Societe Generale's problem *was* a security issue

Societe Generale's problem *was* a security issue

Summary: More details are coming to light already on this week's revelation by France's second largest bank, Societe Generale, of massive trading losses thanks to the activity of an errant insider.The Wall Street Journal this morning (temporary link)reports that Jerome Kerviel spent hours in the evening "hacking" into SecGen's computer systems.

SHARE:
TOPICS: Security, Banking
3

More details are coming to light already on this week's revelation by France's second largest bank, Societe Generale, of massive trading losses thanks to the activity of an errant insider.

The Wall Street Journal this morning (temporary link)reports that Jerome Kerviel spent hours in the evening "hacking" into SecGen's computer systems. While they don't reveal enough details they do mention that he eliminated trading controls put in place to impose limits on the size of bets he could make. The article reports that he logged in using the credentials of his friends in the back office where he used to work.

Oh, boy. Someone is going to have to answer for this at SocGen's risk management group. If better password measures would have saved SocGen over $7 billion in losses it is going to be hard to explain why they weren't used.

If you are a financial institution and you recently rejected a proposal to institute strong authentication controls based on the expense you had better adjust your risk models and re-evaluate that decision.

Update:  Follow up at new security blog

Topics: Security, Banking

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

3 comments
Log in or register to join the discussion
  • Typo in your headline

    Should read "SocGen" not "SecGen"
    putty.master
  • Passwords were only part of the problem

    The bigger problem is inherent to the modern business environment. Pushing profits at the expense of cutting corners. You experience the effects every time you call customer service.

    In most big corporations gotcha capitalism has become the standard for increasing profits. Instead of competing on value, companies are competing on who can cheat and chisel the customer the most.

    Instead of investing in security people, who are expensive, companies count on less expensive gadget security. They short their IT staff to the point the department is barely functional. They outsource support to companies that don't really care about them.

    Then they act shocked and surprised when some mid-level cubicle dweller figures out how to by-pass their gadget security and burn them big. Most breaches are not this big and ultimately absorbed as part of the cost of doing business. This one is different only in that it will leave a mark.
    Chad_z
  • It might be more than a security issue!

    Trader and middle office roles are "blurred" sometimes in brokage firms. A trader may become a middle office person or vice versa. It would be a violation if one has both hats on. Yet, there is more to it as it is still mysterious how such huge amount of transactions are uncovered at the point of a catastrophe. Brokage firms and banks have reconciliation programs between front and back offices. Their exposure to the risk should be detected on the book by clerks investigating difference in reconciliation. SoGen called a client to verify the position and this means there is no recon process for counterparites. Another possibility is that when the junior trader got promoted to be a trader, he was still allowed to retain all his access to the system as a middle office person. This is known as an entilement issue. Last doubt is that why he is believing he is doing something good for the company behind the screens and in reality, he could not get a penny as no one knows about his good motives. Anyway, add all these together, "Plain Venila" has become "Exotic".
    away3568@...