Salami Fraud (1)
by M. E. Kabay, PhD, CISSP
Associate Professor, Computer Information Systems
Norwich University, Northfield VT
The recent disclosure that WorldCom concealed almost $4 billion of expenses as if they were asset acquisitions and thus falsified its accounting reminds me of the very opposite kind of fraud – one that involves lots of little thefts instead of one gigantic theft. In the _salami fraud_, criminals steal money or resources a tiny bit at a time. Two different etymologies are circulating about the origins of this term. Some claim that it refers to slicing the data thin – like a salami. Others argue that it means building up a significant object or amount from tiny scraps – like a salami.
The classic story about a salami attack is the old “collect-the-roundoff” trick. In this scam, a programmer modifies the arithmetic routines such as interest computations. Typically, the calculations are carried out to several decimal places beyo...