Posted on

VLBank Case Study

VLBank Case Study

Asa result of globalization, ithas becomeimperativeformodernbusinessesto rely on moderntechnology in order to increaseinterconnectivity, hencethrivein commerce.Despite its achievements,e-commerce has ledto increasedcyber crime,which is a crimeinvolvingcomputersand/or networks,as wellas traditionalformsof crimes,bothwithin andoutside organizations.Themaintypescyber crimesinclude,internet fraud,identitytheft,andtelemarketing among othercrimes,which are achievedthrough an ingeniousprocess,referredto as hacking. Thistakesadvantageof software andhardwareformingthebackboneof theorganization,andhas significantnegativeimpactson organizationsandtheclientele’sgeneralwell-being(KPMG, 2000). Thesenegativeeffectsof cyber attacksarethe onesexperiencedby theVL Bank based in Atlanta, wherebyclientscomplainedabout creationof newusers’ accountsusingtheir personaldetailswithout their personalauthorization.

Thecreatedaccountsinitiatedseveralwire-transfers of client’sfundsto variousUS banksas well as to internationalbanks.Thisprompteda researchwhich discoveredthatcomputersof affectedclientshadbeeninfectedwith Keystroke loggingvirus,which enabledperpetrators to stealpersonalinformation,createnewusers` accountsandtransferfundson behalfof theaccount’sowner,without authorization from the bank or the account owner.Key-logger virusis malicioussoftware designedto monitorkeystrokes, andsendthegatheredinformationto a thirdparty(Ashcroft,Daniels, &amp Hart, 2012). Thevirusrunsin thebackground,makingitdifficultto be detected.It also monitorsthesystemforspecificactivitiessuchas passwordsandsecretPINs,which are thensentto a thirdpartyformalicioususe.On their own,key-loggers donot affectcomputersin fact,lessdevelopedkey-loggers are usedto monitorusageof a personalcomputerby a thirdparty.However, highlydevelopedKeystroke loggingvirusesare usedby attackersto securevitalpersonalinformation,suchas PINs andpasswords,which are then used tocarryout malicious transactions with negativeimpactson organizationsandclientsas witnessedby theVL bankin Atlanta (Milhorn, 2007). In thecaseof VL Bank, hackers usedkeystroke loggervirusto accessuser’s accounts,obtainedpersonalinformationandopenednewuser accounts,thus being able to transferredfundsto otheraccounts.

Keystrokeloggervirusis spreadjustlike othervirussoftware due to the fact that it is installedby an innocentuser whenopeninga fileattachedto an email orvia a webpagethat takesadvantageof thevulnerability of thebrowser, and openingsuchwebpagewill automatically installthevirus(Milhorn,2007). Additionally, theviruscan be installedby malicioussoftware in theusers’ computer,programmedto download andinstalla keystroke loggervirus.In thecaseof VL Bank, theviruswasspreadthrough fakee-mails that lookedlike businessemails from to thebankto theclient,butwhich containedthevirus.Theviruswasautomatically downloaded in theusers’ computer,upon openingthemessage,therebygatheringvitalinformationusedto openthenewaccounts.

Lawsapplicable in the

Amongthe laws which are appropriate for cyber crime include the ComputerFraud and Abuse Act which was enacted in 1989. The law criminalizedthe use of malicious codes and programs, such as viruses and worm,designed to alter, falsify or destroy data stored in a computer. Theperpetrators of the cyber crime in VL Bank can be prosecuted due tothe fact that they used key strike virus to access data stored acomputer. Another law, which is applicable in the VL Bank case, isthe Electronic Communications Privacy Act of 1986, which, aftervarious amendments, outlawed interception of stored or transmittedcommunications without permission (KPMG, 2000). To ensureapplicability of these two laws, the VL Bank lawyer must providesufficient information to prove that the attacker used key strikevirus to acquire personal data stored in the VL Bank’s computers,and that the attackers had no authorization from either the bank orowners of the account. Additionally, through the lawyer, the bankshould offer sufficient evidence that perpetrators of the crime usedthe obtained data for personal gain. To ensure compliance with theElectronic Communications Privacy Act, the bank, through the CISO,should provide all policies and procedures undertaken to facilitatesurveillance and collection of digital evidence in case of a cyberattack. This will assist the bank lawyer to argue against litigationof the bank by affected clients, thereby avoiding probable financialburden incase of a successful lawsuit (KPMG, 2000). These proceduresare in line with FBI parameters, which stipulate that all firmsshould implement appropriate policies and procedures to combat cybercrime, such as preventing occurrence, facilitating surveillance byappropriate bodies as well as implementing policies, in order tofacilitate collection of digital evidence in the e vent of a cybercrime.

ConsiderationsforpreparingDigital Evidence

Owingto thestealthof thecrimecommittedto theVL Bank,itis evidentthat,the hackingwascarried out bysophisticatedcrackers.Sophisticatedcrackersworkwith trustedassociatesorindividuallyto gainillegalentryto networks,forpersonaladvantage,leavingan almostinvisibletrail,therebyavoidapprehension.Theperpetrators of theVL Bankcrimecreatednewaccountsandtransferred$10,000 electronically to severalindividualaccountsin U.S. banks,andthenautomatically wiredthem to internationalbanks.TheVL Bankshould liaise with internationalauthoritysuchas theFBI, to trackalltransfersto theenduser, usinganytraceabledigital trail.TheVL Bank’saccountmanagerhas theauthorityto accessdigital certificatesusedby their customers.Thisshould be usedby investigatorsto identifyspecificaccountsin U.S., wherefundsweretransferred.Through liaisonwith internationalbanks,as wellas theinternationalauthority,VL Bankshould furtherpursuetheperpetrators of thecybercrime to internationalbankswherethefundwasfinallytransferred(KPMG,2000). In thisinvestigation,professionalI.T. expertswith sufficientknowledgein forensicbackgroundsshould be usedin gatheringvitalevidenceto be usedin thelitigationprocess.Theinvestigatorsmust be trainedin thecollection,analysisandexaminationof digital evidence,through forensicprocess,to ensuresufficientevidenceis obtainedforthelitigationprocess(KPMG, 2000).

Thedigital evidencecan be foundfrom alteredclients’records,digital forgeries,corruptedbusinessrecords,fabricatedcomputer-generated documents,manipulated invoicesandpaymentsystemsamong otherdigital trails.Throughout theprocess,investigatorsshould be cautiousto avoiddestructionof theevidence,exposingthebankto futurethreats,ormisinterpreting criminallawspertainingcyber threatsin thecountry.In theUnited States, there are variouslegislationsgoverningcyber threatsandsecurities,especiallywhenthethreatleadsto maliciousadvantaging of one partyattheexpenseof others (KPMG, 2000). However,legalproceduresconcerningcyber threatsare slowedby internationalpolicies,which donot recognizetheneedto synchronize approachto cyber threats.In eventsof cyber crimes,both thecorporate andtheclienteleare negatively affectedby theattack(Ashcroft,Daniels, &amp Hart, 2012). In thecaseof theVL Bank,thecyber attackledto lossof fundsby theclientele,promptingreducedfaithover thebank,henceclienteleandcorporate loss.In eventsof successfulevidencecollection,both theperpetrator andtheorganizationcan be heldliableforthecrime.

Cyber-vettingpracticesdeterminetheextentsto which theattackedorganizationis liablefortheconsequencesof thedamagecausedby theattack(KPMG, 2000). Theseare policies,proceduresandcyber defensemeasuresto preventoccurrencesof cyber crimes,wherebysufficientimplementation of cyber-vetting practicesexoneratestheorganizationfrom thebearingthenburdenof theattack.To theperpetrator, sufficientdigital trailis sufficientforprosecution.In thisview,theVL bankneedsto clearly demonstratethatithadimplementedallthenecessarycyber defensemeasures,to preventoccurrencesof cyber attacks.Thiswill mitigate civilandcriminalrisksthat might ariseafter thecyber threat(KPMG, 2000).

Liaisonbetween VL Bank Lawyer and the CISO

Toensure that the perpetrators are brought to book, there should be aliaison between the CISO and the lawyer. The CISO should provide allrequisite information concerning the VL bank, which may includeinformation about the firm’s conformity to the set laws to preventcyber crimes, as well as the general operations during e-commerce.The information will be imperative to the lawyer in preparing legalproceedings against perpetrators, and shield the bank from possiblelitigation (Ashcroft, Daniels &amp Hart, 2012).Conversely, the VLbank lawyer should advice the management on best methods, policiesand procedures to adopt to prevent future cyber attacks, asstipulated by the law.

Impactsof Cybercrime on VL Bank

Thepotential damage of stolen personal credentials was felt by both theemployees and the bank. There was considerable monetary value on thepart of the account owners, where the perpetrators transferred hugeamounts of personal funds into their personal accounts. This cannegatively impact the continuity of the bank whereby the affectedclients might seek legal proceedings and sue the bank for the crime.The bank would be liable if there would be sufficient evidence thatthe bank had not taken necessary steps against phishing. Loss offunds through cyber attack can lead to closure of the bank due tolack of adequate clients to support its operations (Ashcroft, Daniels&amp Hart, 2012). Additionally, the order to refund all stolen fundsmay have a negative impact on the continuity of the bank. This isbecause refunding all funds will have a huge negative impact onmonetary ability of the VL bank, and can lead to closure of the bankdue to reduced monetary reserve (Milhorn, 2007).

Controlsto prevent Future Attacks

Sincetheattackhas alreadyoccurred,thebankshould takeappropriatemeasuresto preventescalationof thesituation,andpreventre-occurrence. Thebankshould establishlucidintegratedcyber securitymeasuresthat would detectandneutralizealltypesof virusesin thesystem,and thisincludestheuseof efficientanti-virus programs(Milhorn,2007). Thebankshould hirequalifiedpersonnelto assistin implementingandmaintainingan integratedresponseto cyber attacks.Additionally, thefirmshould inculcateawarenessamong allits clients,in matterspertainingelectronicrisksandthreats.Thedigital certificatemultifactor authentication processusedin VL bankhas provedto be ineffectiveagainst phishing, since theuser has onlyone passwordthat is requestedto login into a personalaccount(Milhorn,2007). To avoidrepetitionof spearphishing, thebankshould installeffectivekey-loggers antivirus, which are availablein themarketat a reasonableprice(KPMG, 2000). Additionally, thebankshould elucidatetheclientson theimportanceof usingone-time passwords,wherebya clientusesa passwordonce,after which itis changedon thenextlogging-in. Thisminimizesthechancesof phishing, since, evenifthepasswordis interceptedby thevirus,itcannot be usedto logging into user’s accountforthesecondtimethispreventsaccessto confidentialdata (Milhorn, 2007).

Thiscan be achievedusinggadgetssuchas USB designedforgenerating passwordsupon requestsandclarificationsusingPINs, oruseof mobiletextmessaging system,wherethebankshould registerallaccountusers andsendthem one-time passwordsupon request(KPMG, 2000). Usinga virtualkeyboardpreinstalled in operatingsystemsto enterpersonaldata, is anothereffectivemethodof combating phishing.Virtual Keyboards are keyboardsdisplayedon thescreen,with thekeys‘pressed’ usingthemouse.Theyweredesignedto ensurethatinformationenteredis not interceptedby anymalicioussoftware, therebyshielding against phishing (Milhorn, 2007).

ComplianceRegulatory requirements and Standards

Theserecommendations are in compliance with recommendations of theAnti-Phishing Act of 2005, which stipulates that, monetaryinstitutions should incorporate one-time passwords in online bankingto reduce cases of cyber crimes. Additionally, these recommendationscomply with Electronic Communications Privacy Act that requires ISPsto implement capabilities in their networks to allow law enforcerscarry out surveillance and collect digital evidence (KPMG, 2000).


Fromtheaforementioned, cybercrimes exploitshardwareandsoftware installedin varioussystem,to producesignificantnegativeimpactson clientsandfirms, as evidenced by theAL bankin Atlanta. Thecyber attackin VL bankwasphishing, wheretheattacker,sentstrikekey-loggers to accountusers, stoletheir personaldata andopenednewaccounts.Usingthecreatedaccounts,theattackertransferredfundsto American banksandfurtherto internationalbanks.Key-logger is malicioussoftware that monitorskey-strikes of specificinformationsuchas passwordsandsendsthem to a thirdparty,whoaccessespersonalinformationformalice.

IntheVL bank,theviruswasspreadthrough fakebusinessemails andtheinformationobtainedassisted thehacker in extortingclientsof theVL bank.Since thevirusgathers data after monitoring key-strikes over a period,thebankshould sensitizeandincorporateone-time passwords,orenlightenusers on theneedof usingon-screen keyboardin enteringtheir personaldata to avoidphishing. Additionally, thebankshould implementothercyber securitymeasuresto combatcyber crimes,therebymitigatingcivilandcriminalrisksassociatedwith cyber crimes.


Ashcroft,J., Daniels, D., &amp Hart, S. (2012). ForensicExamination of Digital Evidence:A Guide for Law Enforcement.Washington DC: U.S. Department of Justice.

KPMG(2000). E-Commerce and Cyber Crime:New Strategies for Managing theRisk of Exploitation. Forensicand LItigation Servises, 1-32.

Milhorn,T. (2007). Cybercrime: How to Avoid Becoming a Victim.Boca Raton: Universal Publishers.