Criminal gangs "placing moles in banks"
By Asavin Wattanajantra
Posted on 2 Oct 2008 at 11:56
The banking industry may be unwittingly hiring moles placed by criminal gangs to steal data.
This claim comes from Peter Wood, First Base Technologies founder and committee member for ISACA (Information Systems and Audit Control Association). He says that the financial community is particularly susceptible to the "trickle" technique, a continuous loss of small amounts of data from individuals in an organisation.
"Some people in the banking community have quietly and anonymously said to me over the past year that they have found employees who have been placed in their company by criminal gangs and operating as moles for that period," says Wood.
The revelation comes as UK payments association APACS revealed that online bank fraud has soared by 185% in the past year.
Wood also reveals how he was asked by an insurance company to find out whether he could get into its building and steal data from the network.
He claims that he and a colleague turned up in the staff car park, examined where employees were having cigarettes and followed them back into the building through the back door.
"My colleague was dressed in a suit without a jacket so he looked like an employee," says Wood. "He proceeded to show me through the building although he'd never been there before."
"We were therefore able to determine where the meeting rooms were, took one over which was empty, plugged in my laptop and sat there for five hours pulling data off the network. We left by the same route and was never challenged once."
Wood claims the physical attack is the easiest route to steal data. But if on-site attack isn't possible, then remote exploits such as email phishing and web drive-by attacks are increasing in popularity.
He says the top three steps an organisation could take tom prevent data theft are rigorous vetting of staff and third parties, an awareness campaign that is designed with a strong focus on informing people rather than policing them, and regular meetings between HR, physical security and IT security.
From around the web
advertisement
- How to install Internet Explorer 9
- Maintaining and supporting IE9
- Plan your deployment
- Creating a custom browser package
- Search in corporate environments
- Chrome's shine getting lost in translation
- BytePac: the cardboard hard disk enclosure
- How tech loosens our grip on reality
- Hokum watch: Safer Internet Day
- Why I'm deleting Adobe from my PC
- Prepare to be patronised: it's Safer Internet Day
- Dear Sony, Samsung and every other tech company in the world: stop trying to be Apple
- Will Apple's Final Cut Pro X update placate the pros?
- Smartr Contacts for iPhone review
- Switching to Office 365's Outlook Web App
- How to make Google AdWords work for your business
- The curse of sloppily written software
- Paying for your crimes with Bitcoin
- Behind the scenes: tech support for Formula 1
- The security risk of fat fingers
- Why Windows Phone 7 isn't quite ready for business
- When will Microsoft stop fiddling with Windows 8?
- Flash down the pan?
- Metro Style apps vs desktop applications
- Coping with Facebook changes
advertisement
Printed from www.pcpro.co.uk