Societe Generale Confirms Insider Threat

By Lawrence Walsh  |  Posted 2008-01-28 Print this article Print

Jerome Kerviel’s fraudulent activity cost the French bank $7.2 billion and reminds us all that technology isn’t always the solution to preventing major security breaches.


Get out your pencils, because the hacking world may have a new king: Jerome Kerviel.

French authorities continue to unravel this intricate web of deceit, but they already know this much: Kerviel, a mid-level trader at Societe Generale, used pilfered passwords and route paperwork to conceal fraudulent trades that cost the bank more than $73.5 billion.

Since investigators and bank officials have tagged the incident “hacking,” the financial services and other financially exposed industries are going to hear an increasing din of the threat of hackers and the need to shore up their computer systems and software to guard against such monumental attacks. In other words, the security market’s FUD machine is going to fire up and use this incident to sell more products.

While Kerviel’s scheme makes for good headlines, it’s hardly anything we should be surprised about. In fact, it’s an enterprise’s worst nightmare: the compromise of sensitive data by a trusted insider. Worse, enterprises are typically powerless against employees who abuse their access since business operations require extending a certain degree of trust (conversely, accepting a certain level of risk).

Prudence and best practices say banks should monitor for fraudulent activity, even by trusted users. And guess what? Societe Generale did, and Kerviel did trip some alarms. The only problem was he knew what he was doing and the alarms weren’t significant enough to warrant action.

“In order to ensure that these fictitious operations were not immediately identified, the trader used his years of experience in processing and controlling market operations to successively circumvent all the controls which allow the bank to check the characteristics of the operations carried out by its traders, and consequently their real existence,” the bank said in a statement.


Lawrence Walsh Lawrence Walsh is editor of Baseline magazine, overseeing print and online editorial content and the strategic direction of the publication. He is also a regular columnist for Ziff Davis Enterprise's Channel Insider. Mr. Walsh is well versed in IT technology and issues, and he is an expert in IT security technologies and policies, managed services, business intelligence software and IT reseller channels. An award-winning journalist, Mr. Walsh has served as editor of CMP Technology's VARBusiness and GovernmentVAR magazines, and TechTarget's Information Security magazine. He has written hundreds of articles, analyses and commentaries on the development of reseller businesses, the IT marketplace and managed services, as well as information security policy, strategy and technology. Prior to his magazine career, Mr. Walsh was a newspaper editor and reporter, having held editorial positions at the Boston Globe, MetroWest Daily News, Brockton Enterprise and Community Newspaper Company.

Submit a Comment

Loading Comments...
eWeek eWeek

Have the latest technology news and resources emailed to you everyday.