About two weeks ago, there was a story in the Chicago Tribune about two IT managers who are accused of working together to bilk the Million Dollar Round Table insurance association of more than $1.1 million over a six year span.

According to the Tribune, one of the managers operated an independent tech consultancy who would submit phony bills to the association where the other manager would approve them. They would then split-up the proceeds.

What they did seemed like a lot effort when compared to what a receiving clerk is accused of doing at the Memorial Sloan-Kettering Cancer Center in New York City.

As told in this story in the Wall Street Journal, the receiving clerk "who was responsible for ordering, receiving and stocking ink cartridges for the printers at the facility" spent six years ordering "toner-ink cartridges in bulk, diverting their delivery and then selling them elsewhere."

The clerk is accused of stealing $3.8 million using this rather straightforward approach.

The WSJ says that the clerk - who made $37,000 a year - used the proceeds to get an apartment at a Trump high rise, buy a BMW as well as property in the Bronx and Westchester, go on vacations and on shopping sprees at high-end retail stores. He also saved enough to keep a rather healthy checking account, the Journal says.

Of course, others aren't willing to spend six years accumulating their "wealth", like those gentlemen above.

For instance, a story a week and a half ago in The Times of Indiareported that one out of the three people accused of looting three ATMs of Rs 41 lakh (about $90,000 US I think) was arrested.

According to another but earlier story also in The Times, RS 64 lakh in cash disappeared without a trace from 2 ATMs in Modinagar a couple of weeks ago. The Times said that "neither the ATMs were tampered with nor their vault locks were broken."

To gain unfettered access to the ATMs, a password is need "which happens to be a combination of two six digit electronic code(s)" the police told The Times.

Suspicion first fell on the bank employees who filled the ATMs. However, it soon moved to current and past employees of Writer Safeguard Private Ltd., which as one of its services, loads money into ATMs. The person arrested had worked for the company.

The police also discovered during their investigation, the Hindustan Timesreported, that "14 ATMs of different banks used the same security password to load cash into the machines."

I guess not changing default passwords on digital devices - whatever they may be - is a common problem.

Taking a bit longer - but introducing a bit of sport into the proceedings - one can always play a version of the TV series Storage Wars, where you buy used IT equipment and see whether there is anything exploitable that has been left behind by the previous owners/users.

According to a recent report by the NASA Inspector GeneralPaul K. Martin, NASA hasn't been properly sanitizing its IT equipment before their disposal. For instance, the report says that one NASA center released to the public 10 computers that had failed verification testing and therefore still contained NASA data. Four of those were subsequently examined by the Inspector General's office, with one found still containing data that is subject to export control by the International Traffic in Arms Regulations (ITAR).

Or finally, one can also simply buy used copy machines and apparently with little effort, find sensitive personal data such as payroll data, Social Security numbers and medical records.

As pointed out by this story at CBS News earlier this year, nearly every copier sold since 2002 has a hard drive in it, and that it is typical for these drives not to be sanitized before they are leased, sold or scrapped.

CBS, as part of their story, bought 4 copiers for about $300 each. CBS found tens of thousands of documents still resident on the copiers' hard drives, including hundreds of medical records from Affinity Health Plan, a New York insurance company. This forced Affinity to notify (see PDF here) 409,000 its customers of a "potential security breach" and promise to make sure its copiers are sanitized when they are no longer being used. 

Probably a good idea for all organizations to implement.

The Conversation (0)

Why Functional Programming Should Be the Future of Software Development

It’s hard to learn, but your code will produce fewer nasty surprises

11 min read
Vertical
A plate of spaghetti made from code
Shira Inbar
DarkBlue1

You’d expectthe longest and most costly phase in the lifecycle of a software product to be the initial development of the system, when all those great features are first imagined and then created. In fact, the hardest part comes later, during the maintenance phase. That’s when programmers pay the price for the shortcuts they took during development.

So why did they take shortcuts? Maybe they didn’t realize that they were cutting any corners. Only when their code was deployed and exercised by a lot of users did its hidden flaws come to light. And maybe the developers were rushed. Time-to-market pressures would almost guarantee that their software will contain more bugs than it would otherwise.

Keep Reading ↓Show less
{"imageShortcodeIds":["31996907"]}