I don’t know much about embezzling but what I do know I learned from this;
Interesting and somewhat disheartening that this (and the related problematics, like how to detect such situations in an organization and how to defend against them or at least mitigate the outcome) is not getting more attention. While a silly CSS-joke shirt does.
T-shirts are easy, jokes are usually explainable. Some people even claim to be able to understand CSS.
This, not so much. If someone is hell-bent on screwing over an organization from a position of trust, they will find a way to do it. Checks and balances can be avoided, forged or just plain ignored for long enough to do damage.
You cannot prevent it. You may be able to mitigate it, by spreading the trust between multiple people, cycling them between positions, have read-only access shared by multiple people even when only one has the read-modify-write access (e.g. in accounting)…? Something like “checksums” where things require so much effort and system subverting to go undetected that the effort/subverting itself raises red flags?
Is there an architectural solution for an organization that would make such things more transparent? Can we get inspiration from e.g. forensic accounting and fraud-suppression techniques in corporate finance?
The harder issue is how to stiffle transfer of secrets; in this case the culprit becoming a FBI informant. Here a possible help could be a way of compartmentalization of access to the most sensitive data, and minimizing the amount of the sensitive stuff (fewer things are easier to guard). Lots of prior art here again in corporate (and military) security.
There is no clear simple solution here. But there are ways for mitigation and being prepared… the question is, which ones are the best for this kind of organization as one size never fits all, unless it’s a Pokeball.
I wish this asshole would go to a good American prison where they stab snitches. FBI informants should be burned to death in the street as a message.
This topic was automatically closed after 5 days. New replies are no longer allowed.