October 29, 2006

SWIFT breach - Big Brothers

SWIFT won two Big Brother awards at last week's Austrian presentation. The first was in the "finance" category, underscoring the relationship between Orwell's despotic prediction of the future and the control of money and payments.

Nothing in English, it seems. The second Big Brother award for SWIFT was the "public voting" category. Surprisingly, the public voted that SWIFT was the worst thing that had happened to them over the last year, against other things that the Austrian people may have had much more exposure to.

This is somewhat significant as it signals how the SWIFT scandal is of wide-reaching impact. SWIFT has not handled it well, reacting in the worst possible way -- to suppress and deny the scandal where they could.

As an example of that poor handling, it is slowly becoming more clear that their responses are not honest. Last blog entry I pointed at this strange comment in responses to questioning by Quintessenz's Erich Moechel:

No, SWIFT does can not provide this type of data. It is important to understand that SWIFT does not have the means to read the information inside a message. SWIFT can only read the information necessary to route the messages across its network from bank A to bank B. In this respect SWIFT is similar to a postal service.

I don't believe that. To check, I've now talked to others that are in the finance sector and have some view on this, and universally, nobody else believes it either. Some research however has not been able to turn up a comprehensive answer, so it is not conclusive as yet.

If SWIFT are being honest, now's their chance to confirm. If they are spreading lies, now's the time to sack their Public Relations department, along with their security department, their privacy people, and their bank relations people.

Heck, sack the whole board. But that would be asking Europe's banking community to show some spine. Corporate governance is not going to come from the ECB and its flock.

Posted by iang at October 29, 2006 11:39 AM | TrackBack

SWIFT and every other large utility used for finance is monitored and controlled by status quo parties of interest. If and when information becomes critical for the hiding of interested parties or the fabrication of information is required then it is done from the inside out with not external trail to smudge. Identity control is the ultimate goal so that the refined despots of the world can dominate, ideas, education, industrial production, consumer spending habits, and all sorts of interesting things. Early in the last century transportation and the control of it became the critical component that allowed Standard Oil do dominant that burgeoning industry. SWIFT, DTC, and other utility organs are the transportation hubs of modern commerce and their control insures that parents that send their children to selective prepartory institution have a legacy of power to hand down. The goose that laid the golden egg called electronic transfer is held together by trust but its not our trust they require its theirs and this established separate class will when they choose to undo all that stand in their way.

Posted by: unknown at October 29, 2006 02:35 PM

I just stumbled across this site, and I'm trying to decide if it's worth my time. You purport to be some kind of expert on cryptography, yet you are unable to even configure SSL (https) properly for your site, and even worse, you seem to have no clue when it actually makes sense to use cryptography at all.

In other words, I access this site through the www.financialcryptography.com domain with a regular non-encrypted connection, yet my browser pops up an invalid certificate for www2.futureware.at?

First, if you need to have secure connections to your site for some reason, get a properly signed certificate for your proper domain.

Second, I looked at your source to see what on earth you need secure connections for, and it's only for the god damn stylesheet. Who the hell uses a normal connection for the content, yet an encrypted one for the stylesheet? It only causes an "invalid certificate" pop-up each time I open your site, with no discernible benefit whatsoever.

And I'm supposed to trust your opinion on security and cryptography issues?

The content does seem interesting to be sure, but this level of cryptography misuse is simply pathetic, and casts a huge shadow on your credibility.

Posted by: Grnch at November 18, 2006 03:47 PM

Has there been progress on the prosecution of SWIFT under privacy laws? The last thing I read was from the Belgium privacy commission here http://cryptome.org/bepc-swift.htm

Posted by: darren at November 19, 2006 05:48 AM
Post a comment

Remember personal info?

Hit preview to see your comment as it would be displayed.