More details are coming to light already on this week's revelation by France's second largest bank, Societe Generale, of massive trading losses thanks to the activity of an errant insider.
The Wall Street Journal this morning (temporary link)reports that Jerome Kerviel spent hours in the evening "hacking" into SecGen's computer systems. While they don't reveal enough details they do mention that he eliminated trading controls put in place to impose limits on the size of bets he could make. The article reports that he logged in using the credentials of his friends in the back office where he used to work.
Oh, boy. Someone is going to have to answer for this at SocGen's risk management group. If better password measures would have saved SocGen over $7 billion in losses it is going to be hard to explain why they weren't used.
If you are a financial institution and you recently rejected a proposal to institute strong authentication controls based on the expense you had better adjust your risk models and re-evaluate that decision.
Update: Follow up at new security blog