And people wonder why we security folks tend to use the “two missile key” analogy time and again. At the risk of jumping up and down on the dead horse insider threat issue here is an analysis piece on the incident.
From the Wall Street Journal:
In one of the banking world’s most unsettling recent disclosures, France’s Société Générale SA said Mr. Kerviel had cost the bank €4.9 billion, equal to $7.2 billion, by making huge unauthorized trades that he hid for months by hacking into computers. The combined trading positions he built up over recent months, say people close to the situation, totaled some €50 billion, or $73 billion.
Holy crap.
Early details, including accounts from executives at the French bank, paint a picture of an ordinary trader who used extraordinary means to game the bank’s own system and hide massive unauthorized trades on stock-index futures. Even as bank executives were scrambling to deal with the trail of destruction, they were at a loss to describe his motivations. Société Générale executives said that the early investigation indicated the trader didn’t earn a dime on his actions. They also said he appeared to be acting alone.
On his own and no one noticed? Come on now. Let go of my leg.
Read on.
[tags]Internal Threat, Security Protocols, Internal Controls[/tags]
