[HN Gopher] Wirecard hired actors to fool auditors
___________________________________________________________________
Wirecard hired actors to fool auditors
Author : ramboldio
Score : 122 points
Date : 2020-08-20 12:44 UTC (10 hours ago)
(HTM) web link (www.manager-magazin.de)
(TXT) w3m dump (www.manager-magazin.de)
| pvitz wrote:
| It's behind a paywall, but according to a summary [0], Marsalek
| or someone from Wirecard built fake physical branches of banks on
| the Philippines. The auditors of EY were invited to come to these
| branches to talk to actors who convinced them that the 1.9
| billion EUR of Wirecard exist on their bank accounts.
|
| It reminds me somehow of the movie "The Sting"...
|
| [0]
| https://www.focus.de/finanzen/boerse/wirtschaftsticker/schau...
| jacquesm wrote:
| Here's my little Wirecard story: Back in the day when
| Camarades.com/ww.com was doing well we were through an
| intermediary approached by a German investor, one Paul Bauer-
| Schlichtegroll (I'll never forget that name), an - at that moment
| - successful German businessman, who was importing Vans sports
| shoes into Europe.
|
| He became a 5% investor in our company through an entity called
| Max Madhouse GMBH with an option to buy a much larger share. The
| day after the deal was signed he turned around and tried to screw
| us - the founders - out of our own company through a minority
| shareholder lawsuit.
|
| Eventually we got rid of him, but this cost us a lot of time,
| money and momentum. Two years later Bauer was one of the founding
| members of what eventually became Wirecard.
|
| So I've always seen Wirecard as a bunch of crooks.
|
| At the same time I have some sympathy for the BaFin people, there
| are way too few of them and the opposition was very well versed
| in showing one face whilst actually being something completely
| different, the length to which these characters would go to show
| a good face was beyond anything that I would have normally
| imagined. I'm still a touch paranoid because of it, and I'm sure
| the same goes for the rest of the former Camarades.com/ww.com
| team.
|
| I don't know what happened to him, he seems to have disappeared
| as well, but I do know that anything that he's ever touched was
| rotten at some level.
| spiritplumber wrote:
| In your culture, at which point is it permitted (legally or
| not) to take someone like that out back and punch them a few
| times?
|
| I only had to deal with one situation like this in my life, and
| the person responsible is now no longer welcome in my county,
| so we sorted it out.
| jacquesm wrote:
| I still dream about it. And it's 20 years ago. That guy and
| his buddies caused us so much misery it isn't funny.
|
| Another Bauer story; prior to the investment: he had fear of
| flying, and was an asshole to the people that he perceived as
| lower on the social ladder than himself. So when he was nasty
| to the stewardess on a very small airplane (10 seater, twin
| prop) flying from Los Angeles to San Luis Obispo and the
| pilots caught on to his fear they got their revenge on him by
| doing all kinds of borderline legal aerobatics with the
| plane.
|
| Bauer and I were the only passengers, I had a great time but
| made sure to sit where it was safe. He was as white as a
| sheet when we landed, and made a great point of being polite
| to the stewardess on the way back.
|
| One asshole deflated, props to those pilots (pun intended)
| for standing up for their colleague.
| serf wrote:
| >One asshole deflated, props to those pilots (pun intended)
| for standing up for their colleague.
|
| so, someone was socially rude, so some pilots decided to
| risk the lives of everybody on board to teach a lesson.
|
| Aerobatics , even if 'borderline-legal', are still more
| stressful on the plane and components.
|
| Stress still causes early failure, even if the stress was
| produced with legal maneuvers.
|
| Hopping curbs in a passenger car is not usually illegal,
| it'll just destroy the car prematurely.
|
| Spontaneous aerobatics still risk injury from gravity-flung
| objects in the cabin.
|
| So, i'm glad the person you dislike had a lesson taught.
| I'm less glad that the crew acted unprofessionally.
|
| I'm _very_ glad that no incidents occurred as a result. The
| sky isn 't the place for revenge and vengeance, especially
| on _passenger flights_.
|
| I really hope that the crew has matured since then. There
| are plenty of ways companies and professionals can refuse
| service without risking collateral damage like that.
| somehnguy wrote:
| You're assuming that trained pilots somehow had no idea
| what they could safely do in their aircraft. Why?
| Angeo34 wrote:
| The problem is that they put everyone lives at risk. It
| doesn't matter how convinced you are of your abilities if
| your life and the life of others is at immediate risk
| (like in a plane or on a bus)
| jacquesm wrote:
| Noone's life was at risk. It was just mildly more
| exciting than a normal flight and _well_ within the range
| of permitted stresses on that particular plane.
|
| GGP made an assumption and then reacted to that
| assumption as though it was a fact. We weren't doing
| loopings or Immelmans, just a couple of nice steep banks
| and a pretty steep ascent/descent. If the plane would
| have not been able to handle that it shouldn't have been
| flying in the first place. I've been through _lots_ worse
| in single engine GA planes in rural Canada.
| mschuster91 wrote:
| In Germany, even the slightest acceptance of violence usage
| against capitalists and Nazis is going to get you a shitstorm
| from the far right to the center/left left.
|
| The result? Just look at how effective militant French
| protests have been in keeping neoliberal attacks on worker
| rights at bay, and how unsuccessful German protests have
| been.
| wildmanx wrote:
| Violence is unacceptable. Period.
|
| It is sad that there are cultures where that's different.
| mschuster91 wrote:
| So is the violence of the police and of other government
| agencies (think sheriffs enforcing eviction orders)
| acceptable? When is legitimate use of force crossing the
| line to abuse? When are people allowed to defend
| themselves?
|
| It's funny to see how in many Western governments the
| (legitimate!) protest of the people in Hongkong is
| cheered upon, but BLM, Yellow Vests other domestic
| protests are discarded...
|
| Saying "violence is unacceptable" is something one can
| _only_ say as a member of the privileged majority. For
| minorities, for marginalized people, for poor people
| though... the lines are way more blurry than blanket
| black-and-white statements.
|
| And for the record: I'm not a friend of pointless
| militant acts but I will not dare to judge over anyone
| not as privileged as I am to come to a different opinion.
| learnstats2 wrote:
| Violence is regulated (in essentially all of the world) -
| that's very different from unacceptable.
|
| The state, perhaps through the police or military, can
| exercise violence often without consequence. You can
| legally be violent in self-defence, to varying extents.
| contingencies wrote:
| The state defined by its monopoly on violence. Period.
| ashtonkem wrote:
| No, the state has a monopoly on _initiating_ violence.
| All citizens have the right to violence if it's in self
| defense.
|
| Some states will even let you carry firearms around in
| case you need to apply violence in self defense.
| contingencies wrote:
| That's nitpicking. It is clear that failed states are
| those with nontrivial scale violence perpetually
| initiated by non-state actors. The strength of the state
| equates to its capacity to limit the scale of others'
| violence. US gun laws, globally speaking, are a
| statistical anomaly, and if you started using guns
| against others with any scale or frequency the government
| would surely intervene.
|
| _None are more hopelessly enslaved than those who
| falsely believe they are free._ - Goethe
| ashtonkem wrote:
| It's not nitpicking. Almost all states recognize the
| legitimate use of violence for self defense, even if the
| specific methods permitted vary on a state by state
| basis. Thus if your definition of a failed state is one
| in which the government doesn't have sole right to
| violence, then you end up with the rather absurd position
| that all states are failed.
| autisticcurio wrote:
| Violence is efficient though, otherwise why was Saddam
| Hussein deposed? If Country's cant settle their
| differences with politics, what else do you have left? At
| least our leaders show us what is acceptable behaviours
| in their books but it also demonstrates their hypocrisy
| when ordinary members of the public meter out their own
| violence, although I do acknowledge some violence is just
| plain mindless eg drug and alcohol fuelled.
| ulucs wrote:
| Looking at Iraq now, does anyone think that was the right
| choice?
| smcl wrote:
| On some level I agree ... but I can't in all honesty get
| behind this statement 100%. For example I enjoyed seeing
| the videos of Richard Spencer (the "dapper" white
| nationalist) and Billy Steele (guy shouting on the tube
| about how black people are "less than him") getting
| punched in the face.
|
| Don't know if this makes me an asshole or a human.
| narag wrote:
| _On some level I agree ... but I can 't in all honesty
| get behind this statement 100%._
|
| I assume the GP was just abbreviating a more complex
| phrase that it's easy to guess, isn't it?
| StreamBright wrote:
| I can also add some here. We worked for WD for a while. There
| was this weird thing going on. We requested MacBooks because we
| were working on Linux and cloud but the management had a policy
| that managers were entitled to have MacBooks while by default
| engineers had to use Windows laptops. As externals we were
| denied MacBooks.
|
| So managers were running Powerpoints on Apple while engineers
| were running Python, aws-cli on Windows. Perfectly reasonable
| according to them. I could only estimate the amount of
| productivity lost on this. Of course WSL was not allowed
| because corporate security classified it insecure.
| xondono wrote:
| Try running Solidworks on a 300EUR laptop.
|
| Switching everyone to laptops is the biggest productivity
| loss in engineering departments.
| ChuckNorris89 wrote:
| Management getting swaggy laptops and engineers having to
| work on the cheapest and shittiest windows laptops is a thing
| in every German company where the software isn't the core
| product(embedded, IoT, hardware, automotive, mechanical,
| chemical, finance etc.) because Macs are expensive and since
| beancounters are valued more than SW engineers they can make
| themselves look like heroes in front of management by showing
| them how much money they saved the company by leasing a fleet
| of cheap machines for everyone, regardless of their job, from
| the local HP/Dell/Lenovo dealer vs the productivity loss of
| their developers that they won't bother considering.
|
| I only saw good machines in companies where only software was
| their business(mostly web shops) so management there knew the
| value of providing good laptops and monitors.
| _trampeltier wrote:
| I work in a worlwide (german) industry / automotive
| company. The group leader can decide what Notebook, PC or
| Workstation his team gets. We can choose between a normal
| office HP Notebook/PC or a pretty good version of a HP
| Z-Book or a fast Workstation. Also I think most external
| tech guys who came to our company, they usually have real
| good hardware. At least in my company now, the managment
| has just normal office notebooks or convertibles.
| jacquesm wrote:
| Not strictly true, but overall I'd say it is accurate.
| There are more and more companies in Germany that are
| becoming tech aware even though the tech is secondary and
| they realize there are productivity gains to be had from
| giving their tech employees proper tools.
|
| Still, that's yet another version of the beancounters
| perspective.
| ashtonkem wrote:
| The irony is that as I move into management, I less and
| less see the value of me personally having a powerful
| laptop. My job is Jira, Github, and Zoom; why should I
| carry around a 16" MBP for all the power I don't need?
| Nextgrid wrote:
| Wait until you need to run Microsoft Teams. You'll need
| to carry an entire supercomputer to run that pile of shit
| and even then it won't be smooth.
|
| Even Jira is not too far off these days unfortunately
| despite being a relatively simple tool (but they needed
| to justify hiring tons of JavaScript developers).
| alexandrerond wrote:
| Well, to run Slack...
| spiritplumber wrote:
| How did you guys solve it?
| julienfr112 wrote:
| double boot and windows looking customized desktop ?
| KingOfCoders wrote:
| As the person responsible for IT I was audited in several
| companies by several of the large auditing firms. The people
| auditing IT had no clue what they were doing, no clue about IT
| and were just running a checklist. I could have told them
| whatever I liked.
| rootsudo wrote:
| Very much true. I've had the pleasure of doing this stuff on
| both sides.
| jacquesm wrote:
| Yes, we hear this all the time. It's just kids with checklists
| who have absolutely no idea about the nature of the questions
| they are asking, why they are asking them and have absolutely
| no plan for off-script follow up questions based on the answers
| given.
|
| A lot of these auditors come from a financial background and
| they treat IT in much the same way, as if there is some kind of
| checksum they can calculate which will tell them if the company
| is healthy from an IT perspective or not.
|
| Companies that are certified tend to be very good at process
| but are sometimes surprisingly bad at the actual IT. But it's
| all documented perfectly.
| jacobr1 wrote:
| On the other hand, one of the benefits of all that
| documentation and policy is that blame can be assigned when
| the inevitable problems arise
| jacquesm wrote:
| The CYA component is definitely present.
| shaqham wrote:
| As a former IT auditor I can only confirm your statement. After
| I did my master in business administration with a touch of CS
| (it was called Master of Information, Media and Technology
| Management - and I really just learned basic Java, SAP, and one
| course about IT architecture) I got a job at a big four
| auditing company as an IT auditor. I was literally just going
| through some checklists and at that time I had no idea about
| the systems or technology I was auditing. After two years I got
| so frustrated with my job I decided to get a second degree in
| CS. The more I studied, the more obvious it became to me that
| someone with a CS degree never would do such boring work if
| there are other job opportunities in IT.
| jacquesm wrote:
| So, as someone who spent a lifetime in IT, I actually enjoy
| the work. It gives me a way to give other companies, many
| more than I could normally work for, a way to benefit from
| that experience. Our little crew is composed of veteran IT
| people, all with lots of real world experience, we get the
| privilege of looking at lots of different companies, both the
| good and the bad. Which in turn gives us more knowledge.
|
| It is anything but boring to me.
| shaqham wrote:
| Glad to hear you enjoy your work. For me, it was just going
| through some checklists under enormous time pressure at
| large financial institutions and mostly alone, without any
| of my team members on site. If I were to do the job today,
| I might be able to look more into the details of the
| systems/applications I am auditing, immerse myself in them
| and have some meaningful conversations with the people I am
| auditing. Thank you for your perspective
| exhilaration wrote:
| Similarly, I remember at my last job management would start
| talking about the "ISO corner" each year, where all the forms
| that we never, ever touched sat. This of course coincided with
| our ISO 9001 recertification. A few developers would be coached
| on what to say to the certifier, he'd be there for 2 days, and
| then we'd go back to business as usual.
| juskrey wrote:
| By the way, ISO organization does not endorse, check or
| enforce compliance of any of the certification providers, and
| can't basically do anything against someone who just sells
| ISO certificates in shiny bevel, even if they wanted.
|
| That said, all the ISO standards are corporate moonspeak and
| bullshit themselves and do not bear any practical sense. (All
| that, for example, looong document on infosec ISO 27001 says
| is "try to be secure, my friend")
| jacquesm wrote:
| Mixed bag. ISO27001 when taken seriously and implemented
| throughout a company that means well and has the resources
| to do so will at least guarantee some level of process to
| be present. This then needs to be backed up with actual IT
| and security knowledge to be effective, and that is more
| often than not where the problems are.
|
| So as a rule we treat an ISO 27001 certificate not so much
| as a checkbox item meaning we can skip certain parts of our
| audit, but as a nice-to-have which may help speed up the
| interview process because we at least know what terminology
| to use.
|
| In practice there is too little difference between
| companies with or without such certification to see it as
| anything other than a marketing tool.
| ajb wrote:
| "all the ISO standards are corporate moonspeak" Bit of a
| generalisation there. ISO/IEC 13818-3 was quite useful, for
| example.
| juskrey wrote:
| Okok, I mean all that corporate/org standards.
| arethuza wrote:
| My wife started her career as an internal auditor at a UK
| financial company - she was apparently repeatedly told to _stop
| finding problems_ , her manager acknowledged that the things
| she was finding were real problems but nobody wanted to have
| formal reports describing them.
|
| She left after a colleague who apparently spent most of his
| time asleep in a cupboard got promoted over her....
| watertom wrote:
| I hope she wasn't surprised. People who listen to their
| managers get promoted.
| arethuza wrote:
| I think being told not to find so many problems she could
| perhaps have coped with - having someone who was apparently
| unconscious most of the time promoted ahead of her was what
| really did it.
|
| NB It was financial auditing not IT.
| jacquesm wrote:
| Well, it is clear that he was promoted _because_ he wasn
| 't interested. It allowed the rest of the people there to
| get away with stuff that they shouldn't have been doing.
|
| Leaving was the best option that your wife had, in such a
| case you really don't want to stick around until the
| house burns down.
| znpy wrote:
| what's the legal liability in omitting a problem you've
| found during an audit? not for the auditing company, for
| the auditor.
| arethuza wrote:
| It was an internal audit role and she wasn't a
| professionally qualified accountant.
| Jtsummers wrote:
| So no legal risk, but there is still professional risk.
| When external auditors come in or an issue is found that
| impacts customers, they could scapegoat their internal
| (deliberately made useless) team, fire them, and have a
| go at using that as part of their defense/response. The
| higher-ups would be ok if they can pull it off, but your
| wife would've been out a job and with an inability to get
| a reference from them (beyond the basic: She was employed
| here from X-Y).
|
| Best plan for everyone is to get out of shady companies
| like that ASAP.
| jacquesm wrote:
| https://en.wikipedia.org/wiki/Arthur_Andersen
|
| For the individual auditor: if you're a
| chartered/certified accountant you can get into a lot of
| hot water, including possible jail time.
| bardworx wrote:
| Thankfully there are very strong incentives for audit
| companies not to f-up. They themselves are not audited
| and are not public. Their reputation means a lot to them.
|
| With this situation, there is a reasonable expectation
| for EY to lose clients. Partners will also face some
| consequence. Most likely they will be let go and removed
| from accreditation by CPA (in the US). There are several
| high profile cases where partners get sacked[0].
|
| [0]: https://www.ft.com/content/5179fb94-fd6c-11e8-ac00-5
| 7a2a8264...
| purple-again wrote:
| Partly false. We were audited every year by one of our
| competitors. There is a strong likely hood that the
| reason she was told to stop finding problems is because
| the de minimus limit (the dollar figure at which we don't
| care) is truly, and I mean TRULY massive for the kind of
| companies that are audited by EY, PWC, KPMG, and
| Deloitte. I refuse to believe for one second that a
| serious issue was swept under the rug by a senior or
| manager.
|
| As for the guy sleeping in cupboards...the staff at those
| firms reguarly work 80 hour weeks (not the "I work 80
| hour weeks counting all kinds of stupid things" but the
| "I was at the client site or in the home office for 80
| hours this week". It was a very common occurence for hard
| working staff members to take naps at the client (most
| likely because last night was a 2am night). Promotions at
| these firms are often very competitive as the
| organization is an "Up or out" organization designed to
| chew up fresh college grads.
|
| The peer review is conducted by an independent evaluator,
| known as a peer reviewer. The AICPA oversees the program,
| and the review is administered by an entity approved by
| the AICPA to perform that role. 2. The peer review helps
| to monitor a CPA firm's accounting and auditing practice
| (practice monitoring).
| whatshisface wrote:
| > _There is a strong likely hood that the reason she was
| told to stop finding problems is because the de minimus
| limit (the dollar figure at which we don 't care) is
| truly, and I mean TRULY massive for the kind of companies
| that are audited by EY, PWC, KPMG, and Deloitte. I refuse
| to believe for one second that a serious issue was swept
| under the rug by a senior or manager._
|
| That's a big claim for you to make given that you don't
| know the company, the size of their clients, or even
| whether or not anyone went to jail over the proceeding
| decades.
| throwaway2245 wrote:
| It is not always a manager's motivation to get you
| promoted. Sometimes their motivation is to keep you where
| you are.
| ben_w wrote:
| Perhaps this is naivete on my part, but I imagine that if I
| worked for an organisation whose explicit purpose is to
| look for things which need fixing or certify that no known
| issues are present, I would be surprised if "shoot the
| messenger" was -- even metaphorically -- a real policy.
|
| I would also ask myself how far the rot went, because if
| (for example) this organisation was also supposed to audit
| the government and yet promoted those who "slept in a
| cupboard" over those who worked diligently, then I would
| expect the country to suffer a very large and very
| surprising economic disaster.
| curiousllama wrote:
| Hi, yes, this is largely how audit firms work. If they
| find a problem, they will not be hired next year.
|
| That said - don't despair! The purpose is NOT to catch
| purposefully-fraudulent CFOs. That's the SEC's job. It's
| much more of a forcing mechanism for otherwise-honest
| CFOs: they know they have to justify what they're doing
| somehow, and the auditor knows that if something will
| inevitably blow up anyway, they can't sign off. So it
| just arrests the slippery slope when honest mistakes are
| made.
| arethuza wrote:
| Note it was an _internal_ audit role - not acting as an
| external auditor working for an accounting company.
| ben_w wrote:
| While that is worth pointing out, I would still be
| concerned in such circumstances. As I say, perhaps
| naively so -- I have no familiarity with the norms of
| that industry.
| olivermarks wrote:
| The problem is when internal auditors highlight major
| issues it is the internal auditor who is disgraced and
| fired
| macintux wrote:
| Whistleblowers are very rarely welcomed in any business
| or government context, which is most unfortunate.
| arethuza wrote:
| Well, she did leave accounting completely and did
| something else entirely - so I think it is fair to say
| that she was concerned!
| dylan604 wrote:
| The other person was probably told to stop finding problems
| as well, and he was complying. I once told a manager the
| only way to not do what I was doing would be for me to be
| asleep. Hell, maybe it was so easy he could do it in his
| sleep?
| nomel wrote:
| I tried this once and it resulted in my lowest performance
| review on record. So, it depends on the manager.
| xondono wrote:
| I once had a technical discussion with my manager, he
| wanted me to use a technical solution that did not work,
| while making me fully responsible for the result.
|
| In the end I implemented both my solution and his. Mine
| worked like a charm, his literally caught on fire (it was
| power electronics development). Got fired anyway...
| Chris2048 wrote:
| > he wanted me to use a technical solution that did not
| work, while making me fully responsible for the result
|
| Just say "yes", and work on your job-hunting instead.
| julienfr112 wrote:
| If the guy was auditing Enron or Madoff, that explains a lot
| ....
| curiousllama wrote:
| As a former IT auditor, this checks out. Depending on the
| company, they may have just grabbed whoever was available.
| bardworx wrote:
| I believe I can provide some color as my wife is an auditor and
| I work in IT. We've had this discussion before.
|
| Audit is really freaking expensive; Domain experts too. While
| there is a checklist that given to the auditor, the person
| asking those questions are usually senior or early manager
| level. The person has little experience in IT but usually has a
| small BS detector because of previous audits. That checklist is
| then sent to an internal domain expert to verify. Follow up
| questions may occur.
|
| Having said that, this is strictly for compliance and "covering
| your own butt". This past year a firm was found negligent
| because they didn't catch fraud because they simply "checked
| the box". Since then, most firms have introduced rudimentary IT
| training for auditors responsible for said checklist. (All
| staff have to take the classes, when at level).
|
| TL;DR an auditor cannot have same knowledge as IT person and
| audit time is expensive. They're trained to earmark fraud and
| to verify, to the best of their abilities, they are not signing
| off on a lie. Shit is hard and no system is perfect.
| jacquesm wrote:
| This is spot on and one of the reasons why those reports are
| worth absolutely nothing other than that they might help
| close some deals.
| bardworx wrote:
| This isn't for "closing a deal" but because the audit co is
| signing off on financials. This is why in a companies
| public reporting, they have a section about possible damage
| from losing customer info. That's legalize for:
|
| 1. The Public Company being audited isn't going to spend
| money on a real technical audit and may in the future lose
| customer info, etc.
|
| 2. The financial auditing company doesn't have enough
| experience to properly asses the situation. They did the
| best they could but they're no experts.
| jacquesm wrote:
| Ah, yes, I still had ISO27001 in mind.
| the8472 wrote:
| > TL;DR an auditor cannot have same knowledge as IT person
| and audit time is expensive.
|
| Code audits and pentesting are a thing you can buy. But yes,
| they're even more expensive. Turns out security isn't
| considered valuable enough for most.
| bardworx wrote:
| Right, that's exactly why the audit company isn't signing
| off on code audit or pen testing. They can only sign off on
| a simple checklist, if a caveat is listed in the financial
| reporting.
|
| They have no proficiency or enough people who know what
| they're doing. The approach is to meet the lowest common
| denominator set by the SEC or is expected from investors.
| vsareto wrote:
| Pay boat loads for auditors vs. paying pittances for
| getting pwned a few times. It's no wonder, really.
| jacquesm wrote:
| That's exactly it. They're seen as an unneccesary cost
| because there are no real penalties for being compromised.
| Though this is fortunately changing, which has caused
| companies to begin to take this stuff more serious than in
| the past.
| grenoire wrote:
| Can we get an English report, preferably not paywalled? From what
| I can read in the first few paragraphs, the title seems
| sensationalised.
| ludamad wrote:
| To me it was implied someone hadn't written one yet, and
| hitting translate got me half the article. Admittedly, this
| leaves me half-informed
| mv4 wrote:
| just like the auditors!
| jacquesm wrote:
| Substantially less than half in that case.
| gravitas wrote:
| The website is user-hostile; if you accept the Advertisements
| it attempts to set a cookie which the Firefox tracking
| protection layer won't allow to happen, resulting in an error
| and no article access.
| bzb4 wrote:
| Of course, if your browser is not standards compliant (no
| cookies) then you have to expect websites not to work.
| gravitas wrote:
| This was never stated (no cookies), the tracking protection
| layer blocks cross-site and social media cookies amongst
| other bad ideas. This browser has hundreds of active,
| working, viable cookies in play (to include HackerNews
| login) -- it is _this_ specific website which is incorrect
| for trying to use a known-malicious cookie setting
| technique in 2020 and violate my rights to privacy.
| floatingatoll wrote:
| Please open a Webcompat issue; if it's breaking in
| Firefox, it may be breaking in development versions of
| other browsers as well.
|
| https://webcompat.com/issues/new
| alpaca128 wrote:
| If a simple news article cannot be displayed without
| cookies, scripts or CSS the failure is not on the client
| side.
|
| Something went seriously wrong if a beginner with 15
| minutes of HTML experience can create a better performing,
| more usable site imho.
| bzb4 wrote:
| Journalists have bills to pay.
| natch wrote:
| Is having bills to pay a valid excuse for any and all bad
| behavior?
| liability wrote:
| In the movie _Thank You For Smoking_ a tobacco industry
| spokesman calls it the _' Yuppie Nuremberg Defense.'_
| Instead of _" I had orders"_ it's _" I had a mortgage."_
| alpaca128 wrote:
| Both paywalls and ads are possible without any cookies,
| scripts or tracking.
| jacquesm wrote:
| That website wasn't made by journalists, but by their
| bosses. If the news is going to be 'for pay' only then
| effectively being informed equates to being wealthy and
| the not so wealthy will be preyed on by the 'fake news'
| department, because to them spreading the news _is_ the
| business.
|
| So there is a very strong case to be made for keeping
| news free for the masses, even when they run adblockers.
| bzb4 wrote:
| Okay, who's going to pay for that?
| MaxBarraclough wrote:
| Fire up a Private Browsing session and let it install
| whatever cookies it likes.
|
| Not that this option makes it any less user-hostile.
| MichaelApproved wrote:
| Is that FF tracking protection turned on by default?
| marcosdumay wrote:
| Yes, it's on by default.
|
| There is a site-wide off switch if you know where to look,
| but I doubt most people would find it.
| ludamad wrote:
| Auditing - be it corporate accounting or election results -
| breeds false security the moment it doesn't work. I think
| transparency into critical vetting will be a big societal
| improvement.
| jacquesm wrote:
| I do this for a living and if there is one thing that I have
| found it is that due to COVID-19 on-site visits are no longer
| an option (especially not internationally) and this has caused
| us to be blind to certain classes of problems. It is a lot of
| work to get around that remotely and to not have a drop in
| quality because of that. We are at least aware of the problem
| but even then this is a tricky thing to solve. When looking
| through a keyhole you can get a completely different view of a
| company than the one you get when you spend a day on their
| premises.
| fedreserved wrote:
| On other forums people are taking advantage of the situation
| to refinance their homes where they don't want a privacy
| inspection (medical marijuana grows which are legal, but
| under certain circumstances banks may ask questions)
| Tepix wrote:
| What's the headhunter bounty for former Wirecard COO Jan
| Marsalek? He's still at large:
| https://www.finextra.com/newsarticle/36396/marsalek-joins-in...
| jacquesm wrote:
| https://www.bellingcat.com/news/uk-and-europe/2020/07/18/wor...
|
| Not sure how reliable that is but it would make some sense,
| close by and hard to impossible to be extradited from there.
| x86_64Ubuntu wrote:
| That's one hell of a read...
| MiroF wrote:
| It's ridiculous how any rich person accused of fraud in the
| West can take asylum in Russia/China and vice versa.
| pkaye wrote:
| Also there are rich people in poor countries that embezzle
| money and then move to a western country. They are able to
| use the laws and protections of that western country to
| block any extradition.
| mschuster91 wrote:
| Because it is more than likely that Wirecard was not just
| running a front for illegal gambling and questionably legal
| (in terms of youth protection compliance) porn sites, but
| also a front for Russian GRU/FSB to distribute cash to
| agents and sources.
|
| There is no other reasonable explanation as for why he is
| under the care of GRU.
| jacquesm wrote:
| Pecunia non olet is now about 2000 years old, not much has
| changed in that time.
| LargoLasskhyfv wrote:
| That may be true when it comes fresh from the ATM, but
| otherwise is mostly false. People physically handling
| money would tell you that it indeed STINKS!
| microtherion wrote:
| Don't forget that the phrase was coined by an emperor who
| started charging for access to public latrines...
| jacquesm wrote:
| That's incorrect. Access to the latrines was free, the
| money was in order to be allowed to _empty_ the latrines,
| with urine having fairly high concentrations of certain
| minerals and lots of applications (for instance: curing
| leather).
| pavlov wrote:
| The Society for Worldwide Interbank Financial
| Telecommunication (SWIFT) is proud of their wire transfer
| network being 99.9999% odorless.
| erdos4d wrote:
| I'm currently living in Ecuador and skipping out of the
| country with millions and heading to Europe is the
| preferred route for many politicians here. They get safe
| haven there with their families and are not extradited,
| even when the government tries to get them back for trial.
| So, this is actually perfectly cool with the EU coming from
| another western country, not just Russia/China. Money seems
| to make those EU principles of the rule of law very
| negotiable. Guess they have the inverse problem as well
| when someone runs off with their money.
| elliekelly wrote:
| So, assuming what's reported in that article is true, is
| Russia a black hat finance bug bounty hunter of sorts? They
| identify ongoing high-profile fraud in Western countries and
| use that leverage to turn the executive into intelligence
| assets? Or is it the other way around? He was already working
| with Russia and then just happened to commit massive fraud at
| the same time?
|
| I guess I'm just having a hard time understanding how a
| person can get themselves into such a situation. I can't
| believe it's just greed that allows it to happen but perhaps
| that's naive of me.
| jacquesm wrote:
| You can bet your bottom dollar that Russia and Russia
| backed entities (as well as Chinese) are spending a lot of
| money to try to gain footholds in Western Europe and
| America through all kinds of schemes. Whether this was one
| of those is up for grabs, it could easily be. But it is a
| fact that these things are happening.
|
| How they might get themselves into such a situation?
|
| Just one sample: The company might have been in financial
| trouble, not able to fulfill its obligations in the short
| term, and so a decision was made to pull in some Russian
| 'cheap' capital for a short term loan.
|
| There is a very large amount of illicit Russian money
| flowing around and it pops up in the most respectable
| places.
|
| So it isn't necessarily just greed, it could be that the
| investor that you are taking on board in turn is a front
| for that sort of capital ( _always_ ask for the source of
| the capital from your investors, if they are coy about it
| then better go somewhere else), or that the founders are
| too naive to realize that they are making deals with people
| they should stay away from (see comment above for my own
| personal story).
| mschuster91 wrote:
| > or that the founders are too naive to realize that they
| are making deals with people they should stay away from
|
| Given that there are reports that Marsalek tried to put
| up 15.000 mercenaries to take over Libyan border controls
| (possibly with a relation to the politics of his homeland
| Austria and it's anti immigration policy!), it may very
| well also be that Marsalek _knew_ what he was getting
| into and went all in out of a search for fame, a real
| life Austrian 007.
| harha wrote:
| Well yes, but a bit more like the villain in a low-budget
| Austrian 007 parody.
| josefx wrote:
| > Bellingcat, in collaboration with its investigative
| partners Der Spiegel and the Insider,
|
| Ugh, one of the former top journalists of "Der Spiegel" has
| shown they will happily publish anything that fits their
| readers narrative. It wouldn't be surprising if half of the
| facts they found were made up to make the story look more
| epic than it is.
| jacquesm wrote:
| (1) I did add a disclaimer regarding the source
|
| (2) There are undoubtedly links between Marsalek and Russia
|
| (3) It is plausible (no extradition, reasonably close by so
| family can still visit)
|
| (4) There is circumstantial evidence
|
| (5) Many places where he could go to would actually be far
| more dangerous to him than Belarus
|
| So obviously, this is not hard proof but it is a lot better
| than nothing at all, if you can dispute any of the bits
| they list as facts rather than speculation (which they were
| surprisingly candid about) then that would change matters.
|
| For now, it is the best that I could find, the list of
| countries where he could go, live in relative luxury and
| safety while on the lam for German justice isn't all that
| long and Belarus features near the top of that list.
| josefx wrote:
| > if you can dispute any of the bits they list as facts
| rather than speculation (which they were surprisingly
| candid about) then that would change matters.
|
| A problem with that is that some of their facts are based
| on "documents they reviewed". I do not have these
| documents and I cannot find any alternative source for
| the DA0000051 claim. All I have is past occasions of the
| Spiegel making stories more exciting and interesting for
| their readers by making up facts.
| jacquesm wrote:
| But that doesn't say anything about this particular
| story, and Der Spiegel has come clean about those
| instances which is the reason you can make that claim to
| begin with.
|
| Nobody's perfect, but if I get to chose between Der
| Spiegel and Fox News or Bild I know where I'd put my
| money.
|
| And of course you don't have the documents, it is pretty
| rare that a news article would be accompanied by all the
| evidence the publisher has acquired, if only because that
| could easily put their sources at risk.
| josefx wrote:
| > and Der Spiegel has come clean about those instances
| which is the reason you can make that claim to begin
| with.
|
| After ignoring complaints for years and threatening one
| of their journalists for having the gall to question
| their golden goose. They only came clean about because
| there was no denying the evidence said journalist
| gathered and if they let someone else publish it they
| couldn't put their spin on it. Their world class fact
| checking team at least turned out to be a group of
| glorified spell checkers.
| jacquesm wrote:
| All of which has zero bearing on this particular article.
| Really, questioning the source like this is just another
| ad hominem.
| josefx wrote:
| Given that nobody else has seen those documents the
| reverse is an appeal to authority and I find it relevant
| that said authority has a history of embellish facts.
| LargoLasskhyfv wrote:
| The only remaining difference is presentation, not
| content/information. Any money there is wasted, except
| for (bad) entertainment purposes.
|
| (sorry, didn't really want to take this further OT, but
| could not resist)
| brian_herman__ wrote:
| 50 million woolongs?
| [deleted]
| holidayacct wrote:
| This happens all the time, I worked for a company that was
| audited by a security firm. The security firm compromised every
| part of the company by pretending to be employees, third party
| vendors or competitors looking to hire away current employees.
| Some of their existing employees gave away every single detail
| you'd need to compromise the infrastructure during interviews.
|
| Fooling auditors isn't going to be all that difficult, most
| auditors get confused if there is too much going on in the room .
| I've literally seen a publicly traded company pass an audit just
| by making the audit frustrating and then providing every perk you
| can imagine outside of the audit room (including attractive
| men/women). As you can imagine, they didn't do a very thorough
| audit.
| stephenr wrote:
| I can't read German so I don't know the details the story is
| detailing if any but isn't this just the ultimate example of
| "fake it till you make it", combined with an Uber-esque disdain
| for laws and regulations?
|
| Why are people always so surprised when "disruptive"
| organisations actually end up doing a bunch of weird shit?
| jacquesm wrote:
| I don't think they ever planned to 'make it'.
___________________________________________________________________
(page generated 2020-08-20 23:01 UTC)