It was a week of déjà vu and doppelgangers in the world of IT security, with another rogue financial trader scandal and doppelganger domains stealing data. Here is this week’s IT Security Rewind with all the gory details:

“I need a miracle” – This Facebook status update couldn’t be more appropriate for Kweku Adoboli, the 31-year old City trader at UBS suspected of carrying out Britain’s biggest banking fraud. This week has to feel like déjà vu for the financial industry, as Mr. Adoboli was arrested at his desk yesterday for allegedly losing £1.3 billion through his rogue trades. This case is eerily familiar to the case of Jérôme Kerviel, the Paris-based Société Générale worker who lost £4 billion in rogue trades back in 2008.What’s worse is that UBS only became aware of the unauthorized trading when Mr. Adoboli told them, the bank’s monitoring systems had not picked up the loss. Could this be another situation where privilege identity management could have signaled an early warning? Stay tuned…

“When it absolutely, positively has to be there overnight.” – This week our own Oded Valin shared his thoughts on move file transfers processes to the cloud with Infosecurity Magazine. Boiling his advice down to seven steps, Oded outlined how organizations can safely exchange sensitive files in the cloud while maintaining security and compliance requirements.

Big Data = Big Problems – Dark Reading’s Ericka Chickowski put the spotlight on data warehouses and emphasized that the quicker and easier it is to access these “big data” stores, the greater security risk there is to all of that sensitive information. We have to agree with Ericka on this one, when you put more eggs into the basket (i.e. instead of separate databases you consolidate many databases into a single “big data”) security needs to become a higher priority.

Doppelgangers Stealing Data! –Two researchers who set up doppelganger domains to mimic legitimate domains belonging to Fortune 500 companies say they managed to vacuum up 20 gigabytes of misaddressed e-mail over six months. Of the data collected in the e-mails, Wired reported, were configuration details and passwords for an IT consulting firm’s routers and virtual private network access information for a company that manages toll roads. They also collected a lot of personal information on employees, including credit card statements and bank account records.

Feel like you’ve finally got all the drama figured out? Let us know your thoughts in our comments section!

As the summer heat continues to rise, it’s clear that news about the frequency of IT security breaches refuses to take a vacation.  This week the founder of popular online news site Reddit was caught red-handed while security influencers stayed cool reporting on some real threats for the utilities and government industries. Here is our take on this week’s hottest IT security stories:

• Reddit Founder Hacks into MIT and Gets Himself Caught — Computerworld’s Grant Gross provided us with details of the indictment of the co-founder of online news site Reddit.  Aaron Swartz was charged with computer intrusion, fraud and data theft for allegedly stealing 4.8 million documents from an MIT network. If convicted, Swartz, who is also the founder of the political advocacy group Demand Progress, faces a possible 35 years in prison and fines of up to $1million.
• Be Afraid, Be Very Afraid – We’ve all fallen for “doom-and-gloom-we’re-all-gonna-die” stories that make you want to stock your bomb shelter.  CSO’s Bill Brenner typically takes these reports as B-S; this week however, he shared an interesting report from Brian Ross, “New Terror Report Warns of Insider Threat to Utilities” to which he says “the insider threat is real.” While Brenner is referring to physical security in this particular piece, given the numerous flaws and vulnerabilities reported in SCADA software over the past few months we can’t help but draw the connection to an IT security threat as well.
• Hackers Infiltrate Computers at the German Federal Police and Customs Service – It’s one thing to hack into a system and get the heck out of there – but to stay in that system undetected for say, months, is a whole other ballgame. In what could be an incredibly devastating data loss for the German Federal Police and Customs Service – hackers reportedly gained access to federal police computers in September 2010 and were able steal information undetected for months. In addition, hackers were able to gain access to the German customs service and publish stolen files on the Internet. In the words of an anonymous security officer, “that is pretty much the worst thing that could happen.”

What other hot stories would you add to this list?

Despite our nice little July 4^th break in the U.S.  this week’s news continues  to suggest that 2011 has been anything but an IT security “holiday” for a number of organizations. Let’s take a look at some of the week’s biggest news items:

Big Brother, Where Art Thou? – Remember the consultant who was able to exploit a hardcoded, default password in a police cruiser’s digital video recorder system to gain access to controls and manipulate its use? We thought that was bad news, but now according to figures released by the Big Brother Watch, over 900 police officers and other staffers were subjected to internal discipline for breaching the data protection act (DPA) in the U.K. It’s one thing when law enforcement’s technology is susceptible to a data breach, it’s another when the actual officers are illegally viewing computer records for “non-policing purposes.” Talk about an abuse of privileges.

Not an Even Trade Between U.S. and China - A ThreatPost article details the arrest of a CME Group employee who allegedly stole trade secrets and proprietary source code used to run trading systems for the Chicago Mercantile Exchange and passed them along to China. The implications here obviously are far reaching as the employee downloaded “thousands of files” containing “source code and proprietary algorithms” used by CME to run its trading systems.” What is unclear, however, is how he gained access to the systems—was it through an escalation of privilege to access this sensitive information?

IT Security Rewind, uh, Rewind – Clearly, we think it’s important to recap the week’s most important IT security related developments, so we are always excited to identify similarly detailed reports, like this one from Help Net Security, that covers recent security incidents. The report recaps some of the biggest events of the year—from RSA to Citibank—and highlights the impact of the breaches on the organizations and their users.

That’s it for this week—thoughts? Comments? Bring ‘em on.