The London Evening Standard recently ran a story about a German bank clerk who is supposed to have "nodded off at his keyboard during a transaction."
Apparently, the clerk was typing in an amount of 64 Euros and 20 cents when he fell asleep and his keyboard's auto-repeat took over.
A transaction of €22,222,222.22 (about $30m) was processed instead and inadvertently approved by his supervisor.
The supervisor's supervisor spotted the double-blunder and headed it off at the pass, but the intermediate supervisor was sacked for letting the transaction go through in the first place.
→ The story claims that this all came to light because an industrial tribunal in Germany decreed the supervisor's punishment to be too harsh, considering that she had already been expected to vet 812 documents that day, spending "just over a second" on each one. She was reinstated.
There are lots of unanswered questions in the story, which makes you wonder how much of it is urban legend, extrapolated somehow from details that were lost or altered in translation.
- If you fall asleep while typing, even just for a tiny micronap, does your finger really tend to keep one key held down, or does it relax and release its pressure altogether?
- If you are typing in SIX FOUR decimal-separator TWO ZERO and you fall asleep and manage to hold down the digit two, don't you end up with €64.2222222222 (or perhaps €64,222,222.22 if the decimal is automatic)?
- If you fall asleep at the digit two, don't you wake up to a beeping keyboard buffer in an filled-up number-entry field because you haven't pressed [Enter]?
- If you expect your supervisors to cross-check multi-million Euro money-movements mixed up with ones for under €100, don't you program in some kind of approval speed-bump to ensure that the giant-sized transactions get more than a second of attention?
So, who knows what really happened in this case?
Nevertheless, it's a great story, and (I bet you're wondering if I'll manage to squeeze a generic computer security lesson out of it) contains a generic computer security lesson for us all.
We know that there are some tasks that we simply oughtn't to attempt when our judgements are impaired, say through tiredness or alcohol.
Driving cars, shooting firearms and performing orthopaedic surgery, for example, are activities that are best avoided under such circumstances.
Yet many of us insist on living our digital lives logged in semi-permanently to sites such as Facebook, Twitter, webmail and more, thus actively and unashamedly inviting upon ourselves exactly this sort of 22-million-Euro-blunder moment.
It's not just that we're more likely to initiate an unwanted bank transaction (or send an unintentionally ruinous email) while we're tired or lit.
It's that by leaving ourselves logged in unnecessarily, we make it easier for our computer to do just such a thing if it becomes impaired, for example through misconfiguration or malware infection.
It's a lot less convenient to have to keep logging into and out of your email account, your blog site or your favourite social media account every time you want to tell the world something new.
But do you really have so much to say, at such short notice, that this is an inconvenience you can't tolerate?
If you are the sort of user who likes to log in and stay logged in, especially to on-line services, why not give yourself a week's trial of logging out whenever you can, especially from on-line services?
Try it: you may thank yourself one day.