the National Australia Bank file: was the crash malicious?

By in banking, general, management, products, security, strategy on Wednesday, 1 December 2010

It doesn’t look like National Australia Bank’s woes are going away any time soon. Conflicting stories emerging from CEO Cameron Clyne’s office sure isn’t helping.
Time for NAB to get their story straight...
First reports suggested that an upgrade failure took down all the Bank’s systems. But as the dust settles, a rather different picture is emerging.

NAB’s prolonged outage initially attributed to a glitch may have been deliberate.
If its true, then NAB’s troubles are far from over. They may only be beginning…

Did NAB’s systems fall – or were they pushed?

The upgrade story seemed plausible at first. IT guys can be fired with no fall-out. But the bank failed to adequately explain why it took them so long to recover. After all, such events are normally carefully managed.

Also, the timing was wrong. Such upgrades are done during quiet periods when the systems are idle. Why mid-week at the busiest time of the year?

The bank’s reputation would have been destroyed by that degree of service loss. No, it was time for NAB to come clean – or at least a bit less dirty.

An act of sabotage?

A headline about a betrayal by trusted staff is the nightmare scenario for a bank. The resulting damage can resonate for years to come, even bring down the bank.
Remember Nick Leeson and Barings?

Such situations raise questions about staff loyalty, integrity and internal controls, the bedrock any bank is built on. And why would anyone want to crash NAB?

The IT empire strikes back

Like every bank in today’s climate, NAB was on a technology cost-cutting drive. The bank’s systems are being outsourced to IBM and staff aren’t happy about it.

Factor in NAB’s comments about overpaid internal IT staff, along with the Bank’s decade-long reputation for poor compliance management and a dangerous cocktail of disgruntled staff with ample opportunity emerges.

The domino effect

NAB’s system failure was catastrophic. But bank systems are distributed, so for such a wide-scale failure to happen, a concerted action must occur.

The fundamental steps a system takes to execute bank processes would require altering to cause the failure. I really can’t overestimate the significance of that.

This requires system knowledge at the highest level, along with access to match. Only a few could do that. In terms of damage, its classic Stuxnet.

Stuxnet?

Stuxnet is a recent and incredibly powerful computer virus, a worm that attacks system control systems. It can re-program core functions and can cloak itself.

Stuxnet is a rootkit – it can be customised to perform specific changes, rather than simply wreaking damage. What happened to NAB is similar.

I can’t pretend to know what happened to this bank and maybe we’ll never know. But one thing is clear. National Australia Bank is far from out of the woods yet.

And it will take more than SatNav for them to find a way home from this.

Comments are closed.