Accounting firms fight cybercrime

The growth in computer-perpetrated crime has not been lost on big accounting firms, which smell a growing profit center in helping clients protect themselves against online trespassers.

3 min read
The dramatic growth in computer-perpetrated crime has not been lost on big accounting firms, which smell a growing profit center in helping clients protect themselves against online trespassers.

In the past six months, both Deloitte & Touche and PriceWaterhouse Coopers have formed new cyber-"fraud squads" to investigate crimes and evaluate security systems. The other big accounting firms, as well as IBM and smaller private investigation outfits, are also jumping into the game.

"We think there are significant unmet needs," said Bill Boni, director of Price Waterhouse's cybercrime investigations group, which was created earlier this year. "It's certainly going to be an area of interest for all the large accounting firms."

The reason for the interest is simple: Incidents of fraud and other crime perpetrated online are on the rise. Putting a number on the increase is difficult, since many incidents go unreported. One of the most useful measuring sticks, however, comes from annual reports released by the Computer Security Institute, which surveys 521 security practitioners from corporations, banks, government agencies, and universities.

Last year, 32 percent said they reported serious incidents to law enforcement agencies, nearly twice the number as three years ago. Meanwhile, 55 percent said that company insiders gained unauthorized access to computer networks, and 30 percent reported intrusions by outsiders. The San Francisco-based group estimates that computer security breaches cost the respondents more than $123 million last year, and worldwide may cost businesses tens of billions of dollars, according to Richard Power, the organization's editorial director.

"With the rise of the Internet and the transaction of e-commerce, corporations and government agencies are far more open to attack then ever before," Power told CNET News.com in an interview. "There are all kinds of new ways to make money through computer crime."

That's where accounting firms come in. For a host of reasons, companies whose online security has been breached frequently prefer to take their problems to private investigators rather than law enforcement agencies.

"Some [law enforcement agencies] have taken aggressive stances, but even in Silicon Valley you will find that most of the senior officials in police departments are not that sensitive to high-tech matters," said John O'Laughlin, director of worldwide security at Sun Microsystems. "Most of them are not up to speed in dealing with high-tech issues."

Companies are also hesitant to go to authorities out of fear the matter will generate negative press. "Some of these companies don't want to admit that they've been compromised," said assistant U.S. attorney Chris Painter, who investigates high-tech crime. A benefit of taking a crime to private investigators is that companies can learn all the facts before deciding whether to take the matter to court.

"They keep control of their information," said George Vinson, former head of the FBI's computer intrusion team in San Francisco and now practice leader for Deloitte & Touche's fraud and forensics team. "So many times [companies] are interested in settling something civilly rather than seeing it splashed on the A-1 page" of the local newspaper.

The bulk of Vinson's work so far has been investigating claims of copyright infringement. Typically, that means comparing the source code of a client's software against that of a suspected infringing copy. Vinson also investigates people suspected of using the Internet to manipulate a company's stock price and tracks employees who misappropriate a company's trade secrets. The accounting firms also assess clients' security systems to make sure they are not vulnerable to attacks.

The work is similar to what Vinson did while at the FBI. In 1996 his group brought down more than 20 Internet users in 10 states who used chat groups to trade software titles made by companies such as Adobe and Microsoft. And with more and more companies transacting business online, the demand for computer forensics services is only expected to continue, said Sun's O'Laughlin.

"I don't think there's any question the e-commerce is here to stay," he said. "You're going to see that it's pretty vulnerable to fraud and abuse and [companies] want to get ahead of the curve."