Tuesday, December 22, 2009

Yet Another Argument Against Outsourcing...

Citbank hacked...again. By Russian Gangsters. I wonder if this is the same bunch that hacked Citi back in November or if the two incidents are one in the same? Of course, they could just be following a great tradition of stealing electronically from a bank which seems to have a history of it going back at least 3 years.

Obviously, no system is hacker-proof. No data completely secure, ever. The nature of computing is such that complete, airtight security will almost never be possible. You need only look to your own desktop PC to see this; you're constantly bombarded with viruses, trojan horses, hijackers, phishing programs and a host of worms that you must constantly defend against with your puny anti-virus software. Only some of these things are exploited by the stereotypical geeky introvert determined to prove his intelligence and superiority over classically-trained Computer Scientists.

The vast majority of these things are created by people with malicious intent. The biggest threat comes comes from disgruntled programmers, who after often spending thankless years slaving to create software for a global conglomerate are unceremoniously dumped onto the unemployment line, usually without warning, "when the project is complete". Of course, they posses the technical expertise to exploit the very software they've created (and they use the trapdoors, landmines and shortcuts they left in the code to facilitate testing, a common programming practice), and they usually do it to merely tarnish their former employer's image. It's a bit of petty revenge.

But then there are the true criminals.

Cybercrime is one of the fastest-growing categories of crime in history. As more and more of human existence and commerce has been distilled into a series of bits and pixels, the cyber criminal has been right there to snap up the bits and pixels that fall by the wayside. Like a pilot fish to a cyber shark.

Many of these criminals work for cartels, gangs, or syndicates, or whatever euphemism you'd like to use, and some of them are also former IT workers treated badly by the industry, or co-opted by the criminals. They have the expertise, the skill, to crack any system on the planet. Because they very often built the damn things in the first place.

Since most of these gangs are overseas, in places like Russia and China, they are very often beyond the reach of U.S. Authority, or even protected by corrupt government officials in those countries. Right now, the money they stole could be financing drug deals, terrorism, slavery, and even worse, and the people who are being stolen from will have no legal recourse against Citi, and little hope of either recovering their funds or of seeing justice served.

Of course, this state of affairs was made infinitely easier by Wall Street's (and other industries) insistence on doing everything 'better, faster, cheaper', to the point where corners are cut so finely, and so routinely, that no one ever thought about cybercrime when they granted access to their systems to an unseen, anonymous, third-party 'consultant' in Moscow, Beijing, Mumbai or Abu Dhabi. All that mattered was the price tag. It's almost a given in the industry that when someone says "we'll save X", it's done with very little thought...and on as small a budget as possible.

They even work cheap to get cheaper.

I'm not saying Citibank would have been invulnerable if it was still hiring Americans to run their systems. I'm only saying that they'd have a much better degree of control over their systems and their customer's data.

Unfortunately, it's going to take some massive catastrophe for Citi, and all the other banks and brokerages, to realize that their policies regarding IT costs is going to come back bite them on the ass, big time. Probably right after a major terrorist attack in which someone discovers that some bank's systems were used aid terrorists without the bank's knowledge, or that billions have been stolen from right under their noses (like when half-a-trillion bucks disappeared in 20 minutes right in front of the Federal Reserve's cyber cops just before the last Presidential election. You wonder why they don't talk much about that, huh?).

Imagine the lawsuits that would engender?

Wall Street doesn't learn from experience. It only learns from lawsuits.

And then people like me will be able to write our own paychecks because the company was run by a bunch of short-sighted cheapskates who don't truly understand the systems they supposedly run. Just like when they fired all the COBOL programmers and then suddenly needed them again to 'fix' the Y2K problem. They all came back as 'consultants' with six-figure fees.

Sometimes, cheap turns out to be the more expensive option.

No comments: