IT Security Rewind – Week of September 12


by Josh Arrington

It was a week of déjà vu and doppelgangers in the world of IT security, with another rogue financial trader scandal and doppelganger domains stealing data. Here is this week’s IT Security Rewind with all the gory details:

“I need a miracle” – This Facebook status update couldn’t be more appropriate for Kweku Adoboli, the 31-year old City trader at UBS suspected of carrying out Britain’s biggest banking fraud. This week has to feel like déjà vu for the financial industry, as Mr. Adoboli was arrested at his desk yesterday for allegedly losing £1.3 billion through his rogue trades. This case is eerily familiar to the case of Jérôme Kerviel, the Paris-based Société Générale worker who lost £4 billion in rogue trades back in 2008.What’s worse is that UBS only became aware of the unauthorized trading when Mr. Adoboli told them, the bank’s monitoring systems had not picked up the loss. Could this be another situation where privilege identity management could have signaled an early warning? Stay tuned…

“When it absolutely, positively has to be there overnight.” – This week our own Oded Valin shared his thoughts on move file transfers processes to the cloud with Infosecurity Magazine. Boiling his advice down to seven steps, Oded outlined how organizations can safely exchange sensitive files in the cloud while maintaining security and compliance requirements.

Big Data = Big Problems – Dark Reading’s Ericka Chickowski put the spotlight on data warehouses and emphasized that the quicker and easier it is to access these “big data” stores, the greater security risk there is to all of that sensitive information. We have to agree with Ericka on this one, when you put more eggs into the basket (i.e. instead of separate databases you consolidate many databases into a single “big data”) security needs to become a higher priority.

Doppelgangers Stealing Data! –Two researchers who set up doppelganger domains to mimic legitimate domains belonging to Fortune 500 companies say they managed to vacuum up 20 gigabytes of misaddressed e-mail over six months. Of the data collected in the e-mails, Wired reported, were configuration details and passwords for an IT consulting firm’s routers and virtual private network access information for a company that manages toll roads. They also collected a lot of personal information on employees, including credit card statements and bank account records.

Feel like you’ve finally got all the drama figured out? Let us know your thoughts in our comments section!

Leave a Reply

Your email address will not be published. Required fields are marked *

You must be logged in to post a comment.