Saturday, March 19, 2016

Hazards of being in infosec...

Most of the time, infosec is a pretty safe job when it comes down to it.  You're risk profiles normally involve things like weight gain from too much desk time, carpal tunnel syndrome, and the possibility of back problems from sitting at a desk too long hunched over a keyboard.  The worst most of us have to worry about is a disgruntled sysadmin trying to run us down in the parking lot after we deliver a pentest report.

But things aren't so great in Bangladesh.  You may have read last week that while the government there lost $81 million in a cyber attack, they came really close to losing one billion dollars.  It was a simple typo that took the criminals down - they misspelled the word "foundation" and that seemed really odd to someone operating the SWIFT transfers.

While the attentive employee should be lauded, many infosec professionals have criticized the Bangladesh government.  In fact, the governor of the Bangladesh Central Bank resigned after the incident.  A few other high ranking government employees involved in the incident went with him.

Much of this is in response to lax security standards at the bank, which were called out by a number of different infosec professionals.  One of the most vocal local infosec professionals was Tanvir Hassan Zoha.  Unfortunately, he has gone missing after he was accosted from an auto rickshaw in Dhaka, Bangladesh.

Stories like this really make me appreciate my freedom and my safety.  When it comes right down to it, people may disagree with me.  They may say mean things on social media (and often do).  But nobody has ever planned to kidnap me (or worse) for any infosec related opinions I've communicated.  Of course I'm happy about that - that's the way things should be.

I'll hope and pray for Zoha's safe return.  In the meantime I'll count my blessings that while there may be haters in infosec, I generally don't risk any bodily harm for my opinions.

1 comment:

  1. Truly frightening, Jake. Sad that people helping with info security have to worry now about personal security in some places.


Note: Only a member of this blog may post a comment.