Notes on a trading scandal: What went wrong at Société Générale?
Société Générale disclosed
last week that unauthorized trading by one of its employees had cost it
$7.1 billion. Beyond the rogue trader, where does the blame for the scandal
lie?
French President Nicolas Sarkozy called the events at Société
Générale a "large-scale internal fraud", and Daniel
Bouton the Société Générale Chairman said the fraud
was a "one-off" and denied it was a trading or risk-management fault.
According to reports in the Wall
Street Journal, Mr. Kerviel "worked late into the night, essentially
burrowing into Société Générale's computers, as
he allegedly built a multilayered way to hide his trades by hacking into the
computer systems." The bank believes that "Mr. Kerviel spent many
hours of hacking to eliminate controls that would have blocked his super-sized
bets. Changes he is said to have made enabled him to eliminate credit and trade-size
controls, so the bank's risk managers couldn't see his giant trades on the direction
of indexes. Mr. Kerviel used the computer log-in and passwords of colleagues
both in the trading unit and the technology section."
If anyone had cared to pay any attention to what’s going on in business
globally they would have been aware that studies
by law enforcement agencies and Carnegie Mellon University’s Software Engineering
Institute CERT Program have proven that up to 90% of incidents in business relating
to the loss of assets results from staff that have privileged access to IT systems
and applications. It seems that the suspect trader had “in-depth knowledge
of the control procedures resulting from this former employment in the middle-office,"
and “in-depth knowledge of the control procedures” certainly means
privileged access to sensitive data.
Sign up for ITworld's Daily newsletter
Follow ITworld on Twitter @IT_world
jfruh
Apple syncing patent can't come soon enough
pasmith
New Twitter features borrow from 3rd party clients
Esther Schindler
Open Source Changes the Software Acquisition Process
mikelgan
How to set up continuous podcast play on the new iTunes
David Strom
Five important Windows 7 mobility features
sjvn
Guard your Wi-Fi for your own sake
Sandra Henry-Stocker
Grepping on Whole Words
Sidekick: The Good News & the Bad News
Either way you look at it Microsoft Data Center management did not follow standards or best practices in this failure. In which case it makes me wonder more about the outsourcing of corporate data much less personal data.
- mburton325
Join the conversation here
Quick, practical advice for IT pros. Made fresh daily.
Want to cash in on your IT savvy? Send your tip to tips@itworld.com. If we post it, we'll send you a $25 Amazon e-gift card.
