« Hackers' New Bag of Tricks | Main | Hacker Who-Done-It »

Over the weekend, the NY Times published more information on exactly how the French bank, Societe Generale, managed to let one rouge trader, Jerome Kerviel, gamble upwards of $73.5 billion of the banks money, losing roughly 7 billion in the process.

And how was Kerviel able to perpetrate these trades? According to Societe Generale, "Kerviel misappropriated other people's computer access codes, falsified documents and employed other methods to cover his tracks -- helped by his previous years of experience when he worked in other offices at the bank that monitor traders."

Kerviel apparently "had a very good understanding of all of Societe Generale's processing and control procedures.''

Looks like a case of poor to nonexistent identity and access management controls, as a decent solution would have insisted on frequent password changes, or enforced two-factor authentication, or the very least his activities would have shown up in the log reports.

Like that old saying goes, For want of an IAM solution, one of the leading banks of Europe was lost.

Posted by pschooff in |Digg This|Add to del.icio.us

Trackback Pings

TrackBack URL for this entry:
http://www.ebizq.net/mt/mt-tb.cgi/3085