Societe Generale: Biggest Fraud Or Biggest Hack?
Somehow I knew this story would end this way. It started out as a meagre $7.1 billion dollar loss at Societe Generale. It was only the biggest fraud ever against a bank.
The losses were run up allegedly by Jerome Kerviel, a 30-year-old trader, said to be "not one of its stars."
Then it turned out he may have done some of the bad trading by hacking into SocGen's computers. Apparently this guy wasn't a computer brain surgeon either. But there's more to this story than pure technical hacking skills. He also figured out how to skirt the multiple layers of security and audit controls by taking advantage of his position inside the bank and talking his way out of investigations.
This is a textbook case of how security depends not just on technology but on people, policies and procedures. Kerviel allegedly breached all of these. Everybody knows security is partly about people. Just ask Bruce Schneier or Kevin Mitnick.
The losses were run up allegedly by Jerome Kerviel, a 30-year-old trader, said to be "not one of its stars."
Then it turned out he may have done some of the bad trading by hacking into SocGen's computers. Apparently this guy wasn't a computer brain surgeon either. But there's more to this story than pure technical hacking skills. He also figured out how to skirt the multiple layers of security and audit controls by taking advantage of his position inside the bank and talking his way out of investigations.
This is a textbook case of how security depends not just on technology but on people, policies and procedures. Kerviel allegedly breached all of these. Everybody knows security is partly about people. Just ask Bruce Schneier or Kevin Mitnick.
posted by The IT Security Guy at 8:39 PM
0 Comments:
Post a Comment
<< Home