HideTechdirt is off for the long weekend! We'll be back with our regular posts tomorrow.
HideTechdirt is off for the long weekend! We'll be back with our regular posts tomorrow.

Do Banks Really Not Know The Biggest Threat Comes From Insiders?

from the you-have-to-be-kidding dept

We've been hearing this story for ages, but it's beginning to ring hollow (or, perhaps, is just an attempt by security consultants to get their name in the news). Reuters is quoting just such a security consultant claiming that banks are too focused on external threats and haven't paid enough attention to insiders who could just walk out the door with customer info and money. The article itself reads a little strange -- as if the author was looking for some sort of "banking problem" story, but couldn't come up with anything new. Instead, it just quotes a bunch of people all saying the same things that have been said before about bank security. Unfortunately, that leaves open the question: are banks just waking up to this threat now? Or is a case where a reporter needed a story about banking security and reran the same story from the last five years? It's true that there have been so many reports of data leaks via lost laptops recently to suggest that perhaps companies aren't careful enough with what information walks out the door with employees -- but it's hardly a new problem, and hopefully one that they're not just waking up to.
Hide this

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team


Reader Comments

Subscribe: RSS

View by: Time | Thread


  • identicon
    CRAWIL, 22 Nov 2006 @ 1:11pm

    Say what?

    A story that's not sure if there's a story about a story that's about a non-story. That's compelling journalism!

    reply to this | link to this | view in chronology ]

  • identicon
    Ryan, 22 Nov 2006 @ 1:21pm

    it's better

    it's better than the typical re-packaged press release that so many newspapers run with now.

    reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 22 Nov 2006 @ 1:39pm

      Re: it's better

      really? how so? re-packaged press releases are what they are. What makes one better than another?

      Please enlighten me as I'm certain that if you're right I have missed something in this article that I probably care about.

      reply to this | link to this | view in chronology ]

  • identicon
    Sanguine Dream, 22 Nov 2006 @ 1:21pm

    The only real way...

    to 100% eliminate data theft is to take humans out of the equation (and since machines can be reprgrammed even that isn't foolproof). Every bank has an IT section and at best even the people in that department are working around sensitive info. Someone getting pissed off or a genuine accident could lead to a leak.

    reply to this | link to this | view in chronology ]

  • identicon
    ThoughtCancer, 22 Nov 2006 @ 1:38pm

    Speaking as an Auditor of Bank Information Systems

    This guy is right on the money (no pun intended). I perform security audits of banking and hospital information systems, and it really is pulling teeth to get Management to understand that their biggest threats are internal.

    reply to this | link to this | view in chronology ]

  • identicon
    Nobody Special, 22 Nov 2006 @ 8:26pm

    bullshit

    This story is pure bullshit. Banks understood the internal threat back in the 70s. And so did the government agencies auditing the banks.

    But what I want to know is: how are the banks supposed to operate? For that matter, how is anyone supposed to operate? The simple fact is that the "experts" that are often quoted would lock up everything so tight nobody can do their job.

    reply to this | link to this | view in chronology ]

    • identicon
      annoyed, 23 Nov 2006 @ 11:01am

      Not just since the 1970s

      Banks have had hundreds of years to learn how to protect against insider threats. A lot of security ideas like separation of duties come from the traditions of the banking world. If banks didn't understand that employees can steal money, there would be no banks.

      reply to this | link to this | view in chronology ]

  • identicon
    Donald Duck, 24 Nov 2006 @ 11:39pm

    Keyboard Logging

    The story said that a cleaning crew place keyboard logging programs on their computers. Nifty how ‘Homer’ figured that one out huh. His real name was probably Joe ‘The Bagger’ Constanstein. They nearly lifted $400 million mazumas in a few days that is not freaking part-time earnings! All they had to do just hit a few buttons with their fat clorox stained fingers and wire the money to a bank in Israel *priceless*.

    So the banks obviously wasn't watching who they ‘hired’ to 'clean them out' during the night time while they was installing new safes. If that was my bank and $400 million mazumas the computers administer would be a good suspect and definitely would be on the unemployment line.

    Why didn’t they install computer programs that can detect keyboard logging? So the reporter is bringing up employee back ground checks even if it‘s just a dude cleaning the banks shit holes.

    The thief could have just use a USB thumb drive, scan disk or a keyboard logging memory spot for information storage. ‘Memory Spots’ could be embedded inside a business cards self-adhesive dots with a fake shell-companies name on it.

    Smaller then a grain of rice the little built-in antenna with chip could be programmed to capture keyboard logs or more via wireless LAN signals from inside the bank. The private information from the banks biggest clientele being diligently recorded by the surreptitiously placed memory spots in the ink on the business card.

    I janitor could walk in a few day's later with a music cell phone taps a button and at 15 megabits per-second faster then Bluetooth wireless technology the stolen illicit data that was needed was uploaded in mere moments from the card placed a few day‘s prior and he just simply throws away the evidence and retires some where in Hawaii.

    Besides that from what I've read banks probably well use memory spots to help protect their clienteles money in the future. So possibly things banks look into with employees they don't share to the public.

    reply to this | link to this | view in chronology ]

  • identicon
    bank employee, 27 Nov 2006 @ 11:01am

    view from within

    believe me there is a TON of scrutiny on this subject and the most obvious solution is to not let employees have any access to customer data. Makes life miserable for us doing testing and resolving production problems but that is the cost of security.

    reply to this | link to this | view in chronology ]

  • identicon
    Jerm, 27 Nov 2006 @ 12:16pm

    How True.

    I work at a bank, and I will be the first to share how easy it would be to steal quite a load of cash. Not only am I trusted with close to a million in cash daily, I am also able to make cashiers checks at will. The main thing banks can do to protect themselves is an extensive background check before hiring new employees. I recently researched the possible uses of biometrics at my bank, and I am convinced that this science offers a viable solution to many internal problems. Internal bank security will alwasy be a problem, preperation is the banks main defence.

    reply to this | link to this | view in chronology ]

  • identicon
    James, 11 Aug 2007 @ 5:38pm

    Banks!

    reply to this | link to this | view in chronology ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here



Subscribe to the Techdirt Daily newsletter




Comment Options:

  • Use markdown. Use plain text.
  • Remember name/email/url (set a cookie)

Close

Add A Reply

Have a Techdirt Account? Sign in now. Want one? Register here



Subscribe to the Techdirt Daily newsletter




Comment Options:

  • Use markdown. Use plain text.
  • Remember name/email/url (set a cookie)

Follow Techdirt
Special Affiliate Offer

Advertisement
Report this ad  |  Hide Techdirt ads
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Chat
Advertisement
Report this ad  |  Hide Techdirt ads
Recent Stories
Advertisement
Report this ad  |  Hide Techdirt ads

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it
Close

Email This

This feature is only available to registered users. Register or sign in to use it.