R300-million Standard Bank credit card theft may have been inside job: Expert

Sinbad

Honorary Master
Joined
Jun 5, 2006
Messages
69,684
How about getting someone with some credibility?
Just because he says he's an expert, doesn't mean he is one.
 

ToxicBunny

Honorary Master
Joined
Apr 8, 2006
Messages
87,003

Kosmik

Honorary Master
Joined
Sep 21, 2007
Messages
20,377
Speaking on RSG, Von Solms said the theft may have been an inside job, where a Standard Bank employee had access to the credit card information of clients and sold it to a criminal syndicate.
Lol really, they'd be better off polling myBB members.
 

Mike Hoxbig

Honorary Master
Joined
Apr 25, 2010
Messages
35,475
I think he is quite right actually. I always suspected it.
Doesn't take a genius to figure it out. Any one of us could have gone on air, said the same thing, and would have been labelled an expert...
 

Emjay

Executive Member
Joined
Jun 18, 2005
Messages
8,698
Well, he is probably more educated and experienced than anyone in this thread:
Prof SH (Basie) von Solms is a research professor in the Academy for Computer Science and Software Engineering at the University of Johannesburg, in Johannesburg, South Africa. He is also the director of the Centre for Cyber Security at the University of Johannesburg (adam.uj.ac.za/csi). Prof von Solms specialises in research and consultancy in the area of information and cyber security, critical information infrastructure protection, cyber crime and other related cyber aspects. He has written more than 100 papers regarding this field – most of which have been published internationally.

In addition, he has supervised more than 100 post-graduate students in the ICT field. Prof von Solms is the immediate past president of IFIP, the International Federation for Information Processing (www.ifip.org). He is a fellow of the Computer Society of South Africa, and a fellow of the British Computer Society and a chartered information technology professional (CITP).
http://www.itweb.co.za/index.php?option=com_content&view=article&id=70345

But you guys all understand the bank's underlying systems and processes, so how can he be right? Right?
 

ToxicBunny

Honorary Master
Joined
Apr 8, 2006
Messages
87,003

Kingofmybbknowitalls

Senior Member
Joined
Sep 16, 2015
Messages
658
How about getting someone with some credibility?
Just because he says he's an expert, doesn't mean he is one.
I can vouch for his credibility as I have worked with him before.

He has been in the game longer than most of us have been alive.

Don't know why he is sticking his neck out these days though.
 

Emjay

Executive Member
Joined
Jun 18, 2005
Messages
8,698
I would expect certain people on this forum to have a MUCH better understanding of the underlying infrastructure as well as security policies etc etc employed by the banks.
I don't. And I work in ICT. I can tell you one thing: no one understands the big picture. Everyone has a good understanding of their specific areas, but understanding all the systems and processes from all the different areas is massive.

I have heard of a few horror stories that make me question our banking technologies and systems. One bank had a hack recently and they have undergone a massive shakeup. They let go of quite a few staff members, etc. They are cleaning house. Another bank is trying to clean up its environment as some systems still had access to others, but those others were not in use any longer. People set up stuff, forgot about it, they left and those systems just kept chugging along.

Problem is that the banks are so slow in doing anything. Want a high level position in one of the big four, such as a solutions architect or infrastructure manager? The expedited interview process took 4 months from initial interview to letter of offer. Imagine how long it takes to fix or change something if hiring staff takes that long. I shudder.
 

Nerfherder

Honorary Master
Joined
Apr 21, 2008
Messages
25,022
Where the actual fek did this Basie fellow come from?

He spouts a fair amount of nonsense in my opinion... Not entirely sure he is qualified to be the Director of the Centre for Cyber Security at UJ
Was the head of department for CS at UJ when I was there.

Never liked him myself but he did manage to credit me with a degree after I cornered him in his office for 30 mins... so in the end not a bad Ou
 

Brakanjan

Well-Known Member
Joined
Oct 15, 2010
Messages
232
But SB has confirmed the transactions were going through against dormant or fake cards, not a single transaction went through on a client's actual credit card. So it has been clear no actual valid credit card details were leaked or sold or skimmed, it was done via another approach or hole in the system. Clients did not have fraudulent transactions that later got reversed by the bank, it's like it was dormant or new cards, whatever the situation was. Is he so stupid that he can't even follow the news in his own sector? Nothing of what he said had any relevance or meant anything valuable, he just spews garbage out of his mouth. Yes it was probably an inside job, but don't go spreading crap like credit card details were sold, as if actual client accounts got affected by this. He is the same like that Khan dude who keeps on going on about the please call me.
 

cozinsky

Expert Member
Joined
May 17, 2006
Messages
2,641
"But SB has confirmed the transactions were going through against dormant or fake cards, not a single transaction went through on a client's actual credit card. So it has been clear no actual valid credit card details were leaked or sold or skimmed, it was done via another approach or hole in the system. Clients did not have fraudulent transactions that later got reversed by the bank, it's like it was dormant or new cards, whatever the situation was."

I think this is a correct summary of the breach. Therefore it must have been an inside job targeting Standard Bank's own accounts. I think Standard Bank should man up and inform the public how the breach occurred and how it was done to avoid a recurrence. The other banks should also know so they should not fall victim to the same scam. Standard Bank silence just leads to more conjecture and speculation.
 

Emjay

Executive Member
Joined
Jun 18, 2005
Messages
8,698
"But SB has confirmed the transactions were going through against dormant or fake cards, not a single transaction went through on a client's actual credit card. So it has been clear no actual valid credit card details were leaked or sold or skimmed, it was done via another approach or hole in the system. Clients did not have fraudulent transactions that later got reversed by the bank, it's like it was dormant or new cards, whatever the situation was."

I think this is a correct summary of the breach. Therefore it must have been an inside job targeting Standard Bank's own accounts. I think Standard Bank should man up and inform the public how the breach occurred and how it was done to avoid a recurrence. The other banks should also know so they should not fall victim to the same scam. Standard Bank silence just leads to more conjecture and speculation.
This is the thing. How did they find "the hole in the system". There has to be some insider knowledge of systems, policies and/or processes. They would have had to use social hacking or an insider (within SBSA or from one of its partners, suppliers or contractors).

But SB has confirmed the transactions were going through against dormant or fake cards, not a single transaction went through on a client's actual credit card. So it has been clear no actual valid credit card details were leaked or sold or skimmed, it was done via another approach or hole in the system. Clients did not have fraudulent transactions that later got reversed by the bank, it's like it was dormant or new cards, whatever the situation was. Is he so stupid that he can't even follow the news in his own sector? Nothing of what he said had any relevance or meant anything valuable, he just spews garbage out of his mouth. Yes it was probably an inside job, but don't go spreading crap like credit card details were sold, as if actual client accounts got affected by this. He is the same like that Khan dude who keeps on going on about the please call me.
The people who stole the money would have had to have at least knowledge of the following:

  1. The card numbers
  2. Knowledge that these cards had funds allocated to them from a suspense account
  3. Limits on the cards
  4. Total value on the suspense account
  5. Confirmation that the cards will work internationally

How would they pull off this hack without that info at the very least? That info will originate from the bank.
 
Last edited:

SilverCode

Senior Member
Joined
Feb 26, 2004
Messages
591
Von Solms said the theft may have been an inside job
It may have also been a gang of knife wielding hamsters mugging old ladies of their credit cards, but much like Ou Basie I have no proof of this and mentioning it brings nothing to the table, so I will keep quiet, like Basie should do.

RSG really need to find a new "expert"
 
Top