Breaking Bad with IT

I am amazed lately at the internal bulletins we have been receiving for criminal attacks on all levels from hack attacks through network switches, to malware attacks, ATM attacks, online transactions and the list goes on. The amounts seem to be expanding and very secretly banks are sharing some data with the financial industry so that they can get some protection. And then I become paranoid again (I just love this part!!) like the police guy from Breaking Bad that he is looking to find who is the “Heizenberg” only to find some several seasons later that it was his brother in law.

Thinking about it , it is not so far fetched at all. Globally the economic crisis has hit all countries at the point where people are becoming homeless and without the means for basic sustenance for them and their families. So it is not so difficult to see how at this moment a guy working in the IT industry , can think of getting bad. One can say “what the heck I will get back at those banks that got my house and you know what I have the tools to do it!!!” (Remember Heisenberg’s case - 'He's a great father, a great teacher. He knows like everything there is to know about chemistry!!)

One can begin questioning “How can this be?” is it so easy to break in into multi million dollar systems? Investments and R&D that has costs millions or sometimes billions can it be broken so easy? Well the answer is in the figures. Since I can remember I can see slides from my own company (the one I work for Joe!) that show that attacks become more frequent and take less time to complete, they are more high-tech and more organized. Well this happens also because those millions of R&D dollar that you paid for it went as knowhow into the brains of people and now it is a statistical result that this will happen.

So we have reached to the point that someone, say at the age of above 50, working for many years in the financial industry decided to turn ‘bad’. He will know for example what is client-server, what is XFS, ISO, 3DES, what all protocols mean and how to use them in communication and I don’t mean he will know them by name only. This guy knows how to take compression and encryption in pieces! Examining his profile further we would agree then that this guy must have started from early ages of programming maybe not interested in high caliber jobs or social networking has killed possible prospects (so he might not have ended as a director) but he still knows “C” (hehe)! So this guy can decide to design a black box to attack ATMs or to design a malware that can spew money out of the ATM or if he is a little younger to decide to go for the online heist or the mobile app nightmare.. Of course his problem in the end will be how to explain all that money to his wife (or girlfriend) !! (That’s the real police)!

So where I am getting to? That knowledge today is wide and roaming open. Security is (obviously) not at high levels at the high tech companies that we are working for. What can we do? First check well who you are hiring in some detail and I don’t mean if he has a bad credit only. Second try to keep people around and don’t think that firing people is without consequences specially if they have deep knowledge of your operations or your industry operations in general. Signing an NDA will mean nothing if ‘Heisenberg’ will tip off the scale. Third be honest with your employees and keep a career path for everybody not only those who know people there are also those who know things. Fourth, instruct your HR to be genuinely interested in the general prosperity of your employees.

If you think these suggestions are na?ve, think again on how much money you could lose from from law suits against your technology after all remember Saul Goodmans quote "If you're committed enough, you can make any story work”.