Arbor Networks: Security to the Core

I had a bit of a chuckle this evening when reading an article about Nicolas Sarkozy, President of France and former Minister of several things, including Finances.  I didn’t find it funny because Sarkozy’s banking credentials were apparently compromised, enabling thieves to “siphon off cash”, as I’m not particularly amused by that.  However, several of the other comments in this and other journalist expressions of the same incident were quite comical, for instance:

• “The French government was forced to admit that no one was safe from internet fraud yesterday” – I’m glad they finally set that straight!
• “The unknown hackers removed several small sums of money from the account after obtaining Sarkozy’s online access codes. An inquiry was launched after the president noticed the transactions and complained to the police, said a government spokesman” – I suspect he’ll have more luck engaging law enforcement than your average victim.
• “The swindlers will be punished,” Luc Chatel, secretary of state for consumer affairs, told French radio” – While I hope so, I doubt it.
• “He said more work needed to be done to tighten internet banking security in France, which, according to the national crime agency, has seen a 9% rise in offences this year.” – indeed, including further enabling law enforcement coordination and ability to prosecute, etc..
• “[This] proves the system of internet checking [of bank accounts] is not infallible,” – Wow, and all it took was this to prove that online banking is not infallible?
• And, drum roll, please…..  “These cases are sufficiently rare that we haven’t had to really organise ourselves, but [they are] sufficiently serious for us to reflect on how to improve the system.” – While I suspect it is sufficiently rare that Sarkozy’s account gets hacked and some “small sums” of his francs (.eurs)  get jacked, it’s certainly not what I’d consider “sufficiently rare”.

Finally, “Breaking the news of the thefts yesterday, the Journal du Dimanche newspaper said the architects of the “presidential piracy” did not appear to be amateurs.” – I’d agree with this assumption.  However, I’d suspect it wasn’t a targeted attack as they likely would have done something more sinister than swiping a few euros, and, unfortunately, President Sarkozy likely fell victim in the same unsensational manner as the masses.

Heck, given the level of automation is these “siphoning” systems today, the responsible miscreants may very well have yet to discover just whose goods they’ve owned.  And when they do, I suspect we’ll see some sensitive information leaked, or held ransom, perhaps for some fresh crepes; or if he’s really unfortnate, maybe even some racy pics plastered about – but let’s hope not, and let’s hope no truly “sensitive” goods were obtained from the compromised system(s).

This entry was posted on Sunday, October 19th, 2008 at 11:03 pm and is filed under Arbor Networks, Policy, Social Engineering, Vulnerabilities. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.