Rabu, 30 Oktober 2013

Akuntan Forensik

Akuntan forensik sangat diperlukan, terutama di bidang hukum. Keberadaannya sebagai saksi ahli sangat dibutuhkan. Sayang, tak banyak akuntan yang melirik spesialisasi ini. Apalagi, standar operasional maupun ujian sertifikasi di Indonesia belum memadai.
Pakar Audit Forensik Theodorus Tuanakotta menyatakan, pekerjaan akuntan forensik merupakan profesi yang menggiurkan, mendatangkan uang banyak. Profesi ini menelusuri aset yang disembunyikan untuk dikembalikan kepada pemiliknya, baik negara, entitas bisnis atau pribadi.

"Bayangkan bila terjadi kasus kerugian sebuah entitas sampai triliunan rupiah dan akuntan forensic dapat mengembalikan sebagian aset yang hilang dalam jumlah yang cukup besar, maka ia dapat fee sampai 5% dan tidak perlu lagi menulis buku," kata Theo dalam sambutannya pada peluncuran buku "Pedoman Audit Internal" yang ditulis Frederik Kaunang di Jakarta, Senin (29/04/2013).

Ia mengakui pekerjaan akuntan forensik tidak umum, bahkan masyarakat awam menganggap kata forensik selalu dikaitkan dengan mayat. Sebenarnya, kata forensik berkaitan dengan pemecahan masalah. "Jika akuntan forensik maka disiplin ilmu akuntan untuk memecahkan masalah hukum. Masalah hukum itu macam- macam, seperti tindak pidana korupsi dan banyak contoh lain," ujarnya.

Theo menjelaskan  hal yang dilakukan akuntan forensik seperti untuk tindak pidana korupsi, pertama gelar perkara dengan mereka-reka, merangkai- rangkai kejadian keuangan yang terjadi atau seperti merangkai puzzle puzzle yang lepas kemudian dirangkai kembali .

Dalam hal ini,akuntan foresnsik harus memiliki pertanyaan "5 W 2 H" , what, where, why, when, who, how dan ditambah dengan "how much" berapa kerugian keuangan negera. Jika kita cerita "5 W 2H" akuntan forensik bisa menceritakan apa yang terjadi di tempat kejadi perkara.

"Mungkin tidak sekaligus, tapi ada bukti awal ditambah dengan keterangan saksi- saksi dan tersangka," ujarnya.

Setelah itu, akuntan forensik menjadi saksi ahli di pengadilan. Namun sebelum itu, ia terlebih dahulu membuat aliran dana dari kejadian perkara."Setiap pelaku kejahatan keuangan pasti ingin menikmati uang maka cara paling mudah dengan menelusuri aliran uang. Aliran uang tsb akan membawa kita kepada pelaku,"katanya.

Ia mencontohkan seorang ahli forensik PPATK pernah membeberkan aliran uang dalam sidang Erwin Woworuntu yang menjebol bank BNI. Aliran dana itu bisa berbentuk seperti lingkaran matahari yang meledak dimana bisa menunjukan kemana uang itu mengalir .

Sedangkan hal ketiga yang dilakukan akuntan forensik menghitung kerugian. Pekerjaaan akuntan pada dasarnya menghitung. Asal usul akuntan forensik di Amerika malah berawal dari menghitung harta gono- gini pasangan suami-istri. Sedangkan untuk tindak pidana korupsi, akuntan forensik dituntut menghitung kerugian keuangan negara.

Kamis, 04 Juli 2013

TRAPDOOR VIRUS

A trap door is a secret entry point into a program that allows someone that is aware of the trap door to gain access without going through the usual security access procedures. Trap doors have been used legitimately for many years by programmers to debug and test programs. Trap doors become threats when they are used by unscrupulous programmers to gain unauthorized access. It is difficult to implement operating system controls for trap doors. Security measures must focus on the program development and software update activities. Because it is most commenly appearing new browser versions to supress the starvation due to workload on browser.

(Starvation is the process which is happened due to killing or terminating program when system is hang, so then the perticular process will be into zombee mode or suffer by starvation)





A trap doors in a computer system (or cryptosystem or algorithm) is a method of bypassing normal authentication, securing remote access to a computer, obtaining access to plaintext, and so on, while attempting to remain undetected. The trap doors may take the form of an installed program (e.g., Back Orifice) or may subvert the system through a rootkit.

The threat of trap doorss surfaced when multiuser and networked operating systems became widely adopted, a class of active infiltration attacks that use “trapdoor” entry points into the system to bypass security facilities and permit direct access to data.

The use of the word trapdoor here clearly coincides with more recent definitions of a trap doors. However, since the advent of public key cryptography the term trapdoor has acquired a different meaning.
A trap doors in a login system might take the form of a hard coded user and password combination which gives access to the system.

Example
– Sort of trap doors was used as a plot device / new browser versions to supress the starvation due to workload on browser.
– A video game–like simulation mode and direct interaction with the artificial intelligence
– Although the number of trap doorss in systems using proprietary software (software whose source code is not publicly available) is not widely credited, they are nevertheless frequently exposed. Programmers have even succeeded in secretly installing large amounts of benign code as Easter eggs in programs, although such cases may involve official forbearance, if not actual permission.
– Apps/Games requests in facebook use to ask you to ALLOW the apps to access your information to further process, most of the people simply ALLOW the Apps/Requests to access there information.

Many computer worms, such as Sobig and Mydoom (and the covert Skynet), install a trap doors on the affected computer (generally a PC on broadband running insecure versions of Microsoft Windows and Microsoft Outlook). Such trap doorss appear to be installed so that spammers can send junk e-mail from the infected machines. Others, such as the Sony/BMG rootkit distributed silently on millions of music CDs through late 2005, are intended as DRM measures — and, in that case, as data gathering agents, since both surreptitious programs they installed routinely contacted central servers.

A traditional trap doors is a symmetric trap doors: anyone that finds the trap doors can in turn use it. The notion of an asymmetric trap doors was introduced by Adam Young and Moti Yung in the Proceedings of Advances in Cryptology: Crypto ’96. An asymmetric trap doors can only be used by the attacker who plants it, even if the full implementation of the trap doors becomes public (e.g., via publishing, being discovered and disclosed by reverse engineering, etc.). Also, it is computationally intractable to detect the presence of an asymmetric trap doors under black-box queries. This class of attacks have been termed kleptography; they can be carried out in software, hardware (for example, smartcards), or a combination of the two. The theory of asymmetric trap doorss is part of a larger field now called cryptovirology.

References

Security Controls for Computer Systems, Technical Report R-609, WH Ware, ed, Feb 1970, RAND Corp.
Thwarted Linux backdoor hints at smarter hacks; Kevin Poulsen; SecurityFocus, 6 November 2003.
Jargon File entry for “backdoor” at catb.org, describes Thompson compiler hack
Compile-a-virus — W32/Induc-A Sophos labs on the discovery of the Induc-A virus