Discrediting expert witnesses—Illustrative cross-examination of systems analyst

From HORSE - Holistic Operational Readiness Security Evaluation.
Jump to navigation Jump to search

Discrediting expert witnesses—Illustrative cross-examination of systems analyst

The following is an illustrative cross-examination of a systems analyst called by the state in a case involving a charge of computer crime. The facts of the case involved reveal that the defendant, a programmer working for the victim, changed the bank computer's program in such a way that it credited the defendant's account whenever fractions of a cent were left over in the calculation of interest on the account holders' deposits. The defense is attempting to prove that numerous individuals might have made the change the defendant is accused of making, that the company's records are inadequate to establish the true happenings, and that the defendant took money that the bank was keeping from its customers rather than money that the customers already received.


Question: How do you know that the defendant was the individual who made the change in the involved programming?

Answer: He was the only one authorized to make changes like that.

Question: Did anyone else have physical access to the computer when he or she did?

Answer: Yes.

Question: Could any of them have made the change?

Answer: No.

Question: Why not?

Answer: In order to make those changes in the programming it was necessary to possess a password that only the defendant possessed.

Question: Was there a master list of passwords?

Answer: Yes.

Question: How many individuals had access to that master list?

Answer: Four, all of whom were investigated and eliminated as suspects.

Question: Would it have been possible for other individuals to see the defendant when he or she was putting his or her password into the computer?

Answer: No.

Question: Why is that?

Answer: The computer does not show when a password is typed.

Question: Would it have been possible to watch the defendant's fingers when he or she typed in his or her password?

Answer: Yes.

Question: Can you tell me who was present in the computer room on the day this program was entered?

Answer: I don't know when it was entered.

Question: Doesn't the company maintain logs that show when changes in the program are made?

Answer: Yes.

Question: Have you seen those logs?

Answer: Yes.

Question: Do they indicate that this change was made?

Answer: No.

Question: Are there other changes in the programming that the documentation does not reflect?

Answer: Yes.

Question: Were all of these other changes criminally inspired?

Answer: I do not know.

Question: Does the documentation accurately portrays all the legitimate changes made in the program?

Answer: I do not know.

Question: What happens to the fraction of a cent in the calculation of interest when the "patch" you are referring to is not present?

Answer: I do not know.

Question: Is it credited to the account holder's account?

Answer: I do not know.

Question: Isn't it a fact that the bank gets all of those fractions?

Answer: I do not know.

Question: Can you testify that the money taken in this crime came from any account holders of this bank?

Answer: I do not know.


Having shown the jury that it is possible that someone else made the changes in the programming, the defense should call its own witnesses to substantiate the claim that it cannot be shown that it was the defendant who made the changes in question.