Computer device theft hits Commonwealth agencies

One in 10 Federal Government agencies reported cases of computer and mobile device theft by internal staff or contractors in 2008-9, according to an annual Commonwealth fraud survey [pdf].

Device theft was the second highest type of internal fraud to impact agencies surveyed by the Australian Institute of Criminology.

Sixteen out of 149 agencies in the survey experienced some form of device fraud by internal employees or contractors – defined as "theft of telecommunications or computer equipment (including mobile devices)."

About 70 such "incidents" of internal fraud were reported by agencies.

Similar numbers of agencies (13 in total) reported device theft as a vector for "external fraud" - that is, cases perpetrated by suspects other than direct employees or contractors.

Of the 27 types of external fraud listed in the report, device theft was "the specific category of fraud that affected the greatest number of agencies" – with just under 3,500 total incidents reported for the 2008-9 year.

Misuse

As in previous years, a key method used to perpetrate categories of internal fraud other than device theft was misuse of IT systems.

The survey found 17 agencies were impacted by suspects "accessing information or systems via [a] computer without authorisation" in order to undertake some form of internal fraud. The agencies reported over 1,800 incidents for the year.

Another 21 suspected incidents of internal fraud occurred by a user "copying or altering data or programs without authorisation".

But IT misuse was not a common vector for external fraud attempts.

"In contrast with internal fraud, external fraud incidents involving misuse of IT were comparatively rare," the report found.

Malicious code

Two agencies reported 10 external fraud attempts using "insertion of malicious code".

No cases of malicious code insertion or computer network interference were attributed to reported internal fraud attempts.

Despite stating that fraud was "the most expensive crime category in Australia", actual monetary losses were hard to determine, partly because a large number of agencies either chose not to or were unable to calculate the loss.

The survey encompassed responses from 149 public service agencies in Australia.