Security Awareness and Training

This thread is worth a gander

{Broken URL deleted}

Suffice to say that the Star of the Colombia OTR thread was caught out by a similar "job advert" �a few years ago. �Lots of candidates were interviewed for a lucrative corporate security job abroad, nobody was ever recruited. �Funny old thing that !

Interestingly, SUBJECT has not posted for about 4 weeks now. Obviously nothing to do with �backroom work by the "Padlock Counters" then? 8) �

Hope admins remember to delete his account like para 5.5 at SANS recommends



Do not, under any circumstances, use the same e-mail address for Arrse, as an e-mail address you may have knocking around on the web. It makes it all too easy to identify you. remeber, the more dedicated, or not so dedicated intelligence gatherer, can find out a shedload about you in no time at all.

Go and open an Arrse only hotmail account, if you want to carry on conversations off-board. It's handy for MSN messenger too.

But remember, as Subsonic has pointed out, People or their actions, may not be the same as you expect.

Mr. ForgottenHisBloodyPasswordAgain :)


Good point; some of us are forced by circumstance to chase every buck in those climes.  Recently, a former Corps body,  a defrocked Queensman and an ex Gunner presented themselves for interview by a strange but very gabby object who had managed to fool one of the quasi-official resettlement groups about his status.    What the creature was up to is anybody's guess, but he certainly hasn't paid any expenses yet.  There are a couple of other weirdo types out there who I've had the displeasure of meeting/talking to over the last couple of years; if anybody on this board gets an offer which seems a little too good, especially in MEA security, post a note and we'll talk about it.


...speaking of which, there is a very strange former truckie (chucked out of Angola where he posed as a security adviser and probably about to be given the heave from southeast asia) who has been badmouthing the Glorious Corps to various corporates; why he should do this I don't know, but the reports have flooded in (2 of them, B6).  Anyone seriously smacked a driver in their time?
Doubless D PR Army are more than happy with this

Go to yahoo images:  type in Iraq or Basra and watch the photos of named soldiers scroll on and on.

Next simply click on to find a home address in a Garrison town.  If one of these poor individuals has the misfortune to become a casualty, guess where the gutter press are going to be looking for their tearful mum story?

Published 10 days ago, this Audit Commission report contains some useful potted case histories in the world of system abuse:

ICT and Fraud Abuse 2004

ICT security is only as effective as the staff within the organisation and failure to
communicate to users their responsibilities has led to:

● a significant increase in inappropriate use of the internet and email (despite around threequarters of respondents scoring the accessing of the web and email as medium to low risks);
● virus infections continuing to represent a major risk; and
● ICT fraud still being committed across all organisations.

Organisations still appear to be complacent about the risks of newer technologies:

● twothirds regard wireless technology as being a medium to low risk; and
● threequarters regard PDAs as only medium to low risk
ATM scam slides

Also posted in Finance forum, but most of you will never go there as you have saved so much whilst away on tour, that you just want to spend, spend, spend

This ATM scam originates in Latin America, however the attached brieifng slides are being recirculated by UK and US Law enforcment:download and cligk open or save..
Hostage survival / management video

Olaf Wiig interview: managing a hostage crisis 1 hr 40 mins

If you are involved in providing:

-Foreign travel security advice
-Theoretical conduct after capture training and

You may find some useful material in this 1 hr 40 min video. sadly I am not net-savvy enough to know how to save it to the hard drive.
subbsonic said:
ATM scam slides

Also posted in Finance forum, but most of you will never go there as you have saved so much whilst away on tour, that you just want to spend, spend, spend

This ATM scam originates in Latin America, however the attached brieifng slides are being recirculated by UK and US Law enforcment:download and cligk open or save..
the version i've seen of this had "Barclays" logo superimposed over the 2001 date stamp, to make it seem modern and UK-based. the footage was actually taken in the Royal Bank of Trinidad and Tobago. old method, still very interesting though.
Sub, I think you'll find that their main weapon is the stupidity/greed of the person receiving the email :!:
Well it is their templates for a complete training package.
This one is especially for you anonymous lurkers

Poor IT security blamed for Societe Generale fraud

Peter Sayer
February 20, 2008 (IDG News Service) Inadequate IT security allowed a trader at Paris-based bank Société Générale to make a series of unauthorized transactions that ultimately cost the bank $7.2 billion, an internal investigation has found.
To prevent a recurrence, the bank should immediately introduce stronger security systems, including biometric authentication of trading personnel, a special committee has recommended in its preliminary report to the bank's board of directors on Wednesday.
Between Jan. 18 and 20, Société Générale discovered that trader Jerome Kerviel had established trading "positions" -- bets that the price of securities and warrants would move in a particular direction -- worth more than the bank itself. He bet wrongly, and unwinding those positions over the following three days cost the bank billions as it sold the stocks into a falling market.
As an arbitrage trader, Kerviel should have been making transactions in pairs, buying and selling similar assets to exploit the minute and fleeting differences in prices that exist in markets. Arbitrage trading is considered less glamorous than the one-way bets he secretly made from time to time by faking one half of a pair of transactions.
Kerviel had previously worked in the bank's IT department and had in-depth knowledge of its systems and procedures.
Staffers mostly followed those procedures, the investigating committee found, but the procedures were not in themselves sufficient to identify the fraud before Jan. 18 -- partly because of the effort Kerviel made to avoid detection and partly because staff did not systematically conduct in-depth investigations when warnings flags were raised.
The bank's general inspection department highlighted Kerviel's use of fake e-mail messages to justify missing trades and the borrowing of colleagues' log-in credentials to conduct trades in their names.
Investigators identified at least seven occasions on which Kerviel faked messages between April 2007 and Jan. 18, four of them referencing trades that never existed. The deception was eventually uncovered when they could find no trace of Kerviel receiving the purported messages in Société Générale's e-mail archival system, Zantaz.

Between July 2006 and September 2007, internal control systems raised 24 alerts when the value of Kerviel's trades exceeded authorized limits, the general inspection department reported .

At the time, the bank's risk-monitoring unit put the anomalies down to recurrent problems with the way the trading software recorded operations and asked Kerviel's superiors to make sure he didn't exceed limits again.
The special committee made a number of recommendations, including the use of stronger, biometric authentication systems to prevent traders from accessing one another's accounts and improved alert procedures so warnings reach the appropriate managers. In addition, it suggested the tightening of trading controls, which do not cover canceled or modified transactions -- two of the tricks Kerviel allegedly used to conceal his bets.
Auditors are still looking for suspect trades to make sure all have been uncovered, and investigators have yet to review Kerviel's use of an instant messaging service for evidence of his activities, the special committee said.
It will present a final report to shareholders at their annual general meeting on May 27.
They haven't gone away you know?

Russia's German spy to face trial
Fri, 11 Apr 2008 20:15:12

A German national is to go on trial over charges of espionage for allegedly selling technological secrets to Russian intelligence agents.

Werner Franz G., 44, is suspected of repeatedly having contact with a Russian intelligence agent between May 2004 and December 2006, federal prosecutors in Karlsruhe said in a statement on Friday.

He has admitted to meeting Russian intelligence agents and selling documents describing highly sophisticated technology which has mainly civilian, but also military uses, the statement added.

He said he had met the agents in Germany or in nearby places abroad, arranging the meetings through anonymous emails.

The accused, living in Bavaria state, faces trial in Munich, according to the statement from Germany's justice capital.

Anyone seen Gladys this week?
Um, I've been busy. Yes, busy. Just off to Moscow, you know how it is.

Actually, that's the unvarnished - I'm in Moscow Wed-Fri having a seance with a gang of retired hoods.
Interested to see who has been signing off the orderly officer's Weekly Checks in Guatemala
subbsonic said:
Interested to see who has been signing off the orderly officer's Weekly Checks in Guatemala
Jesus! I thought we had problems! I hope thier Govt don't have laptops with TS on them. I might take a holiday to Guat and ride the trains.

Any spanish speakers want to come along?

Similar threads

Latest Threads