A Nigerian IT worker is wanted by police after a major cyber-heist at the bank where he was employed.
38-year-old Godswill Oyegwa Uyoyou is alleged to have brought a team of other conspirators onto bank premises disguised as maintenance workers, and assisted them in accessing bank computer systems.
Once in, they proceeded to initiate transfers amounting to 6.28 billion Nigeria Naira ($40 million, £23.5 million), with the money believed to have ended up in bogus accounts controlled by the gang.
They were apparently in the process of withdrawing funds when their activities were spotted.
Local reports kept the name of bank quiet, describing it only as “a new generation bank”, but others have named it as a branch of Skye Bank, a Nigeria-based banking group operating across western and central Africa.
The scale of the heist may be unusually large, but the way it was carried out is sadly all too common.
Insider risk is a major problem for banks, who can invest all they like in the toughest security at their network boundaries to keep external hackers out, but still have to rely on trusted employees to behave themselves, resist temptation and keep their hands off the huge amounts of funds they may find themselves dealing with every day.
Even without insiders helping them, digitally-inclined crooks seem to prefer to access in-bank systems to carry out cyber heists, rather than trying their luck against the layers of firewalls and other protections shielding networks from external attack, as seen in the failed attempts to rob branches of Barclays and Santander banks in the UK.
In both these cases, as in the Nigerian incident, the robbers posed as technicians to avoid suspicion.
People who are neither really insiders nor untrusted strangers can be very difficult to properly protect against if they decide to break the law, and the trust of those they’re working for.
This is exemplified by notorious contractor Edward Snowden, by the maintenance contractors thought to have been a penetration vector in the Target data breach, or perhaps by the South Korean contractor working for a partner of several major credit card firms, who is thought to be behind the theft of 20 million sets of user data.
The main thing we can learn from these insider or semi-insider incidents is that our approaches to controlling and monitoring what staff have access to may still not be up to the job.
In some spheres, particularly in high-risk areas such as banking, many are getting close to “good enough” at protecting network boundaries, and perhaps will start focusing more on what’s going on inside.
We regularly hear about how well banks and credit bodies are doing at watching out for suspicious activities among their customers, spotting patterns of fraud and connecting them back to a common connection likely to be the root source of a data leak.
It’s likely that, in future, similar techniques will be applied increasingly to workers within organisations, building up complex data sets on what a given person or role normally does and alerting to any unusual patterns.
Indeed, it’s a good bet that such approaches are already well established in places.
It may sound all very scary and big-brotherish, but in years to come we may be blaming these odd bad seeds for breaking employer-worker trust, and making the companies we work for far more intrusively snoopy than the likes of Google, Facebook or the NSA could ever manage.