[HN Gopher] Wirecard hired actors to fool auditors ___________________________________________________________________ Wirecard hired actors to fool auditors Author : ramboldio Score : 122 points Date : 2020-08-20 12:44 UTC (10 hours ago) (HTM) web link (www.manager-magazin.de) (TXT) w3m dump (www.manager-magazin.de) | pvitz wrote: | It's behind a paywall, but according to a summary [0], Marsalek | or someone from Wirecard built fake physical branches of banks on | the Philippines. The auditors of EY were invited to come to these | branches to talk to actors who convinced them that the 1.9 | billion EUR of Wirecard exist on their bank accounts. | | It reminds me somehow of the movie "The Sting"... | | [0] | https://www.focus.de/finanzen/boerse/wirtschaftsticker/schau... | jacquesm wrote: | Here's my little Wirecard story: Back in the day when | Camarades.com/ww.com was doing well we were through an | intermediary approached by a German investor, one Paul Bauer- | Schlichtegroll (I'll never forget that name), an - at that moment | - successful German businessman, who was importing Vans sports | shoes into Europe. | | He became a 5% investor in our company through an entity called | Max Madhouse GMBH with an option to buy a much larger share. The | day after the deal was signed he turned around and tried to screw | us - the founders - out of our own company through a minority | shareholder lawsuit. | | Eventually we got rid of him, but this cost us a lot of time, | money and momentum. Two years later Bauer was one of the founding | members of what eventually became Wirecard. | | So I've always seen Wirecard as a bunch of crooks. | | At the same time I have some sympathy for the BaFin people, there | are way too few of them and the opposition was very well versed | in showing one face whilst actually being something completely | different, the length to which these characters would go to show | a good face was beyond anything that I would have normally | imagined. I'm still a touch paranoid because of it, and I'm sure | the same goes for the rest of the former Camarades.com/ww.com | team. | | I don't know what happened to him, he seems to have disappeared | as well, but I do know that anything that he's ever touched was | rotten at some level. | spiritplumber wrote: | In your culture, at which point is it permitted (legally or | not) to take someone like that out back and punch them a few | times? | | I only had to deal with one situation like this in my life, and | the person responsible is now no longer welcome in my county, | so we sorted it out. | jacquesm wrote: | I still dream about it. And it's 20 years ago. That guy and | his buddies caused us so much misery it isn't funny. | | Another Bauer story; prior to the investment: he had fear of | flying, and was an asshole to the people that he perceived as | lower on the social ladder than himself. So when he was nasty | to the stewardess on a very small airplane (10 seater, twin | prop) flying from Los Angeles to San Luis Obispo and the | pilots caught on to his fear they got their revenge on him by | doing all kinds of borderline legal aerobatics with the | plane. | | Bauer and I were the only passengers, I had a great time but | made sure to sit where it was safe. He was as white as a | sheet when we landed, and made a great point of being polite | to the stewardess on the way back. | | One asshole deflated, props to those pilots (pun intended) | for standing up for their colleague. | serf wrote: | >One asshole deflated, props to those pilots (pun intended) | for standing up for their colleague. | | so, someone was socially rude, so some pilots decided to | risk the lives of everybody on board to teach a lesson. | | Aerobatics , even if 'borderline-legal', are still more | stressful on the plane and components. | | Stress still causes early failure, even if the stress was | produced with legal maneuvers. | | Hopping curbs in a passenger car is not usually illegal, | it'll just destroy the car prematurely. | | Spontaneous aerobatics still risk injury from gravity-flung | objects in the cabin. | | So, i'm glad the person you dislike had a lesson taught. | I'm less glad that the crew acted unprofessionally. | | I'm _very_ glad that no incidents occurred as a result. The | sky isn 't the place for revenge and vengeance, especially | on _passenger flights_. | | I really hope that the crew has matured since then. There | are plenty of ways companies and professionals can refuse | service without risking collateral damage like that. | somehnguy wrote: | You're assuming that trained pilots somehow had no idea | what they could safely do in their aircraft. Why? | Angeo34 wrote: | The problem is that they put everyone lives at risk. It | doesn't matter how convinced you are of your abilities if | your life and the life of others is at immediate risk | (like in a plane or on a bus) | jacquesm wrote: | Noone's life was at risk. It was just mildly more | exciting than a normal flight and _well_ within the range | of permitted stresses on that particular plane. | | GGP made an assumption and then reacted to that | assumption as though it was a fact. We weren't doing | loopings or Immelmans, just a couple of nice steep banks | and a pretty steep ascent/descent. If the plane would | have not been able to handle that it shouldn't have been | flying in the first place. I've been through _lots_ worse | in single engine GA planes in rural Canada. | mschuster91 wrote: | In Germany, even the slightest acceptance of violence usage | against capitalists and Nazis is going to get you a shitstorm | from the far right to the center/left left. | | The result? Just look at how effective militant French | protests have been in keeping neoliberal attacks on worker | rights at bay, and how unsuccessful German protests have | been. | wildmanx wrote: | Violence is unacceptable. Period. | | It is sad that there are cultures where that's different. | mschuster91 wrote: | So is the violence of the police and of other government | agencies (think sheriffs enforcing eviction orders) | acceptable? When is legitimate use of force crossing the | line to abuse? When are people allowed to defend | themselves? | | It's funny to see how in many Western governments the | (legitimate!) protest of the people in Hongkong is | cheered upon, but BLM, Yellow Vests other domestic | protests are discarded... | | Saying "violence is unacceptable" is something one can | _only_ say as a member of the privileged majority. For | minorities, for marginalized people, for poor people | though... the lines are way more blurry than blanket | black-and-white statements. | | And for the record: I'm not a friend of pointless | militant acts but I will not dare to judge over anyone | not as privileged as I am to come to a different opinion. | learnstats2 wrote: | Violence is regulated (in essentially all of the world) - | that's very different from unacceptable. | | The state, perhaps through the police or military, can | exercise violence often without consequence. You can | legally be violent in self-defence, to varying extents. | contingencies wrote: | The state defined by its monopoly on violence. Period. | ashtonkem wrote: | No, the state has a monopoly on _initiating_ violence. | All citizens have the right to violence if it's in self | defense. | | Some states will even let you carry firearms around in | case you need to apply violence in self defense. | contingencies wrote: | That's nitpicking. It is clear that failed states are | those with nontrivial scale violence perpetually | initiated by non-state actors. The strength of the state | equates to its capacity to limit the scale of others' | violence. US gun laws, globally speaking, are a | statistical anomaly, and if you started using guns | against others with any scale or frequency the government | would surely intervene. | | _None are more hopelessly enslaved than those who | falsely believe they are free._ - Goethe | ashtonkem wrote: | It's not nitpicking. Almost all states recognize the | legitimate use of violence for self defense, even if the | specific methods permitted vary on a state by state | basis. Thus if your definition of a failed state is one | in which the government doesn't have sole right to | violence, then you end up with the rather absurd position | that all states are failed. | autisticcurio wrote: | Violence is efficient though, otherwise why was Saddam | Hussein deposed? If Country's cant settle their | differences with politics, what else do you have left? At | least our leaders show us what is acceptable behaviours | in their books but it also demonstrates their hypocrisy | when ordinary members of the public meter out their own | violence, although I do acknowledge some violence is just | plain mindless eg drug and alcohol fuelled. | ulucs wrote: | Looking at Iraq now, does anyone think that was the right | choice? | smcl wrote: | On some level I agree ... but I can't in all honesty get | behind this statement 100%. For example I enjoyed seeing | the videos of Richard Spencer (the "dapper" white | nationalist) and Billy Steele (guy shouting on the tube | about how black people are "less than him") getting | punched in the face. | | Don't know if this makes me an asshole or a human. | narag wrote: | _On some level I agree ... but I can 't in all honesty | get behind this statement 100%._ | | I assume the GP was just abbreviating a more complex | phrase that it's easy to guess, isn't it? | StreamBright wrote: | I can also add some here. We worked for WD for a while. There | was this weird thing going on. We requested MacBooks because we | were working on Linux and cloud but the management had a policy | that managers were entitled to have MacBooks while by default | engineers had to use Windows laptops. As externals we were | denied MacBooks. | | So managers were running Powerpoints on Apple while engineers | were running Python, aws-cli on Windows. Perfectly reasonable | according to them. I could only estimate the amount of | productivity lost on this. Of course WSL was not allowed | because corporate security classified it insecure. | xondono wrote: | Try running Solidworks on a 300EUR laptop. | | Switching everyone to laptops is the biggest productivity | loss in engineering departments. | ChuckNorris89 wrote: | Management getting swaggy laptops and engineers having to | work on the cheapest and shittiest windows laptops is a thing | in every German company where the software isn't the core | product(embedded, IoT, hardware, automotive, mechanical, | chemical, finance etc.) because Macs are expensive and since | beancounters are valued more than SW engineers they can make | themselves look like heroes in front of management by showing | them how much money they saved the company by leasing a fleet | of cheap machines for everyone, regardless of their job, from | the local HP/Dell/Lenovo dealer vs the productivity loss of | their developers that they won't bother considering. | | I only saw good machines in companies where only software was | their business(mostly web shops) so management there knew the | value of providing good laptops and monitors. | _trampeltier wrote: | I work in a worlwide (german) industry / automotive | company. The group leader can decide what Notebook, PC or | Workstation his team gets. We can choose between a normal | office HP Notebook/PC or a pretty good version of a HP | Z-Book or a fast Workstation. Also I think most external | tech guys who came to our company, they usually have real | good hardware. At least in my company now, the managment | has just normal office notebooks or convertibles. | jacquesm wrote: | Not strictly true, but overall I'd say it is accurate. | There are more and more companies in Germany that are | becoming tech aware even though the tech is secondary and | they realize there are productivity gains to be had from | giving their tech employees proper tools. | | Still, that's yet another version of the beancounters | perspective. | ashtonkem wrote: | The irony is that as I move into management, I less and | less see the value of me personally having a powerful | laptop. My job is Jira, Github, and Zoom; why should I | carry around a 16" MBP for all the power I don't need? | Nextgrid wrote: | Wait until you need to run Microsoft Teams. You'll need | to carry an entire supercomputer to run that pile of shit | and even then it won't be smooth. | | Even Jira is not too far off these days unfortunately | despite being a relatively simple tool (but they needed | to justify hiring tons of JavaScript developers). | alexandrerond wrote: | Well, to run Slack... | spiritplumber wrote: | How did you guys solve it? | julienfr112 wrote: | double boot and windows looking customized desktop ? | KingOfCoders wrote: | As the person responsible for IT I was audited in several | companies by several of the large auditing firms. The people | auditing IT had no clue what they were doing, no clue about IT | and were just running a checklist. I could have told them | whatever I liked. | rootsudo wrote: | Very much true. I've had the pleasure of doing this stuff on | both sides. | jacquesm wrote: | Yes, we hear this all the time. It's just kids with checklists | who have absolutely no idea about the nature of the questions | they are asking, why they are asking them and have absolutely | no plan for off-script follow up questions based on the answers | given. | | A lot of these auditors come from a financial background and | they treat IT in much the same way, as if there is some kind of | checksum they can calculate which will tell them if the company | is healthy from an IT perspective or not. | | Companies that are certified tend to be very good at process | but are sometimes surprisingly bad at the actual IT. But it's | all documented perfectly. | jacobr1 wrote: | On the other hand, one of the benefits of all that | documentation and policy is that blame can be assigned when | the inevitable problems arise | jacquesm wrote: | The CYA component is definitely present. | shaqham wrote: | As a former IT auditor I can only confirm your statement. After | I did my master in business administration with a touch of CS | (it was called Master of Information, Media and Technology | Management - and I really just learned basic Java, SAP, and one | course about IT architecture) I got a job at a big four | auditing company as an IT auditor. I was literally just going | through some checklists and at that time I had no idea about | the systems or technology I was auditing. After two years I got | so frustrated with my job I decided to get a second degree in | CS. The more I studied, the more obvious it became to me that | someone with a CS degree never would do such boring work if | there are other job opportunities in IT. | jacquesm wrote: | So, as someone who spent a lifetime in IT, I actually enjoy | the work. It gives me a way to give other companies, many | more than I could normally work for, a way to benefit from | that experience. Our little crew is composed of veteran IT | people, all with lots of real world experience, we get the | privilege of looking at lots of different companies, both the | good and the bad. Which in turn gives us more knowledge. | | It is anything but boring to me. | shaqham wrote: | Glad to hear you enjoy your work. For me, it was just going | through some checklists under enormous time pressure at | large financial institutions and mostly alone, without any | of my team members on site. If I were to do the job today, | I might be able to look more into the details of the | systems/applications I am auditing, immerse myself in them | and have some meaningful conversations with the people I am | auditing. Thank you for your perspective | exhilaration wrote: | Similarly, I remember at my last job management would start | talking about the "ISO corner" each year, where all the forms | that we never, ever touched sat. This of course coincided with | our ISO 9001 recertification. A few developers would be coached | on what to say to the certifier, he'd be there for 2 days, and | then we'd go back to business as usual. | juskrey wrote: | By the way, ISO organization does not endorse, check or | enforce compliance of any of the certification providers, and | can't basically do anything against someone who just sells | ISO certificates in shiny bevel, even if they wanted. | | That said, all the ISO standards are corporate moonspeak and | bullshit themselves and do not bear any practical sense. (All | that, for example, looong document on infosec ISO 27001 says | is "try to be secure, my friend") | jacquesm wrote: | Mixed bag. ISO27001 when taken seriously and implemented | throughout a company that means well and has the resources | to do so will at least guarantee some level of process to | be present. This then needs to be backed up with actual IT | and security knowledge to be effective, and that is more | often than not where the problems are. | | So as a rule we treat an ISO 27001 certificate not so much | as a checkbox item meaning we can skip certain parts of our | audit, but as a nice-to-have which may help speed up the | interview process because we at least know what terminology | to use. | | In practice there is too little difference between | companies with or without such certification to see it as | anything other than a marketing tool. | ajb wrote: | "all the ISO standards are corporate moonspeak" Bit of a | generalisation there. ISO/IEC 13818-3 was quite useful, for | example. | juskrey wrote: | Okok, I mean all that corporate/org standards. | arethuza wrote: | My wife started her career as an internal auditor at a UK | financial company - she was apparently repeatedly told to _stop | finding problems_ , her manager acknowledged that the things | she was finding were real problems but nobody wanted to have | formal reports describing them. | | She left after a colleague who apparently spent most of his | time asleep in a cupboard got promoted over her.... | watertom wrote: | I hope she wasn't surprised. People who listen to their | managers get promoted. | arethuza wrote: | I think being told not to find so many problems she could | perhaps have coped with - having someone who was apparently | unconscious most of the time promoted ahead of her was what | really did it. | | NB It was financial auditing not IT. | jacquesm wrote: | Well, it is clear that he was promoted _because_ he wasn | 't interested. It allowed the rest of the people there to | get away with stuff that they shouldn't have been doing. | | Leaving was the best option that your wife had, in such a | case you really don't want to stick around until the | house burns down. | znpy wrote: | what's the legal liability in omitting a problem you've | found during an audit? not for the auditing company, for | the auditor. | arethuza wrote: | It was an internal audit role and she wasn't a | professionally qualified accountant. | Jtsummers wrote: | So no legal risk, but there is still professional risk. | When external auditors come in or an issue is found that | impacts customers, they could scapegoat their internal | (deliberately made useless) team, fire them, and have a | go at using that as part of their defense/response. The | higher-ups would be ok if they can pull it off, but your | wife would've been out a job and with an inability to get | a reference from them (beyond the basic: She was employed | here from X-Y). | | Best plan for everyone is to get out of shady companies | like that ASAP. | jacquesm wrote: | https://en.wikipedia.org/wiki/Arthur_Andersen | | For the individual auditor: if you're a | chartered/certified accountant you can get into a lot of | hot water, including possible jail time. | bardworx wrote: | Thankfully there are very strong incentives for audit | companies not to f-up. They themselves are not audited | and are not public. Their reputation means a lot to them. | | With this situation, there is a reasonable expectation | for EY to lose clients. Partners will also face some | consequence. Most likely they will be let go and removed | from accreditation by CPA (in the US). There are several | high profile cases where partners get sacked[0]. | | [0]: https://www.ft.com/content/5179fb94-fd6c-11e8-ac00-5 | 7a2a8264... | purple-again wrote: | Partly false. We were audited every year by one of our | competitors. There is a strong likely hood that the | reason she was told to stop finding problems is because | the de minimus limit (the dollar figure at which we don't | care) is truly, and I mean TRULY massive for the kind of | companies that are audited by EY, PWC, KPMG, and | Deloitte. I refuse to believe for one second that a | serious issue was swept under the rug by a senior or | manager. | | As for the guy sleeping in cupboards...the staff at those | firms reguarly work 80 hour weeks (not the "I work 80 | hour weeks counting all kinds of stupid things" but the | "I was at the client site or in the home office for 80 | hours this week". It was a very common occurence for hard | working staff members to take naps at the client (most | likely because last night was a 2am night). Promotions at | these firms are often very competitive as the | organization is an "Up or out" organization designed to | chew up fresh college grads. | | The peer review is conducted by an independent evaluator, | known as a peer reviewer. The AICPA oversees the program, | and the review is administered by an entity approved by | the AICPA to perform that role. 2. The peer review helps | to monitor a CPA firm's accounting and auditing practice | (practice monitoring). | whatshisface wrote: | > _There is a strong likely hood that the reason she was | told to stop finding problems is because the de minimus | limit (the dollar figure at which we don 't care) is | truly, and I mean TRULY massive for the kind of companies | that are audited by EY, PWC, KPMG, and Deloitte. I refuse | to believe for one second that a serious issue was swept | under the rug by a senior or manager._ | | That's a big claim for you to make given that you don't | know the company, the size of their clients, or even | whether or not anyone went to jail over the proceeding | decades. | throwaway2245 wrote: | It is not always a manager's motivation to get you | promoted. Sometimes their motivation is to keep you where | you are. | ben_w wrote: | Perhaps this is naivete on my part, but I imagine that if I | worked for an organisation whose explicit purpose is to | look for things which need fixing or certify that no known | issues are present, I would be surprised if "shoot the | messenger" was -- even metaphorically -- a real policy. | | I would also ask myself how far the rot went, because if | (for example) this organisation was also supposed to audit | the government and yet promoted those who "slept in a | cupboard" over those who worked diligently, then I would | expect the country to suffer a very large and very | surprising economic disaster. | curiousllama wrote: | Hi, yes, this is largely how audit firms work. If they | find a problem, they will not be hired next year. | | That said - don't despair! The purpose is NOT to catch | purposefully-fraudulent CFOs. That's the SEC's job. It's | much more of a forcing mechanism for otherwise-honest | CFOs: they know they have to justify what they're doing | somehow, and the auditor knows that if something will | inevitably blow up anyway, they can't sign off. So it | just arrests the slippery slope when honest mistakes are | made. | arethuza wrote: | Note it was an _internal_ audit role - not acting as an | external auditor working for an accounting company. | ben_w wrote: | While that is worth pointing out, I would still be | concerned in such circumstances. As I say, perhaps | naively so -- I have no familiarity with the norms of | that industry. | olivermarks wrote: | The problem is when internal auditors highlight major | issues it is the internal auditor who is disgraced and | fired | macintux wrote: | Whistleblowers are very rarely welcomed in any business | or government context, which is most unfortunate. | arethuza wrote: | Well, she did leave accounting completely and did | something else entirely - so I think it is fair to say | that she was concerned! | dylan604 wrote: | The other person was probably told to stop finding problems | as well, and he was complying. I once told a manager the | only way to not do what I was doing would be for me to be | asleep. Hell, maybe it was so easy he could do it in his | sleep? | nomel wrote: | I tried this once and it resulted in my lowest performance | review on record. So, it depends on the manager. | xondono wrote: | I once had a technical discussion with my manager, he | wanted me to use a technical solution that did not work, | while making me fully responsible for the result. | | In the end I implemented both my solution and his. Mine | worked like a charm, his literally caught on fire (it was | power electronics development). Got fired anyway... | Chris2048 wrote: | > he wanted me to use a technical solution that did not | work, while making me fully responsible for the result | | Just say "yes", and work on your job-hunting instead. | julienfr112 wrote: | If the guy was auditing Enron or Madoff, that explains a lot | .... | curiousllama wrote: | As a former IT auditor, this checks out. Depending on the | company, they may have just grabbed whoever was available. | bardworx wrote: | I believe I can provide some color as my wife is an auditor and | I work in IT. We've had this discussion before. | | Audit is really freaking expensive; Domain experts too. While | there is a checklist that given to the auditor, the person | asking those questions are usually senior or early manager | level. The person has little experience in IT but usually has a | small BS detector because of previous audits. That checklist is | then sent to an internal domain expert to verify. Follow up | questions may occur. | | Having said that, this is strictly for compliance and "covering | your own butt". This past year a firm was found negligent | because they didn't catch fraud because they simply "checked | the box". Since then, most firms have introduced rudimentary IT | training for auditors responsible for said checklist. (All | staff have to take the classes, when at level). | | TL;DR an auditor cannot have same knowledge as IT person and | audit time is expensive. They're trained to earmark fraud and | to verify, to the best of their abilities, they are not signing | off on a lie. Shit is hard and no system is perfect. | jacquesm wrote: | This is spot on and one of the reasons why those reports are | worth absolutely nothing other than that they might help | close some deals. | bardworx wrote: | This isn't for "closing a deal" but because the audit co is | signing off on financials. This is why in a companies | public reporting, they have a section about possible damage | from losing customer info. That's legalize for: | | 1. The Public Company being audited isn't going to spend | money on a real technical audit and may in the future lose | customer info, etc. | | 2. The financial auditing company doesn't have enough | experience to properly asses the situation. They did the | best they could but they're no experts. | jacquesm wrote: | Ah, yes, I still had ISO27001 in mind. | the8472 wrote: | > TL;DR an auditor cannot have same knowledge as IT person | and audit time is expensive. | | Code audits and pentesting are a thing you can buy. But yes, | they're even more expensive. Turns out security isn't | considered valuable enough for most. | bardworx wrote: | Right, that's exactly why the audit company isn't signing | off on code audit or pen testing. They can only sign off on | a simple checklist, if a caveat is listed in the financial | reporting. | | They have no proficiency or enough people who know what | they're doing. The approach is to meet the lowest common | denominator set by the SEC or is expected from investors. | vsareto wrote: | Pay boat loads for auditors vs. paying pittances for | getting pwned a few times. It's no wonder, really. | jacquesm wrote: | That's exactly it. They're seen as an unneccesary cost | because there are no real penalties for being compromised. | Though this is fortunately changing, which has caused | companies to begin to take this stuff more serious than in | the past. | grenoire wrote: | Can we get an English report, preferably not paywalled? From what | I can read in the first few paragraphs, the title seems | sensationalised. | ludamad wrote: | To me it was implied someone hadn't written one yet, and | hitting translate got me half the article. Admittedly, this | leaves me half-informed | mv4 wrote: | just like the auditors! | jacquesm wrote: | Substantially less than half in that case. | gravitas wrote: | The website is user-hostile; if you accept the Advertisements | it attempts to set a cookie which the Firefox tracking | protection layer won't allow to happen, resulting in an error | and no article access. | bzb4 wrote: | Of course, if your browser is not standards compliant (no | cookies) then you have to expect websites not to work. | gravitas wrote: | This was never stated (no cookies), the tracking protection | layer blocks cross-site and social media cookies amongst | other bad ideas. This browser has hundreds of active, | working, viable cookies in play (to include HackerNews | login) -- it is _this_ specific website which is incorrect | for trying to use a known-malicious cookie setting | technique in 2020 and violate my rights to privacy. | floatingatoll wrote: | Please open a Webcompat issue; if it's breaking in | Firefox, it may be breaking in development versions of | other browsers as well. | | https://webcompat.com/issues/new | alpaca128 wrote: | If a simple news article cannot be displayed without | cookies, scripts or CSS the failure is not on the client | side. | | Something went seriously wrong if a beginner with 15 | minutes of HTML experience can create a better performing, | more usable site imho. | bzb4 wrote: | Journalists have bills to pay. | natch wrote: | Is having bills to pay a valid excuse for any and all bad | behavior? | liability wrote: | In the movie _Thank You For Smoking_ a tobacco industry | spokesman calls it the _' Yuppie Nuremberg Defense.'_ | Instead of _" I had orders"_ it's _" I had a mortgage."_ | alpaca128 wrote: | Both paywalls and ads are possible without any cookies, | scripts or tracking. | jacquesm wrote: | That website wasn't made by journalists, but by their | bosses. If the news is going to be 'for pay' only then | effectively being informed equates to being wealthy and | the not so wealthy will be preyed on by the 'fake news' | department, because to them spreading the news _is_ the | business. | | So there is a very strong case to be made for keeping | news free for the masses, even when they run adblockers. | bzb4 wrote: | Okay, who's going to pay for that? | MaxBarraclough wrote: | Fire up a Private Browsing session and let it install | whatever cookies it likes. | | Not that this option makes it any less user-hostile. | MichaelApproved wrote: | Is that FF tracking protection turned on by default? | marcosdumay wrote: | Yes, it's on by default. | | There is a site-wide off switch if you know where to look, | but I doubt most people would find it. | ludamad wrote: | Auditing - be it corporate accounting or election results - | breeds false security the moment it doesn't work. I think | transparency into critical vetting will be a big societal | improvement. | jacquesm wrote: | I do this for a living and if there is one thing that I have | found it is that due to COVID-19 on-site visits are no longer | an option (especially not internationally) and this has caused | us to be blind to certain classes of problems. It is a lot of | work to get around that remotely and to not have a drop in | quality because of that. We are at least aware of the problem | but even then this is a tricky thing to solve. When looking | through a keyhole you can get a completely different view of a | company than the one you get when you spend a day on their | premises. | fedreserved wrote: | On other forums people are taking advantage of the situation | to refinance their homes where they don't want a privacy | inspection (medical marijuana grows which are legal, but | under certain circumstances banks may ask questions) | Tepix wrote: | What's the headhunter bounty for former Wirecard COO Jan | Marsalek? He's still at large: | https://www.finextra.com/newsarticle/36396/marsalek-joins-in... | jacquesm wrote: | https://www.bellingcat.com/news/uk-and-europe/2020/07/18/wor... | | Not sure how reliable that is but it would make some sense, | close by and hard to impossible to be extradited from there. | x86_64Ubuntu wrote: | That's one hell of a read... | MiroF wrote: | It's ridiculous how any rich person accused of fraud in the | West can take asylum in Russia/China and vice versa. | pkaye wrote: | Also there are rich people in poor countries that embezzle | money and then move to a western country. They are able to | use the laws and protections of that western country to | block any extradition. | mschuster91 wrote: | Because it is more than likely that Wirecard was not just | running a front for illegal gambling and questionably legal | (in terms of youth protection compliance) porn sites, but | also a front for Russian GRU/FSB to distribute cash to | agents and sources. | | There is no other reasonable explanation as for why he is | under the care of GRU. | jacquesm wrote: | Pecunia non olet is now about 2000 years old, not much has | changed in that time. | LargoLasskhyfv wrote: | That may be true when it comes fresh from the ATM, but | otherwise is mostly false. People physically handling | money would tell you that it indeed STINKS! | microtherion wrote: | Don't forget that the phrase was coined by an emperor who | started charging for access to public latrines... | jacquesm wrote: | That's incorrect. Access to the latrines was free, the | money was in order to be allowed to _empty_ the latrines, | with urine having fairly high concentrations of certain | minerals and lots of applications (for instance: curing | leather). | pavlov wrote: | The Society for Worldwide Interbank Financial | Telecommunication (SWIFT) is proud of their wire transfer | network being 99.9999% odorless. | erdos4d wrote: | I'm currently living in Ecuador and skipping out of the | country with millions and heading to Europe is the | preferred route for many politicians here. They get safe | haven there with their families and are not extradited, | even when the government tries to get them back for trial. | So, this is actually perfectly cool with the EU coming from | another western country, not just Russia/China. Money seems | to make those EU principles of the rule of law very | negotiable. Guess they have the inverse problem as well | when someone runs off with their money. | elliekelly wrote: | So, assuming what's reported in that article is true, is | Russia a black hat finance bug bounty hunter of sorts? They | identify ongoing high-profile fraud in Western countries and | use that leverage to turn the executive into intelligence | assets? Or is it the other way around? He was already working | with Russia and then just happened to commit massive fraud at | the same time? | | I guess I'm just having a hard time understanding how a | person can get themselves into such a situation. I can't | believe it's just greed that allows it to happen but perhaps | that's naive of me. | jacquesm wrote: | You can bet your bottom dollar that Russia and Russia | backed entities (as well as Chinese) are spending a lot of | money to try to gain footholds in Western Europe and | America through all kinds of schemes. Whether this was one | of those is up for grabs, it could easily be. But it is a | fact that these things are happening. | | How they might get themselves into such a situation? | | Just one sample: The company might have been in financial | trouble, not able to fulfill its obligations in the short | term, and so a decision was made to pull in some Russian | 'cheap' capital for a short term loan. | | There is a very large amount of illicit Russian money | flowing around and it pops up in the most respectable | places. | | So it isn't necessarily just greed, it could be that the | investor that you are taking on board in turn is a front | for that sort of capital ( _always_ ask for the source of | the capital from your investors, if they are coy about it | then better go somewhere else), or that the founders are | too naive to realize that they are making deals with people | they should stay away from (see comment above for my own | personal story). | mschuster91 wrote: | > or that the founders are too naive to realize that they | are making deals with people they should stay away from | | Given that there are reports that Marsalek tried to put | up 15.000 mercenaries to take over Libyan border controls | (possibly with a relation to the politics of his homeland | Austria and it's anti immigration policy!), it may very | well also be that Marsalek _knew_ what he was getting | into and went all in out of a search for fame, a real | life Austrian 007. | harha wrote: | Well yes, but a bit more like the villain in a low-budget | Austrian 007 parody. | josefx wrote: | > Bellingcat, in collaboration with its investigative | partners Der Spiegel and the Insider, | | Ugh, one of the former top journalists of "Der Spiegel" has | shown they will happily publish anything that fits their | readers narrative. It wouldn't be surprising if half of the | facts they found were made up to make the story look more | epic than it is. | jacquesm wrote: | (1) I did add a disclaimer regarding the source | | (2) There are undoubtedly links between Marsalek and Russia | | (3) It is plausible (no extradition, reasonably close by so | family can still visit) | | (4) There is circumstantial evidence | | (5) Many places where he could go to would actually be far | more dangerous to him than Belarus | | So obviously, this is not hard proof but it is a lot better | than nothing at all, if you can dispute any of the bits | they list as facts rather than speculation (which they were | surprisingly candid about) then that would change matters. | | For now, it is the best that I could find, the list of | countries where he could go, live in relative luxury and | safety while on the lam for German justice isn't all that | long and Belarus features near the top of that list. | josefx wrote: | > if you can dispute any of the bits they list as facts | rather than speculation (which they were surprisingly | candid about) then that would change matters. | | A problem with that is that some of their facts are based | on "documents they reviewed". I do not have these | documents and I cannot find any alternative source for | the DA0000051 claim. All I have is past occasions of the | Spiegel making stories more exciting and interesting for | their readers by making up facts. | jacquesm wrote: | But that doesn't say anything about this particular | story, and Der Spiegel has come clean about those | instances which is the reason you can make that claim to | begin with. | | Nobody's perfect, but if I get to chose between Der | Spiegel and Fox News or Bild I know where I'd put my | money. | | And of course you don't have the documents, it is pretty | rare that a news article would be accompanied by all the | evidence the publisher has acquired, if only because that | could easily put their sources at risk. | josefx wrote: | > and Der Spiegel has come clean about those instances | which is the reason you can make that claim to begin | with. | | After ignoring complaints for years and threatening one | of their journalists for having the gall to question | their golden goose. They only came clean about because | there was no denying the evidence said journalist | gathered and if they let someone else publish it they | couldn't put their spin on it. Their world class fact | checking team at least turned out to be a group of | glorified spell checkers. | jacquesm wrote: | All of which has zero bearing on this particular article. | Really, questioning the source like this is just another | ad hominem. | josefx wrote: | Given that nobody else has seen those documents the | reverse is an appeal to authority and I find it relevant | that said authority has a history of embellish facts. | LargoLasskhyfv wrote: | The only remaining difference is presentation, not | content/information. Any money there is wasted, except | for (bad) entertainment purposes. | | (sorry, didn't really want to take this further OT, but | could not resist) | brian_herman__ wrote: | 50 million woolongs? | [deleted] | holidayacct wrote: | This happens all the time, I worked for a company that was | audited by a security firm. The security firm compromised every | part of the company by pretending to be employees, third party | vendors or competitors looking to hire away current employees. | Some of their existing employees gave away every single detail | you'd need to compromise the infrastructure during interviews. | | Fooling auditors isn't going to be all that difficult, most | auditors get confused if there is too much going on in the room . | I've literally seen a publicly traded company pass an audit just | by making the audit frustrating and then providing every perk you | can imagine outside of the audit room (including attractive | men/women). As you can imagine, they didn't do a very thorough | audit. | stephenr wrote: | I can't read German so I don't know the details the story is | detailing if any but isn't this just the ultimate example of | "fake it till you make it", combined with an Uber-esque disdain | for laws and regulations? | | Why are people always so surprised when "disruptive" | organisations actually end up doing a bunch of weird shit? | jacquesm wrote: | I don't think they ever planned to 'make it'. ___________________________________________________________________ (page generated 2020-08-20 23:01 UTC)