away with one fraudulent move, they become addicted and plan their next move with a falsely bloated sense of security. Among those whose frauds are eventually uncovered, there tends to be a belief that “if they haven’t caught me up to now, they won’t catch me in the future.” It’s just not so.
Frauds tend to expand as they age. The velocity of the fraud and the volume of funds required to support it generally grows geometrically or exponentially while the available resources to support the fraud usually grow linearly. The overconfident fraudster may indulge in believing that what he has concealed now can be remedied or rendered opaque in the future. He contends that when a more ideal environment arises, he can resolve the financial discrepancies created by his fraud. He also tends to underestimate the doggedness of lawyers, auditors, bankers, regulators and others who may investigate the transactions that the fraudster has buried.

Thursday, October 22, 2009

The Ins & Outs of Cyber Theft Prevention -

The Ins & Outs of Cyber Theft Prevention

By Steve Lee, Managing Partner of Steve Lee & Associates

October is National Cyber Security Awareness Month and a recently issued IBM X-Force 2009 Mid-Year Trend and Risk Report describes the current Internet climate as "an unprecedented state of Web insecurity as Web client, server and content threats converge to create an untenable risk landscape." However, despite these findings, the Internet will remain a vital channel for most businesses. So, how can you help create a safer and more secure online environment for your business and its customers?

With the expertise of Stan Stahl, CEO of Citadel Information Security (, Steve Lee & Associates has worked with businesses to help mitigate, investigate and prosecute cyber crime.

Selected trends in online theft: These days, online banking hacks are the cornerstone of cyber theft committed against small and medium-sized businesses. Cybercriminals target business’ bank accounts and have focused their efforts on pilfering money from company demand-deposit accounts. McAfee, a leading security-software company estimates that in 2008, companies around the world lost more than $1 trillion to cybercrime.

Email phishing scams have become highly targeted as well. The attacks are delivered against users by name and can appear deceptively familiar and credible because they may include portions of the user’s password.

Trojans are delivered to unsuspecting small, middle-sized and large organizations through email purportedly from social or business networking sites and even from the IRS. One click and the hackers can access company bank accounts and use money mules to quickly siphon significant amounts of money out of the company’s account.

It’s important to remember that theses cyber crooks, also known as ‘black hats’, have the technological upper hand. Malware development has accelerated far beyond anti-virus and patch development. By the time ameliorative patches are available to detect or pre-empt the malware, hackers have deployed Trojans, viruses, worms, rootkits and spyware that may be several generations beyond the latest, published fix. (NOTE: for more information on malware development, see Brian Krebs’ The Washington Post column “Security Fix” at

Think your business’ bank account is protected by “second-factor authentication?” Well, think again. While second-factor authentication is touted by banks as a truly secure solution, it is not. Unfortunately, the awful truth is that no widely utilized online banking solution can guarantee 100% security. Multi-factor authentication is only slightly more robust than single-factor (i.e., user name and password) authentication. Even so, there are ways to help keep your money as safe as possible. Consider the following steps:

To maintain a safer computer infrastructure, your company’s management must consistently address cyber theft by implementing and continuously improving controls and processes:

1. Use a dedicated PC for online banking that is not used for any other transactions. If this sounds like a nuisance, just consider the inconvenience of losing hundreds of thousands or millions of dollars and then having to bring suit against your bank in an effort to recover your money. Remember, the bank will maintain that they are utilizing reasonable security practices. And by currently standards: they may be right. The onus will be on your business to prove your case.

2. Make a plan for breach disclosure. Most states, in addition to the District of Columbia , have laws governing "breach disclosure." You may be required to notify consumers if you have reason to believe that there has been a compromise of private consumer information. Insurance industry reports suggest that "breach notification costs" exceed $200 for every person that has to be notified.

3. Explore obtaining breach notification insurance as well as cyber insurance.

4. Establish usage rules like administrative privileges, subnet access, download permissions and acceptable applications. Invest in monitoring systems and enforce the rules.

Once a company protocol is mandated, these procedures must be communicated to employees. Employees need regular, albeit brief, training to help them recognize the red flags of cyber crime. In addition, regular upkeep and modernization of your security infrastructure is critical to preventing cyber theft:

1. Stay current with patches. That means Flash, Adobe, Java and other programs on your company’s computers in addition to Windows patches.

2. Invest in intrusion detection and intrusion prevention solutions. Don’t be penny wise and dollar foolish; a managed service may be your best bet. Yes, they cost more than off-the shelf anti-virus programs. You can be certain that you will never get more value out of software or a service than what you paid! Think about that the next time you decide to use freeware (also known as “unsupportedware”.)

3. Review your banking transactions frequently.

4. All social networking sites must be isolated from the corporate computing environment. They are for your employee’s and your home machine or a dedicated machine at your office that is off your corporate network.

Be mindful of Stan Stahl’s cyber security dictum: “Trust no one.”
Roman Polanski: Celebrity Criminal and Justice Evader No More -

Roman Polanski: Celebrity Criminal and Justice Evader No More

By Steve Lee, Managing Director, Steve Lee & Associates

October 22, 2009…The clash among Los Angeles County authorities, French political and cultural figures, and celebrities over the arrest and extradition of Roman Polanski threatens to eclipse justice in this infamous matter.  This cross-border ruckus reminds us that the American criminal justice system has a long memory and a longer arm – even when it comes to “players” on the world stage.

Yes, international authorities have devoted tremendous resources over decades to Polanksi’s case.  That’s in part because he is a public figure. There’s no question that individuals of lesser stature evade the law, and these matters don’t prompt petitions or make news. Given Polanski’s visibility in the global entertainment and cultural community and the notoriety of his crime, officials would be hard pressed to diminish their efforts.  All the more so after Polanski essentially thumbed his nose at the Los Angeles Country District Attorney’s office and the Superior Court. It appears that Polanski was offered a “sweetheart” deal and declined to consider it.

Yet Polanski’s celebrity also served to bolster his ability to evade law enforcement. The facts and circumstances around the original court proceedings in the late 1970s indicate there was a good chance that Polanski would have spent a minimal amount of time – if any – in jail.  If he did, he likely would have served time at a minimum security facility and received the kind of gentle treatment often reserved for celebrities and white collar criminals. 

Mr. Polanski has led a privileged life.  There is no doubt that he is a talented man and has made measurable contributions to his chosen art form.  He is well loved and revered by many in the film industry and some have been vocal in his defense. 

Polanski’s victim is now an adult and has indicated that she would prefer the case be concluded.  According to reports in Time Magazine, she has indicated that she does not wish to testify against Mr. Polanski. 

Despite all these factors in Mr. Polanski’s favor, the facts are what they are.  Polanski was booked on charges of rape, suspicion of sodomy, child molestation, and furnishing dangerous drugs to a minor.  He was indicted on drug and rape charges.  He entered a guilty plea to having unlawful sex with a minor and then he fled the jurisdiction. 

What is at play here is the Fugitive Disentitlement Doctrine, which asserts that a court will not determine the merits of a claim made by a fugitive because any potential enforcement against the fugitive is impractical.  Polanski wants the statutory rape charge dropped, but he refuses to return to deal with American justice.  Presumably his concern is that the Court in 2009 may not find that his claims of judicial misconduct in the 1970s are well founded.  The risk for Polanski is that if the Court found his claims without merit, he would be treated as a self-admittedly guilty sex offender in custody.    

Today, tougher scrutiny of standards of celebrity justice coupled with a fervent distaste for and intolerance of child abuse might make prosecutors less willing to cut the kind of deal that was available to Polanski in the 1970s.  Perhaps it is that change in the criminal justice climate that makes Mr. Polanski and his attorneys wary of a return to California.  Attitudes change, but the reality of the acts that were performed does not.  If they were criminal then, and they are criminal now, then justice needs to prevail. 

We must be mindful that it is the individual that goes on trial for his or her acts, not the artist for his or her art. 

Tuesday, September 15, 2009

Physical Theft In The Workplace

Physical Theft In The Workplace

By Steve Lee, Managing Director

September 15, 2009...What are the components of physical theft effecting enterprises? We're talking about larceny, embezzlement and misapplication. Black's Law Dictionary defines "larceny" as the "felonious stealing, taking and carrying...away
another's personal property with intent to convert it or deprive the owner thereof." When an employee or another person unlawfully converts or removes one's property for his own benefit, the crime is embezzlement. When it's done for the benefit of someone other than the wrongdoer, it is misapplication. In all cases, it's theft.

While cash theft schemes occur three times more often than non-cash (inventory and other assets) theft schemes there is still plenty to talk about with these non-cash theft schemes.