Criminal gangs placing moles in banks to steal data
By Asavin Wattanajantra,
The banking industry may be unwittingly hiring moles placed by criminal gangs in order to steal data.
This claim was made by Peter Wood, First Base Technologies founder and committee member for ISACA (Information Systems and Audit Control Association). He said that the financial community was particularly susceptible to the ‘trickle’ technique, a continuous loss of small amounts of data from individuals in an organisation.
Wood said: “Some people in the banking community have quietly and anonymously said to me over the past year that they have found employees who have been placed in their company by criminal gangs and operating as moles for that period.”
Wood revealed an example where he was asked by an insurance company to find out whether he could get into its building and steal data from the network. He revealed that he and a colleague turned up in the staff car park, examined where staff were having cigarettes and followed them back into the building through the back door.
“My colleague was dressed in a suit without a jacket so he looked like an employee and I was dressed like me so I looked like a security consultant,” Wood described. “He proceeded to show me through the building although he’d never been there before.”
“We were therefore able to determine where the meeting rooms were, took one over which was empty, plugged in my laptop and sat there for five hours pulling data off the network. We left by the same route and was never challenged once.”
Wood said that the “physical” attack was the easiest route to steal data and was the way of the future. But if on-site isn't possible, then remote attacks like email phishing and web drive-by attacks were increasing in popularity.
He said the top three steps an organisation could take were the good vetting of staff and third parties, an awareness campaign that was intelligently designed with a strong focus to inform people rather than policing them, and regular meetings between HR, physical security, IT security.
Related Tags
advertisement
Latest Security Features
How to be a successful online fraudster
Ever wanted to know how easy it is to be an identity thief and earn a fortune? IT PRO reveals all…
- What you need to know about ID cards
- Lessons to learn from a year of data breaches
- Q&A: DNS inventor Paul Mockapetris
- Is the password ill-equipped for the modern world?
- Why is backing up given short shrift?
- Defending Europe against cyber attack
- The present and future of IT security
- I’m an IT manager, get me out of here!
- IT around the world: Russia
Latest Security Reviews
Fortinet FortiGate-3810A
Rating: 
- Clearswift MIMEsweeper Web Appliance ENW
- NetASQ U6000 UTM appliance
- AVG Internet Security SBS Edition 8.0
- Finjan Vital Security Web Appliance NG-6000S
- LogLogic MX2010
- Exclusive: WatchGuard Firebox Core X750e
- Sophos ES4000 Security Appliance
- Microsoft Forefront Security for Exchange and SharePoint
- EXCLUSIVE: Juniper Networks SSG 550 UTM appliance
advertisement
Latest News Videos in Security
Video: Eugene Kaspersky outlines security threats
PlayIT PRO speaks to Eugene Kaspersky, chief executive and founder of Kaspersky Lab.
White papers
Want more background on today's hottest IT trends?
Visit IT PRO's white paper library for more on virtualisation, encryption and other topics.
Register for IT PRO
You'll get exclusive member benefits including free white papers, downloads, Webinars and weekly newsletters full of the latest IT PRO news, reviews, insight and expertise.
Securing door-to-desktop is key
At a time when financial institutions are under a considerable amount of operational scrutiny, the recent report indicating criminal gangs are placing moles inside banks and gradually siphoning off data (IT Pro, Oct 2) highlights the urgent need for a consolidated approach to physical and logical security. Physical access points are indeed breachable, as the example in the report demonstrates. Who hasn’t held a door open for the person coming into the building behind them? With this in mind, it rather devalues the investment from the IT department, having installed a sophisticated smartcard system to control access to the network, if anyone can wander in off the street and use a card left lying around to access confidential information. The answer is to implement strong and pervasive proof-of-identity across the entire organisation, from door-to-desktop. By combining strong two-factor authentication with an enterprise-wide smartcard solution, firms have the opportunity to not only maximise the value of their investment but ensure access controls throughout the company are stringent and secure. As the world is becoming more virtual, the challenge of proving one’s identity continues to grow tougher, even inside the four walls of the corporation.
By Ip_actividentity on Friday Oct 17