Bailout and SOX whistleblowers………

$700 billion – and no one saw it coming??

I find that hard to believe, especially in light of the fact that 80 or more Sarbanes-Oxley whistleblower cases were filed against financial institutions, including mortgage brokerages, investment banks and other financial institutions that are now currently screaming that they made bad decisions in regards to loans and leverage and need the American taxpayer to foot the bill.  Boohoo.  Many of these cases filed included details about the problems within the industry and they date back to 2003 or earlier.  Four cases were filed against Fannie Mae, that outlined how Fannie Mae made “mistakes” in their books in the billions of $$$.

Here’s the problem, the same I ran into, so you discover the trouble within the company you are working for, get fired for not playing the corporate game, then there is no where  you can go to report the problems. Dept. of Labor/OSHA – what  a joke.  What do THEY know about financial issues?

Nothing is done………..and no one seems to care.

They are caring now – again, it takes a disaster to get our government to pay attention to a problem.  Prevention – OH NO, we could never do that.

Palin’s Email Hack – How it was done………..

No fancy hacking and cracking – just some Sam Spade type snooping??

… Just whodunnit remains unclear, but details of just how the hack was executed have been emerging today — and it was embarrassingly and eerily simple.

“This is much bigger than Web-based email insecurity. This is the inherent danger of the current hype around ‘cloud-based computing.’ There is no cloud, just a lot of fog around the security and privacy vulnerabilities surrounding online data of all kinds. Email, office collaboration, everything,” says Randy Abrams, director of technical education for Eset….

Palin’s Yahoo account had been in the limelight this week after reports that she had used her personal email account to conduct official state government business.

Initially, the Anonymous group, best known for its online protests against the Church of Scientology, was pegged with the hack, but the group has since posted a message on its site denying its involvement. The latest word is that it may have been a one-man effort, according to a Wired.com post. The person claiming to have executed the hack said in a post (which has since been removed) on the 4chan bulletin board site that he used Wikipedia to get Palin’s birthdate, her ZIP code, and then Googled for information for her security question — where she met her husband — in an effort to trick Yahoo into reassigning her password.

Her password was reportedly changed to “popcorn,” according to the Associated Press report.

Security experts say Yahoo’s “forgot-my-password” service was basically fooled into giving up Palin’s account to the attacker. Once he got enough information to go on and pose as Palin, he could easily grab control of her email account.

Wow – just wow………….I’m even more dumbfounded at the thought that ANY political figure would use YAHOO for email………….

Gov. Sarah Palin’s Email Hack

I don’t know how many other state governors utilize yahoo.com email but I hope they will rethink this knuckleheaded practice after what has happened to Gov. Sarah Palin.

John McCain’s campaign said Wednesday it has contacted “appropriate authorities” over a report that Republican VP candidate Sarah Palin’s personal e-mail had been hacked.

“This is a shocking invasion of the Governor’s privacy and a violation of law,” campaign manager Rick Davis said in a statement. “The matter has been turned over to the appropriate authorities and we hope that anyone in possession of these emails will destroy them. We will have no further comment.”

The statement came hours after a user on the Web site WikiLeaks said he had gained access to Palin’s Yahoo e-mail account. Screenshots of the e-mail messages and photos of the Alaska governor’s family were published on that Web site and later on gossip Web site gawker.com.

FBI Spokesman Eric Gonzalez in Anchorage, Alaska confirms to CNN an investigation is underway.

“We are aware of the allegations and we are coordinating with Secret Service as far as the allegation that someone has hacked into Governor Palin’s personal e-mail account,” he said. “We are going to be working a joint investigation with Secret Service on this.”
Brian Hale, an FBI spokesman in Washington, also confirms the FBI has been contacted about the incident. Two federal law enforcement sources say the FBI and Secret Service would have concurrent jurisdiction normally on a matter such as this, but it remains to be seen if the Secret Service will take the lead on the investigation because Palin is a protectee.

The e-mails shown include one from July between Palin and Alaska Lt. Gov. Sean Parnell and another dated earlier this week from Amy McCorkell, the woman Palin appointed to the Governor’s Advisory Board on Alcoholism and Drug Abuse in 2007.

Palin has faced criticism for using a private e-mail account to conduct some state business – prompting critics to allege she was attempting to hide information from the public record.

 I don’t know if she was attempting to hide anything, but this is just a very naive thing for a public figure to be doing – even prior to her being chosen as John McCain’s running mate.

To me this belongs in “Knuckleheads in the News.”  Of course I’m not condoning anyone hacking her account – but given the opportunity, especially in the case of someone who has rocketed to national attention in such a short period of time, hackers are going to “do what they do.”

San Francisco’s Problem “Child”

Terry Childs is still locked up, but continues to give the City of San Francisco plenty of headaches………..

With costs related to a rogue network administrator’s hijacking of the city’s network now estimated at $1 million, city officials say they are searching for a mysterious networking device hidden somewhere on the network.

The device, referred to as a “terminal server” in court documents, appears to be a router that was installed to provide remote access to the city’s Fiber WAN network, which connects municipal computer and telecommunication systems throughout the city. City officials haven’t been able to log in to the device, however, because they do not have the username and password. In fact, the city’s Department of Telecommunications and Information Services (DTIS) isn’t even certain where the device is located, court filings state.

The router was discovered on Aug. 28. When investigators attempted to log in to the device, they were greeted with what appears to be a router login prompt and a warning message saying “This system is the personal property of Terry S. Childs,” according to a screenshot of the prompt filed by the prosecution.

The disclosure is the latest turn in a bizarre story that has made headlines in San Francisco for the past two months. Childs, a network administrator with DTIS, was arrested June 12 on charges of network tampering after he refused to provide his superiors with administrative access to the city of San Francisco’s network, which he had managed for the past five years.

Initially Childs refused to hand over administrative passwords to the city’s routers, which had been configured to wipe out all configuration information if they were reset.

After a dramatic jailhouse meeting with San Francisco’s mayor one week after his arrest, Childs handed over the data, but DTIS Chief Administrative Officer Ron Vinson said Wednesday that the city now expects to spend more than $1 million to clean up the mess. To date, DTIS has paid out $182,000 to Cisco contractors and $15,000 in overtime costs, he said in an e-mail interview.

The city has also set aside a further $800,000 to address the problem. Vinson did not specify what the additional money was expected to cover, but if the city has to hire network consultants to remap, reconfigure and lock down its network, this would not be an unreasonable estimate. The city has also retained a security consulting firm called Secure DNA to conduct a vulnerability assessment of its network.

Meanwhile, Childs remains in county jail, held on a $5 million bond. His supporters say he is a dedicated city employee who was pushed too far by incompetent management, while the county’s district attorney argues that he concealed a violent criminal past when hired by the city and remains a threat to the city’s network. Childs served prison time following a 1983 robbery conviction, a fact he concealed in his city job application forms.

In court filings, prosecutors say Childs has not provided passwords to city-owned encrypted hard drives or access to two Corsair Flash Survivor USB drives that may contain sensitive information.

In a report filed before the city disclosed the hidden router, a court-appointed expert witness for the defense wrote that DTIS could easily prevent Childs from accessing the networks. “I have seen no evidence that Mr. Childs is a ‘computer hacker,’ and by taking a number of simple steps, DTIS could block access by Mr. Childs to San Francisco networks,” wrote Doug Tygar, a University of California, Berkeley computer science professor.

Childs’ next court appearance is set for Sept. 24. If convicted, he faces up to seven years in prison.

I have to think there is some merit to Childs’ charges that his management was incompetent – if they weren’t this never would have happened.

Good for Senators Grassley and Leahy………

Well, I’m glad that someone from the Hill is finally starting to take notice of what’s happening in the Dept. of Labor regarding SOX whistleblower cases:

Two U.S. senators accused the Department of Labor of violating the “spirit and goals” of a federal law aimed at protecting employees who report corporate wrongdoing, and called on the agency to stop rejecting claims from workers at subsidiary companies.
In a letter to Secretary of Labor Elaine Chao, Sen. Patrick Leahy, a Vermont Democrat who is chairman of the Judiciary Committee, and Sen. Charles Grassley, an Iowa Republican who also is on the committee, wrote that they were dismayed that the “administration — the Department of Labor in particular — has been using overly restrictive interpretation of this law to dismiss a majority of the complaints” filed under the whistleblower-protection provisions of the 2002 Sarbanes-Oxley Act.
Sen. Leahy and Sen. Grassley, who wrote those provisions, said that “there is simply no basis to assert” that employees of the subsidiaries of publicly traded companies aren’t covered under the act, as the department has asserted in numerous recent cases.
The letter cited an article in The Wall Street Journal last week that reported on the department’s stance. Department records show the government has ruled in favor of corporate whistleblowers 17 times out of 1,273 complaints filed since 2002. An additional 841 cases have been dismissed, the records show, with many of the dismissals made on subsidiary-exclusion grounds. The rest of the cases are either pending, withdrawn, or were settled.
In a statement, the Labor Department said it would respond fully to the concerns of the senators. But the agency said, “We are confident we are correctly enforcing the statute, and do not believe the text of Sarbanes-Oxley as written supports the broader reading that employees of subsidiaries are automatically covered.”
Tom Devine, legal director of the Government Accountability Project, a nonprofit group that promotes whistleblower rights, called the department’s stance “dysfunctional,” saying: “This one is a no-brainer. There is nothing in the law that allows for that type of loophole.”
The senators asked the department to supply documentation and a response supporting the agency’s position — and until that time, to suspend its interpretation that exempts employees of subsidiaries.
The department’s Occupational Safety and Health Administration enforces the whistleblowers’ provisions, which prohibit publicly traded companies or “any other officer, employee, contractor, subcontractor, or agent of such company” from retaliating against employees who provide information or assist in investigations related to alleged fraud.
In their letter, the legislators wrote that the whistleblower provision was a direct response to fraud perpetrated by Enron Corp., “through the misuse and abuse of its shell corporations and subsidiaries.”
Cases dismissed on the subsidiary-exclusion rule include whistleblower complaints against the German manufacturing conglomerate Siemens AG, London media titan WPP Group PLC; ING Groep NV of the Netherlands; Alabama insurer Torchmark Corp.; and Florida investment firm Raymond James Financial Inc. The companies have declined to comment on the cases.
Another pending case involves UBS AG, the Swiss bank. An attorney says the Labor Department has asked him to show that the UBS unit that employed his client is covered under the act. UBS declined to comment.

I hope the letter does some good – but the federal courts need a good talking to also………

http://online.wsj.com/article/SB122101918024118495.html?mod=hpp_us_whats_news

Good for Germany…..whistleblowers get results………..

I am applauding the German interior this morning for his response to information given to him by a whistleblower on the ease of trading consumer’s PII (personally identifiable data):

Germany’s Interior Minister, Wolfgang Schäuble, vowed today to tighten the laws governing how data on German consumers can be gathered, sold, and traded. Schäuble’s declaration comes after a call center whistleblower, Detlef Tiegel, handed a CD containing the banking details of some 17,000 German citizens over to the authorities. The information in question had been obtained (possibly purchased) by the unidentified company that employed Tiegel. The initial 17,000 records were only a fraction of the roughly 1.5 million records Tiegel claimed he could produce.

German officials took the man’s claims seriously enough to open their own investigation, and were dismayed when they were able to purchase 6 million records of personally identifiable information (PII) for a paltry €850 (~$1,220). Minister Schäuble called a meeting today in Berlin to address the situation and share his concerns with multiple ministers within the German government. Attendees included data protection commissioner Peter Schaar, Justice Minister Brigitte Zypries, Economy Minister Michael Glos, and Consumer Affairs Minister Horst Seehofer. Representatives from several German states were also in attendance. …

 I only wish the US would begin taking action such as this………….

http://arstechnica.com/news.ars/post/20080904-whistleblower-prompts-review-of-german-data-protection-laws.html

Whistleblowers win out – FOR ONCE………..

(Glad to be back posting again – I’m finally able to come up for air after my company’s first PCI audit – which we did very well on).

I had to admit to a certain amount of internal glee when I heard that Detroit Mayor Kwame Kilpatrick FINALLY decided that resigning might be the best thing to do for the city.  I’ve been following Kilpatrick’s case now for over a year, and I was dumbfounded at how much he was able to live in denial about his obvious misbehavior in office.  Mr. Kilpatrick is one of the biggest hypocrites I’ve ever seen – and in a city that is so in need of good role models in high office.

The Detroit Free Press (a fine newspaper) has done an outstanding job of following the issue, and I know the city is breathing a sigh of relief now that this horrible scandal is finally drawing to a close.  Here’s the latest:

The first official step in the transfer of mayoral power takes place at 10 a.m. today, when outgoing Mayor Kwame Kilpatrick and incoming leader Ken Cockrel Jr. are scheduled to meet in the mayor’s office.

Bound to be part of the discussions are Kilpatrick’s 100-plus appointees, who serve at the mayor’s pleasure. The group will give up their appointments when the mayor leaves office Sept. 18, a spokesman said.

Cockrel has said he intends to keep some of Kilpatrick’s staff.

Also on Cockrel’s plate is leadership in the Detroit Police Department after Chief Ella Bully-Cummings announced her retirement last week. The future mayor labeled as bizarre Kilpatrick’s decision to have two police executives share the duties of the department.

Cockrel spokesman Daniel Cherrin said there would be no short-term issues in running city departments because Cockrel also is looking to promote from within.

Cockrel has not announced whether he will move into the mayoral residence, the Manoogian Mansion. Kilpatrick, who pleaded guilty to two felonies Thursday stemming from the text message scandal, also has not announced his plans for the near future.

Hopefully now the good people in Detroit can get past this and focus on the many challenges they have in their city…………

http://www.freep.com/apps/pbcs.dll/article?AID=/20080908/NEWS01/80908015#