[ukigumo]

Well, at least this one was technically challenging. My favourite bank robbery happened in London a couple of years ago and it used social engineering 3G modems and KVMs. More info here:http://arstechnica.com/tech-policy/2014/04/bank-robbers-use-...

Now, I feel a discussion like this one would be the perfect place for me to introduce myself and... try to sell my services but I think I'm too late to the party so I'll keep it short.

Banks are the archetype of the company that suffers through technology. They make huge investments in IT year on year, but often they end up buying overly complex solutions from 1MM consultancy companies that never get fully implemented and, worse, cause high levels of frustration that then backfire onto projects that could actually make a difference.

With every department (or vertical or region) running their own IT, many of the core functions being outsourced offshore, and innovation (ie: BYOD, Shadow IT) being ignored, some pretty serious gaps are opened in the way security is handled despite best intentions, processes or even regulatory compliance we end up with local desktop machines having direct and unrestricted access to sensitive systems _and_ the internet.

Of course, all this is very nice but at the end of the day if someone can just walk in to your office to "fix your computer" and no one bothers to check their credentials... there's only so much one can do for you.