Presentation is loading. Please wait.

Presentation is loading. Please wait.

Steven Anderson, Christopher Cooper, Kathleen Styles, and Dr. Linda Wilbanks| Nov. 2012 U.S. Department of Education 2012 Fall Conference Your Role in.

Similar presentations

Presentation on theme: "Steven Anderson, Christopher Cooper, Kathleen Styles, and Dr. Linda Wilbanks| Nov. 2012 U.S. Department of Education 2012 Fall Conference Your Role in."— Presentation transcript:

1 Steven Anderson, Christopher Cooper, Kathleen Styles, and Dr. Linda Wilbanks| Nov. 2012 U.S. Department of Education 2012 Fall Conference Your Role in Helping FSA Prevent Identity Fraud Session 30

2 Audit Services Investigation Services Evaluation, Inspection, and Management Services Information Technology Audits and Computer Crime Investigations OIG Components 2

3 “There is no kind of dishonesty into which otherwise good people more easily and frequently fall than that of defrauding the government.” Benjamin Franklin 3

4 FRAUD DEFINED  An intentional distortion of the truth in an attempt to obtain something of value. Does not have to result in monetary loss.  Layman’s terms: Lying, cheating, and/or stealing. 4

5 ED/OIG Special Agents are Federal Law Enforcement Officers Special Agents receive training in: Interviewing/Interrogation Criminal Law Civil Law Program and Contract Fraud Firearms/Defensive Tactics Search and Arrest Warrants 5

6 6

7 IT Audits and Computer Crime Investigations ITACCI centralizes the OIG information technology operational assessment, analysis, and law enforcement capabilities. ITACCI is comprised of three separate divisions, each with a distinct mission. This centralized concept ensures maximum coordination and cooperation both internally and externally. Immediate Office IT Audit Division Computer Assisted Assessment Techniques Division Technology Crimes Division 7

8 TCD Mission Conduct criminal investigations of computer security incidents On-site technical support and laboratory forensic analysis of digital evidence Proactive investigative analytics to identify fraudulent, criminal and cyber trends in ED’s programs and systems 8

9 TCD Structure Electronic Crimes Team Data Analysis and Referral Team Digital Forensic Laboratory TCD centralizes the OIG digital investigations and our support missions for the traditional OIG services. Comprised of three separate units, each with a distinct mission, that support the other units. Staffing: Special Agents (1811) IT Computer Specialists (2210) Investigative Analysts (1805) 9

10 The Threat Actors State Sponsored Organized Cyber Crime Organizations Russian Mafia Traditional Mafia Professional Hackers Spammers Inside Threat Disgruntled Employees Tools Botnets Keylogger Targeted Viruses Used to create quick one-time-use botnets Also used when specifically targeting a single site or organization The usual Internet attack tools Metasploit, etc. 10

11 Examples of What to Report Compromise of Systems Privileges Compromise of Information Protected by Law Unauthorized Access of IT Systems or Data Exceeding Authorized Access Denial of Service of Major IT Resources Malicious Destruction or Modification of data/information 11

12 Is Your System a Victim? Yes? Maybe? Not Sure? Immediate Reporting is Necessary! Have the facts Why you think there is an issue Date/Time of the Incident System Information Location Type and Purpose of the System Point of Contact Actions All Ready Taken 12

13 TCD’s Response Will Work Through the SSO to Preserve the Data and Contain the Incident May interview end-user May run several tools to collect live data from the system Conduct an Analysis of the System, Live Data, Network/Firewall Logs, and other data pertinent to the incident 13

14 Social Engineering Social Engineering is the art of prying information out of someone else to obtain access or gain important details about a particular system through the use of deception. 14

15 Protecting Others From Identity Theft Properly handle documents Shred sensitive information Use key identifiers instead of the SSN Password protect sensitive information Audit access Review access privileges Verify who you are talking to 15

16 Common Identity Theft Practices Obtain or take over financial accounts Take out loans for large purchases Open new lines of credit Sign lease agreements Establish services with utility companies Write fraudulent checks Purchase goods and services on the Internet 16

17 Avoiding Identity Theft Don’t carry your SSN card with you! Request a drivers license number Shred sensitive information Only carry what you use Photo copy all cards in your wallet Select hard to guess PINs and passwords Don’t leave mail sitting in an unprotected box Don’t give out private information over the phone Order your credit reports Use caution when providing ANY sensitive information 17

18 Weak controls Little or no oversight Lax rules Debt Addictions Status Greed Everyone does it I was only borrowing the money I was underpaid and deserve it Fraud Triangle 18

19 Red Flags to Investigators Vices such as substance abuse and gambling Extravagant purchases or lifestyle Lack of documents (the ‘big flood’ destroyed…) Common Addresses (mailing, email, and IP) Pin number and password information the same Personal information that does not fit the norm Bank information that is the same 19

20 Fraud Indicators One person in control No separation of duties Lack of internal controls/ignoring controls No prior audits High turnover of personnel Unexplained entries in records Unusually large amounts of payments for cash Inadequate or missing documentation Altered records Non-serial number transactions Inventories and financial records not reconciled Unauthorized transactions Related Party Transaction Repeat audit findings 20

21 Sources of Allegations OIG Hotline ED Program Offices School Employees and Officials Guarantee Agencies Citizens and Students Competing Vendors/Schools Other Federal Agencies U.S. Attorney’s Offices Other ED OIG Investigations Federal Bureau of Investigation State and Local Education Agencies 21

22 Examples of Title IV Fraud Schemes l FAFSA fraud- enrollment l Falsification of entrance exams l Falsification of GEDs/HS Diplomas l Falsification of attendance l Falsification of grades l Failure to make refunds l Ghost students Leasing of eligibility l Loan theft/ forgeries l Fraud/Theft by School Employees l Default rate fraud l 90/10 rule l Financial statement falsification l ATB fraud l Falsified last date of attendance l Obstruction of a federal audit or program review 22

23 Link to OIG’s Distance Education Fraud Ring Investigative Program Advisory Report (IPAR) Information for Financial Aid Professionals (IFAP) website: Dear Colleague Letter GEN-11-17: Presentation on the IPAR provided at last year’s conference in Las Vegas. 23

24 IPAR/Dear Colleague Letter On September 26, 2011, the Department’s IG issued a report about fraud rings operating on distance education programs offered by institutions participating in the Federal student aid programs. The IG’s report identified an increasing number of cases involving large, loosely affiliated groups of individuals (fraud rings) who conspire to defraud Title IV programs through distance education programs. These fraud rings generally target institutions with low tuition in the context of distance education programs and involve a ringleader who: 24

25 IPAR/Dear Colleague Letter Obtains identifying information from straw students “individuals who willingly provide the information” Completes multiple financial aid applications using the information collected Applies for admission under the institution’s open admissions program, where little or no third-party documentation is required Participates in the amount of online interaction necessary to establish participation in the academic program and secure disbursements under an institution’s procedures 25

26 IPAR/Dear Colleague Letter Detecting fraud before funds have been disbursed is the best way to combat this crime. We therefore seek the help of institutions and advise that you take the following additional actions to identify and prevent the kind of student aid fraud identified in the IG’s report: Implement automated protocols that monitor information in your student information data system to identify instances where a number of students – 26

27 IPAR/Dear Colleague Letter Use the same Internet Protocol (IP) address to complete and submit an admissions application Use the same IP address to participate in the online academic program Use the same e-mail address to submit an admissions application Use the same e-mail address to participate in the online academic program Appear to reside in a geographic location that is anomalous to the locations of most students in the program 27

28 IPAR/Dear Colleague Letter Modify your disbursement rules for students participating exclusively in distance learning programs, which would immediately reduce the amount that fraud ring participants can receive. Institutions have the authority to: Delay disbursement of Title IV funds until the student has participated in the distance education program for a longer and more substantiated period of time (e.g., until an exam has been given, completed, and graded or a paper has been submitted) Make more frequent disbursements of Title IV funds so that not all of the payment period’s award is disbursed at the beginning of the period 28

29 School Employees, Officials, Owners, Financial Managers, and Instructors Lenders and lender servicers Guarantee Agencies Award Recipients Grantees and Contractors ED Employees Others Who Commits Fraud Involving Education Funds? 29

30 How You Can Help Ensure that staff receive necessary training Review documents thoroughly Question documents/Verify authenticity Request additional information from the vendors or administration Compare information on different documents Contact ED-OIG A Guide to Grant Oversight and Best Practices for Combating Grant Fraud final.pdf final.pdf 30

31 Don’t Try To Investigate Suspicious Activity Yourself! You may have the missing piece of the puzzle we need! 31

32 Everyone who deals with DoED funding has a responsibility to help control fraud. Who is Responsible for Reporting Fraud? 32

33 34 CFR § 668.16 Standards of Administrative Capability The Secretary considers an institution to have administrative capability if the institution: g)…Refers to the Office of Inspector General…any credible information indicating that an applicant for Title IV, HEA program assistance may have engaged in fraud or other criminal misconduct in connection with his or her application Reporting obligation further applies to fraud on the part of employees, third party servicers or other agents of the institution. 33

34 Why Report Fraud? Ethical responsibility To deter others from committing fraud and abuse To protect the integrity of the Federal, State, and Local programs To avoid being part of the fraudulent/criminal activities 34

35 Criminal Liability 18 U.S.C. § 2, Aiding and Abetting Whoever commits an offense against the United States or aids, abets, counsels, commands, induces or procures its commission, is punishable as a principal. 18 U.S.C. § 4, Misprision of a Felony Whoever, having knowledge of the actual commission of a felony cognizable by a court of the United States, conceals and does not as soon as possible make known the same to some judge or other person in civil or military authority under the United States, shall be fined under this title or imprisoned not more than three years, or both. 35

36 Inspector General’s Hotline 1-800-MIS-USED 36

37 37

38 OIG Investigation Services Contact Sheet City/StateTelephone No. Ann Arbor, MI(312) 730-1630 Atlanta, GA(404) 974-9430 Boston, MA(617) 289-0174 Chicago, IL(312) 730-1630 Dallas, TX(214) 661-9530 Denver, CO(303) 844-0058 Kansas City, MO(816) 268-0530 Long Beach, CA(562) 980-4141 Nashville, TN(615) 902-7327 New York, NY(646) 428-3861 Pembroke Pines, FL(404) 974-9430 Philadelphia, PA(215) 656-6900 Phoenix, AZ(562) 980-4141 Pittsburgh, PA(215) 656-6900 San Juan, PR(787) 766-6278 Washington, DC(202) 245-6918 38

39 Privacy at ED – Who Does What Establishment of CPO position, 2011 FSA has a privacy advocate too Privacy and security – what’s the difference? The Inspector General’s Office focuses on fraud and criminal activity 39

40 What Does a CPO do? 40

41 College and Universities -- Targets Current student and alumni information Data widely distributed across campus Hackers seek diverse information The dawn of “Big Data” just makes this easier Remember: breaches can be the result of negligence and poor data management, as well as criminal activity. 41

42 Breach Reporting Do you need to report your breaches? To whom? Your Participation Agreement “strongly encourages” breach reporting to FSA FPCO (Family Policy Compliance Office) encourages reporting to FPCO The majority of states have laws on SSN and breach reporting 42

43 What Is ED Doing to Help? The Privacy Technical Assistance Center (PTAC) offers:  Resources  Technical Assistance  Site Visits 43

44 Available PTAC Resources You can find a variety of resources on the PTAC website, including: Checklist: Data Breach Response Checklist: Data Governance Issue Brief: Data Security and Management Training: Best Practice Considerations Technical Brief # 2: Data Stewardship: Managing Personally Identifiable Information in Student Education Records 44

45 FSA Information Security Group Ensure the security of FSA data at rest and in transport Ensure the security of the FSA networks If a breach or intrusion occurs Determine point of entry and ensure it is closed Determine if/what data lost Report FSA data compromises to the DoED Work to estimate the risk to data owners Monitor and identify trends Dr. Linda Wilbanks 45

46 Threats StudentCo-worker Insider threatForeign actor 46

47 Threat - Intrusions Worms Trojans Viruses Penetrations CORE 47

48 Threat – Preventive Measures Firewalls Control entry Monitor traffic Scan and fix (Patch) new vulnerabilities Two-factor authentication CORE 48

49 Incidents by Type and # Records Breached Federal Government 2009-2010 # incidents785146403986 PII records breached11,783,77680,706,983296,7101,082,749177,3995,906250,650 Total records breached13,632,31080,925,917315,7372,257,796211,8995,906255,219 49

50 User Vulnerabilities Personal devices Not patched Internet connections – social media Not scanned for virus, etc. Thumb drives – FREE!! Not really, always have file attached for promotion Never know what else is on thumb drive Easily lost 50

51 End results E-mail work from office to home computer Work on it at home, e-mail it back Virus from home computer comes with file Network infected Worm takes system down Bomb deletes data Trojan sends FSA data externally 51

52 Summary Never forget the network and data you connect to YOUR actions are critical for our continued security Follow the security policies and procedures If you THINK something is wrong, call the Kathleen Styles or me Linda Wilbanks, DON’T HESITATE 52


54 Contact Info Steven AndersonKathleen Styles Chris CooperChief Privacy Officer Office of Inspector Dr. Linda Wilbanks Chief Information Security Officer Federal Student Aid 54

Download ppt "Steven Anderson, Christopher Cooper, Kathleen Styles, and Dr. Linda Wilbanks| Nov. 2012 U.S. Department of Education 2012 Fall Conference Your Role in."

Similar presentations

Ads by Google