Accepted wisdom has it that insiders are now the biggest threat to a companys network, but its still rare to get a glimpse of how such events actually unfold.
An unusual and perhaps atypical example has come with last weeks story of the security head at the Helsinki branch of banking outfit GE Money who is alleged to have given thieves passwords to access an account at the bank. This was then emptied of 200,000 Euros (about £135,000 or $245,000) by hijacking a wireless home network in a nearby building to cover their tracks.
The crime would have been noteworthy if it had not been committed using a laptop belonging to the bank, identified by its MAC address in the logs of the wireless router used to access the account. This elementary error led police back to the head of security, who now faces jail time.
Its tempting to draw a technical moral from the story. Home networks should be better secured from such hijacking, and banks shouldnt allow their own networks to be accessed through ad-hoc access points. Equally, no security measure yet invented can stop an insider from attempting such an attack. Insiders will always be dangerous not because of what they do but because of what they know.