The Lazy Genius

Security News & Brain Dumps from Xavier Ashe, a Bit9 Client Partner

Bank Of America Hack done by insiders

Posted by Xavier Ashe on May 25, 2005

I
am constant telling my customers that their major security exposure comes from
their employees.  Some listen, other need to read the writing on the
wall.  675,000
Bank of America customers have had their account hacked into
.  By whom?

  • Orlando Rivera, 42, of New Milford, N.J.,
    a former manager at the New Jersey Department of Labor.
  • Kelvin Diaz, 27, of Hackensack, a former Bank of America
    employee
    .
  • Zoran Levajac, 35, of Totowa, N.J.,
    a former Commerce Bank manager and former PNC Bank manager.
  • Myron Frierson, 29, of Teaneck, N.J.,
    a former financial specialist for Wachovia Bank.
  • Maurice Williams II, 28, of Hackensack,
    a former financial specialist for First Union Bank, which later became
    Wachovia Bank.
  • Kathleen Lovelace, 35, of Kearny, N.J.,
    a former assistant manager at Commerce Bank and former employee of PNC
    Bank.
  • James DiGangi, 27, of Elmwood Park., N.J.,
    a former employee of Commerce Bank and PNC Bank.
  • Anthony Diamanti, 29, of Clifton, N.J.,
    a former employee of Commerce Bank and of PNC Bank.

As Bruce
Schneier points out
, the amazing thing about the story is how manual the
process was.

The suspects pulled up the account
data while working inside their banks, then printed out screen captures of the
information or wrote it out by hand, Lomia said. The data was then provided to
a company called DRL Associates Inc., which had been set up as a front for the
operation. DRL advertised itself as a deadbeat-locator service and as a
collection agency, but was not properly licensed for those activities by the
state, police said.

Do
you see a pattern yet??  Your employees have the ability to make or break
your company.  Give them the tools to help the company succeed, but limit
their access to only what they need to do their job.  And for heaven's
sake, get yourself a good security
partner
, a 3rd party that you can trust.  You if you need some
suggestions, email me at xavier -AT- ashe -DOT- com.  We can get computer
security under control, it just take the will to do so.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

 
%d bloggers like this: