Former FBI special agent Gary Rittenberry sits before a computer monitor, tracking a white-collar criminal. With a few clicks of his mouse, Rittenberry, a high-tech sleuth for the accounting firm Deloitte and Touche in Dallas, follows digital footprints through an enormous maze of data—names, addresses, phone numbers, Social Security numbers, check numbers, and information taken from invoices. A software program takes the mass of data and converts it into a graphic image that looks like a multispoked, multicolored wheel made up of tiny lines. Each line connects pieces of information that are potentially the red flags of fraud. It might be an address for a dummy corporation set up by employees hoping to skim money by using fake invoices, or a suspicious-looking message from an employee to an outside company. "You see a situation that the data says is there," Rittenberry says, pointing to the screen. "Then you have to say, 'All right, if I were a crook, how would I do it?'"
As anyone who works in an office knows, it is now almost impossible to embezzle money, steal trade secrets, run calling card scams, and commit Medicare or securities fraud or a host of other white-collar crimes without using a computer. That, in turn, has spawned a new breed of crime fighter: former FBI agents, ex-cops, and ex-prosecutors who, like Rittenberry, have found new careers in the private sector as "computer forensics" investigators. Instead of collecting physical evidence such as fingerprints, hair, and fibers, they look for digital electronic information in data files. Then they recover, analyze, and protect the pertinent data. "We're kind of like a Sherlock Holmes on a hard drive," says David Wilson, a forensics and electronic-discovery specialist who works in Deloitte and Touche's new computer lab in a windowless office in downtown Dallas.
Deloitte and Touche's business is booming too. That's because many companies refuse to go to the police. They simply don't want to admit publicly that their computer systems have been successfully breached. The cops are also less effective: Public agencies have been hamstrung by a lack of money and expertise, and there is a tremendous backlog of computer-related cases in the justice system in Texas and elsewhere. As a result, Deloitte and Touche and most of the other big accounting and consulting firms have launched themselves into the computer forensics business in the past few years. Many have recruited former law enforcement officials to run their practices, which mostly involve going after financial fraud or theft of trade secrets. Deloitte and Touche hired Peter McLaughlin, a former senior member of the Royal Canadian Mounted Police, as the director of their forensic accounting services. Arthur Andersen hired J. Roger Schermerhorn, a former senior engineer for information-system security at NASA's Johnson Space Center, to set up a global electronic-security team in Houston. What they offer companies is the ability to conduct a discreet internal investigation.
They have found a remarkably fertile field. Not only are most financial transactions posted on computers these days, so are government secrets, proprietary business information, and personal health records. (Even drug dealers put their records and inventories on computers.) And technology has created entirely new crimes, like hacking and the planting of computer viruses. Witness the computer crime spree earlier this year when hackers shut down major Web sites like Yahoo, eBay, and Amazon.com, and the ILOVEYOU virus infected computers via e-mail. And Texas is rife with it: The state ranks near the top nationally in computer crime because of its size, huge high-tech industry base, and concentration of workers skilled in computers.
It's almost impossible to tell just how much computer fraud is costing companies and public agencies, since less than half of the companies in a recent survey by the Computer Security Institute would put a dollar value on it. But 90 percent—primarily large corporations and government agencies—detected computer-security-breaches during the past twelve months. Seventy-one percent said there had been serious breaches involving theft of proprietary information, financial fraud, system penetration by outsiders, and sabotage of data or networks. The Association of Certified Fraud Examiners, which is based in Austin, estimates total fraud and abuse losses to U.S. companies at $400 billion.
"There's no way to measure empirically the real amount of fraud that goes on because so much of it is not reported and so much of it is not recovered," says Joseph Wells, a former FBI special agent and the chairman of the Association of Certified Fraud Examiners. It's also much easier to hide, remove, manipulate, or destroy information with a computer. "It used to be that if I were to break into your safe and steal the $1 billion that your company had there, you would notice it was missing," Arthur Andersen's Schermerhorn says. "Today, if I intelligently come into your virtual safe and steal your intellectual property, you don't know that I've taken it, nor do you know what I'm going to do with it and how it's being used until you begin to see symptoms."
Finding out how or whether a computer crime was committed and repairing the damage is where the private eyes come in. They are trained specifically in how to recover and reconstruct "erased" files. In one case the Deloitte and Touche team investigated, employees of a Fortune 500 company stole trade secrets and sold them to a foreign competitor. The employees were engineers and were quite adept at covering their tracks, even "scrubbing" deleted files so they couldn't be easily traced. Though the employees denied the existence of the files, Deloitte and Touche's investigators were able to retrieve them. "They said they would never talk to anyone in this foreign country, that they didn't know any of these people," says Eric Schwarz, one of the Deloitte and Touche team's key investigators and the head of its national computer lab. "And yet proprietary documents for the stolen technology, converted to the language of the foreign competitor, were found. We also found the head of the foreign company—his name,