By Jeremy Kirk, IDG News Service
Monday, February 04, 2008 7:40 AM PST
The huge losses reported by French bank Société Générale,
apparently caused by a rogue trader with inside knowledge
of the bank's procedures, don't necessarily point to an IT
systems failure but rather to poor management of those
systems, analysts say.
The bank has accused 31-year-old employee Jerome Kerviel
of creating a fraudulent trading position in the bank's
computers that ultimately caused it to lose around
€4.9 billion (US$7.3 billion).
Kerviel achieved this by, among other things, misappropriating
computer passwords, the bank said. It has revealed few other
technical details of what caused the losses.
Vital but Routine
Management of passwords, including rescinding the old
passwords of employees who move to different positions
within the bank, or modifying the level of access those
passwords allow, is often a task given to the lowest-level
"It's dull and routine 99 percent of the time, but a vital backstop,
" said Bob McDowall, senior analyst at the TowerGroup.
Senior IT managers should conduct more frequent reviews
of password policies, he said.
In some cases, it may not have been the security of the
passwords themselves that posed a problem, but rather
the access those passwords allowed, said Ian Walden,
professor of information and communications law at
Queen Mary, University of London.
Organizations tend to think of access as being binary in nature:
you get access to it all, or you don't, Walden said. In reality,
there are many more levels of access. "In modern, complicated
systems, the granularity has to be much more sophisticated."
Read it here.
Jérôme Kerviel, incensed
Jérôme Kerviel, incensed for what he termed "over reactions"
by Societe Generale, said "what I did while performing my
fiduciary obligations were financial strategies that were
approved prior to their implementation by my superiors
at Societe Generale."
Kerviel, appearing with famed defense attorney Johnny
Cochran who spoke on Kerviel's behalf briefly outlined
some of those strategies. Cochran said "Jérôme invested
the monies in a very solid manner. Those strategies
obviously did not perform as well as we hoped they
would but you can't blame a guy for a couple of things
Jerome Kerviel Addressed
Reporters from His Car
Cochran was asked by reporters to provide more information
and he had this to say. "Jérôme invested some fairly modest
amounts with some Britain based bookies and certain Sicilian
businessmen wagering that within a year the US invasion of
Iraq would be a total success and all troops would be out of
that county and the whole middle eastern region would be
completely stable. He also bought some three billion shares
of Enron Corporation because the shares were only a penny,
and he thought they would emerge from oblivion."
Cochran conceded that perhaps Jérôme's biggest miscalculation
was that Osama bin Laden would be captured.
Read the rest of the story: here