The Bankwatch

This is a fabulous post.  It is fabulous because it shows the folly associated with every banks walled garden approach to security. 

The message here is that you (bank) must assume your personnel network is compromised.

Hacking Your Bank | SNOSOFT RESEARCH TEAM

Because this engagement required stealth, we focused on the social attack vectors and Social Reconnaissance. We first targeted FaceBook with our “FaceBook from the hackers perspective“ methodology. That enabled us to map relationships between employees, vendors, friends, family etc. It also enabled us to identify key people in Accounts Receivable / Accounts Payable (“AR/AP”).

After investigating a few social network sites they applied for a job after carefully reviewing the specs.  The result:

Upon completion of our screening call, we had sufficient information to attempt stealth penetration with a high probability of success. The beauty is that we collected all of this information without sending a single packet to our customer’s network. In summary we learned:

• That the bank uses Windows XP for most Desktops
• Who some of the bank’s vendors were (IT Services)
• The names and email addresses of people in AR/AP
• What Anti-Virus technology the bank uses
• Information about the banks traffic control policies

Based on this information they developed a plan to get inside the bank with the first attack being a pdf invoice containing a compromise.  They were able to do this because they knew the types of intrusion detection used at the bank.  It was all downhill from there.

That proved to be very useful as we were able to quickly identify VNC connections and capture VNC authentication packets. As it turns out, the VNC connections that we captured were being made to the Active Directory (“AD”) server.  We were able to crack the VNC password by using a VNC Cracking Tool. Once that happened we were able to access, the AD server and extract the servers SAM file.

Relevance to Bankwatch:

Traditional security methods and approaches are not adequate.  Banks must assume that every employee in their organisation is vulnerable and will (not may) reveal some snippet of information that associated with other snippets will provide a dedicated attack to obtain enough information to succeed. 

This revelation will result in a different approach to security. 

This is a fascinating graphic representation of China’s investments around the world courtesy of Forbes and hat tip to Shaping Tomorrow.  It covers the 5 years between beginning of 2005 and end of 2009.  We all know that relatively landlocked and rapidly growing China is seeking to address future energy and commodity concerns.

If you go to the link, you can hover over the bubbles to see the specific investments and their are some interesting ones in the financial sector.

US – Visa, Morgan Stanley

UK – Barclays

South Africa – Standard Bank

Three points leapt out at me.

1. the pace of investment is increasing
2. the scope is bewildering, covering all parts of the world
3. energy metals and chemicals number the greatest

The always insightful John Mauldin speaks about the crisis that is Greece and the steps towards another banking crisis.  When you have full countries falling apart this is not good for anyone.  The degree of failure inside Greece is astounding, and will only lead to worse before it gets better. 

The larger impact is on currencies, interbank lending (again) and banking system confidence if it is first Greece, then Spain and Portugal … then?

MACRO-EUROPE: The Titanic is SINKING | Investorsinsight.com

There are no good solutions here, only very difficult ones. In order to get financing, Greece must willingly put itself into a multi-year depression. And borrowing more money when it cannot afford to pay back what it has will not solve the problem. 61% of Greeks now favor leaving the euro. How has Greece responded? By banning short selling on its stock market for the next two months. That should make things better. Greeks are responding by rioting and going on strike. But you truly know when a country is dysfunctional when its AIR FORCE goes on strike. Yesterday Reuters reported that hundreds of Greek pilots called in sick in protest. The response from government? The Minister of Defense said he was "profoundly disappointed." Now that had to make the pilots feel bad.

This request from the American Banking Association. 

            WASHINGTON – Celebrating a combined history of 125 years of excellence in executive education, Stonier and the National School of Banking are launching a major search for more than 21,000 graduates.   The American Bankers Association’s Stonier National Graduate School of Banking is planning a special reunion for alumni and other leaders of the financial services industry at a special two-day event to mark the occasion, June12-13, 2010 in Philadelphia.

            Most of the schools’ graduates hold (or did hold) the title of vice president or senior vice president, while one in five is an executive vice president, chairman or CEO.   Ten percent of graduates represent regulatory agencies.  In every case, they reached the pinnacle of their careers or are the rising stars of their organizations and come from more than 45 states and 15 countries.

            “We want to keep track of all of our graduates,” said ABA Executive Vice President Doug Adamson, “but after many years, we’ve lost touch with many of them, especially those who have retired.  This is a way to bring everyone together again, talk about the old days, and reflect on how banking has changed over the years.  We hope to hear from all of our graduates.”

            Any graduate – from the schools’ inception to the present day – is invited to attend the reunion and is urged to contact Candace Boone at cboone@aba.com or 202-663-5416 as soon as possible.   More information is available athttp://www.aba.com/Events/Stonier_Alumni.htm.

The American Bankers Association brings together banks of all sizes and charters into one association. ABA works to enhance the competitiveness of the nation’s banking industry and strengthen America’s economy and communities. Its members – the majority of which are banks with less than $125 million in assets – represent over 95 percent of the industry’s $13 trillion in assets and employ over 2 million men and women.

For economists and data geeks, the World Bank is today releasing an impressive document containing a host of statistics and economic facts covering all the worlds economies and showing shifts in key areas as noted below.

World Development Indicators 2010 | World Bank

WASHINGTON, April 20, 2010 — The World Development Indicators (WDI) 2010, released today, gives a statistical progress toward achieving the Millennium Development Goals (MDGs).

The WDI database, launched along with the World Bank’s Open Data initiative to provide free data to all users, includes more than 900 indicators documenting the state of all the world’s economies. The WDI covers education, health, poverty, environment, economy, trade, and much more.

“The WDI provides a valuable statistical picture of the world and how far we’ve come in advancing development,” said Justin Yifu Lin, the World Bank’s Chief Economist and the Senior Vice President for Development Economics.  “Making this comprehensive data free for all is a dream come true.”

WORLD DEVELOPMENT INDICATORS 2010

Complete Report as One File(18mb pdf)
http://media.worldbank.org/secure/wdi2010/pdf/complete.pdf

Preface, Acknowledgments, Table of Contents, Partners, Users Guide (1.27 mb
pdf)
http://media.worldbank.org/secure/wdi2010/pdf/Frontmatter.pdf

World View (3.14 mb pdf)
http://media.worldbank.org/secure/wdi2010/pdf/section1.pdf

People (3.03 mb pdf)
http://media.worldbank.org/secure/wdi2010/pdf/section2.pdf

Environment (2.52 mb pdf)
http://media.worldbank.org/secure/wdi2010/pdf/section3.pdf

Economy (3.69mb pdf)
http://media.worldbank.org/secure/wdi2010/pdf/section4.pdf

States and Markets (2.35mb pdf)
http://media.worldbank.org/secure/wdi2010/pdf/section5.pdf

Global Links (2.84mb pdf)
http://media.worldbank.org/secure/wdi2010/pdf/section6.pdf

Primary Data Documentation, Statistical Methods, Credits, Bibliography, Index
of Indicators (521k pdf)
http://media.worldbank.org/secure/wdi2010/pdf/Backmatter.pdf

Congratulations to Paul Penrose and the Finextra team on this milestone.  I am sure most readers know Finextra which has created a world class site that for many of us represents the document of record for goings on in financial services.  For those who are not familiar, check it out and finextra.com

Now we are ten | finextra

Ten years on and 30,000 new stories later, we’re about to emerge from another spectacular market crash, slightly frazzled but in a stronger position than ever before, with the online publishing model vindicated and our monthly page view total fast approaching the five million mark.

Technorati Tags: finextra

This is a complex article at ProPublica that in simple terms illuminates all that was wrong with CDO’s and synthetic CDO’s. These instruments allowed investment bankers like Magnetar to circumvent insider trading rules.  The story of Goldman Sachs being charged by the SEC for fraud is only the beginning.  Financial reform is the last thing many financiers and bankers will have to worry about as this story takes hold.

Magnetar involved all the big names and most are listed here.  You will see many recognisable names, eg. Citi, Wachovia, Deutsche, Lehmans, UBS, Mizuho, JP Morgan.  At this point it appears to be only guilt by association, however there is nothing good or right in this tale.  Propublica quote this participant.  “The deal was a disaster. He shook his head at being reminded of the details and said: “After looking at this, I deserved to lose my job.”

The Magnetar Trade

Magnetar’s approach had the opposite effect — by helping create investments it also bet against, the hedge fund was actually fueling the market. Magnetar wasn’t alone in that: A few other hedge funds also created CDOs they bet against. And, as the New York Times has reported, Goldman Sachs did too. But Magnetar industrialized the process, creating more and bigger CDOs.

Magentar founder Alec Litowitz speaks at a private equity conference held at Kellogg School of Management at Northwestern University in February 2007. (Nathan Mandell)

What Magnetar were able to do was fund the housing bubble and bet against it bursting all at the same time.  They were able to do this using CDO’s and building them all the while knowing the bubble would burst.  The beauty of what they did was to create cash flow to fund their short selling of their own CDO.

Magnetar’s (Nearly) Perpetual Money Machine

By buying the risky bottom slices of CDOs, Magnetar didn’t just help create more CDOs it could bet against. Since it owned a small slice of the CDO, Magnetar also received regular payments as its investments threw off income.

There is an interesting evolution occurring with apps.  If you don’t have an iPhone this may not be immediately evident.  I was not sold on the concept, and remain somewhat sceptical, but there is no ignoring that apps are a success, on iPhone and now iPad.

Cracking the code of apps | ft.com

For users, it is also easier to dip in and out of different tasks without having to deal with software or navigate the web. “There’s no desktop file system, there’s no saving and quitting when you’re finished,” says John Poisson, who recently sold his app company to online photo service Shutterfly. “You just launch an app to do something, then close it and do something else.”

What I continue to wonder about is how this will play out.  Back in the day, 1990’s we had tons of applications (they were called in those days) that we could install.  Gradually we saw the advent of office suites that aggregated core apps.  Much later in the naughties we saw the advent of browser based apps and we even have a browser based operating system in the works.  html5 is clearly going to take over from flash and that adds to the power of the browser. 

Back to iPhone and iPad.  Will the same evolution occur.  I have no doubt that it will and that this excitement about apps will resolve into a serious discussion about what we actually require.  How many times do you have to swipe across pages in your iDevice to locate the app of choice?  Its fun for a short while but when you get serious about it you find yourself sorting pages by app type.  if user behaviour is doing that, then we will see an app do it.  Enter the ‘suite’ concept. 

Then suites will become too heavy and slow and then what … apps in a browser? 

Within the world that we (most readers of this blog)  live in, the words "’financial innovation’ means new online banking services or adding pfm capability to banking services online.  Its all about online.

The major lesson for me from the credit/banking crisis is what financial innovation actually means to the financial community.  Gillian deals with it in this excellent piece.  Financial innovation to the rest of the world means creation of derivatives.

Mathematicians must get out of their ivory towers | ft.com Gillian Tett

No longer. In the three years since the financial crisis exploded, financial mathematics has come in the line of fire, with “quants” and models blamed for fuelling the banking woes. Hence Dr Johnson now has his work cut out, as he tries to defend the world of maths. Or as he told a conference this week: “There [is] a sense of bewilderment amongst mathematicians [about] the view that mathematics was responsible for the crisis.”

While it is a narrow view there is not doubt it is a significant view in terms of the impact on the banking industry.  She goes on to point out the philosophical differences that are arising as the debate evolves amongst the mathematicians, economists and sociologists.

The good news is that if these types of endeavours swell, it could potentially change how financial economics and mathematics is done. The bad news, however, is that it is still unclear whether this will occur. The level of debate between the mathematicians, economists and sociologists remains pretty low. And while many intellectuals and regulators in Europe now seem open to a radical new debate, the intellectual climate in America appears far more constrained. So much so, in fact, that when Mr Soros held the inaugural conference for his institute, he deliberately did this in the UK – and not the US, where (he claims) the sense of intellectual conformity remains too strong.

Then the clincher.  The admission that math is not a perfect science and in fact is used by mathematicians as something to explore.  Yet bankers used it based on assumption of precision and perfection.

Moreover, rewriting the rules of financial mathematics – or economics – risks challenging many vested interests. After all, it is far easier for a Wall Street bank to make profits by plugging numbers into a crude model, than to admit that money could be a cultural or relativist construct.

Nevertheless, now, at least, there is a chance to reshape the debate. What really damaged the financial system in recent years was not so much “maths” or “economics”; instead the crucial problem was bad maths (and economics) that was used and abused. Now, more than ever, mathematicians need to get out of their ivory towers or back offices and state that loudly, not just for their sake, but for economists. And, of course, those bankers.

I have long predicted that innovation within financial services will come from one or two innovative banks but more likely from new entrants.   This morning a note in linkedin from a friend, Scott Wilson, highlighted his new Canadian company with a model that caught my attention.

The typical small business is time starved, suffers cash flow peaks and valleys, and is at the mercy of the larger economy and business cycles.   Bank lending for small business is identical to lending for large businesses, just on a smaller scale.  The rigidity of payment plans in bank products plus the paperwork to get it done is not a comfortable fit for many. 

Bluecap deals with that mismatch by providing Canadian small business financing that has repayment tied directly to the cash flow.  the real novelty is using debt and credit transaction revenue thus providing some measure of risk management to Bluecap, while allowing the small business to repay their loans from available cash flow.

An interesting model and one to watch.

Bluecap.ca

Bluecap™ FlexLoan™ converts your future credit card and debit card sales into cash now that you can use for any business purpose.

• Bluecap pays you a fixed dollar amount now for a fixed percentage of your future credit card and debit sales until your contract obligation is fulfilled.
• Because repayments are dependent on your Visa, MasterCard, Amex and Interac receivables, Bluecap doesn’t get paid unless you get paid, which helps you manage your cash flow during slow periods.
• Benefit from early loan repayment with Bluecap FlexRewards™