Man Arrested for trying to sell Pep’s hacked emails

Plain Speaking said:
Another example - Oxbridge educated Vicky Kloss is Chief Communications Officer at the club.
Yet on foreign trips she is the biggest source of cybersecurity weakness in the entire enterprise as she repeatedly flouts internal security rules and standards.
A rogue operator could hack into City via targeting Ms Kloss.
And she used to work for the police!!!
Cybersecure she is not."
"

https://footballisfixed.blogspot.com/2019/12/3-posts-of-corruption-past-present-yet.html?m=1
Click to expand...


This is shoddy 'reporting' from the author. Can they give examples of Ms Kloss' cybersecurity weakness? 'She repeatedly flouts internal security rules and standards' is a hell of a statement. What are these rules and standards that she's flouting? When did she flout them and most importantly, how does the reporter know this?

It's not backed up by facts or evidence, so IMO it's all a load of rubbish.

Anyone could make these accusations about anyone, e.g. Steve Mcgraph is the head of security, but he's also the best opportunity to hack Manchester City, he repeatedly flouts internal security rules and standards. A rogue operator could hack into City via targeting him. And he used to work for the police!!

....slap that on an edgy website and you've got a new scapegoat.

See where I'm going?
 
TheRemainsOfTheDave said:
The IT sector relies heavily on contractors so businesses are always at risk of data leakage, either intentionally or accidentally. This guy's career is over and hopefully City push for jail time as that will send a message to anyone else thinking about doing the same. The contractor seemingly was employed by a consultancy so I do hope they have the necessary insurance to cover their employee's actions. That said, you can employ as much security as you want, there simply isn't a way of totally preventing this kind of act if someone wants to do it. Hopefully everyone at City has been briefed about the security weakness of emails and not to discuss or reveal sensitive info in them.
Click to expand...

It’s the contractors responsibility to have insurance but that won’t cover him because he’s committed a crime. The agency won’t be at fault here, his Ltd Co. and he will be.

I work in contractor recruitment in IT and Business Change.
 
BlueAnorak said:
Already been done I believe. Depending how long ago, it probably needs to be done again.
Not encrypting email data at rest is so amateur it's scary.
Still they have two email security firms on the case at the moment so maybe lessons have been learnt.
Click to expand...

Its mental but i'd be doing a full security review including Pen testing all apps/systems etc -
 
TheRemainsOfTheDave said:
The IT sector relies heavily on contractors so businesses are always at risk of data leakage, either intentionally or accidentally. This guy's career is over and hopefully City push for jail time as that will send a message to anyone else thinking about doing the same. The contractor seemingly was employed by a consultancy so I do hope they have the necessary insurance to cover their employee's actions. That said, you can employ as much security as you want, there simply isn't a way of totally preventing this kind of act if someone wants to do it. Hopefully everyone at City has been briefed about the security weakness of emails and not to discuss or reveal sensitive info in them.
Click to expand...
This dishonest amateur will probably go to jail. Unlike the person who systematically stole far more sensitive information from our scouting network on hundreds of occasions...and was then promoted to Liverpool's Head of Recruitment.
Surely the FA will have to investigate all these incidents. They threw the book at Bielsa and Leeds after one of his staff spied on a rival team by watching a training session from the bushes!
 
Cobwebcat said:
Bloody hell.

I take it the club are aware of this now.

VK doesn’t come out well if they are correct.

I wonder who the three players were/are.
Click to expand...
B1cl7aNCEAA7Wjs.jpg

be careful with your use of initials
 
BlueDan91 said:
Not that I believe a lot of what they post but that "Football is Fixed" Twitter account alluded to people inside our organisation working against us early in the season.
Click to expand...
There is a lot of crazy stuff on the Football is Fixed blog but it does seem there are also some nuggets of truth. It has been accurate over our total lack of cyber security. The tech side of the club seems pretty shit in lots of places. And as many have been saying on this forum for years we have got communications problems in many areas. That blog claims it is a management structural issue and, even looking from outside, that seems a plausible theory.
 
Ban-jani said:
It’s the contractors responsibility to have insurance but that won’t cover him because he’s committed a crime. The agency won’t be at fault here, his Ltd Co. and he will be.

I work in contractor recruitment in IT and Business Change.
Click to expand...
I work as a contractor via a PSC but did this guy definitely work in the same way or as a consultant via a consultancy? It would seem weird for the article to mention the ending of "its relationship with the IT firm" and not specify he WAS the IT firm. Maybe it's just the way I read it.
 
The biggest IT security risk (email wise) is senior bosses wanting to be able to read their employees emails. This tends to leave email data at rest unencrypted as they aren't prepared to pay for an electronic key store solution.
 
Manchester33 said:
This is shoddy 'reporting' from the author. Can they give examples of Ms Kloss' cybersecurity weakness? 'She repeatedly flouts internal security rules and standards' is a hell of a statement. What are these rules and standards that she's flouting? When did she flout them and most importantly, how does the reporter know this?

It's not backed up by facts or evidence, so IMO it's all a load of rubbish.

Anyone could make these accusations about anyone, e.g. Steve Mcgraph is the head of security, but he's also the best opportunity to hack Manchester City, he repeatedly flouts internal security rules and standards. A rogue operator could hack into City via targeting him. And he used to work for the police!!

....slap that on an edgy website and you've got a new scapegoat.

See where I'm going?
Click to expand...
Apparently the guy that wrote the article was asked to work for City, which he initially did some work but then said it was too leaky. I don't think he's looking for a scapegoat he's just reporting things as he found them. Why would he be looking to scapegoat anyone?
 
TheRemainsOfTheDave said:
In my most recent career I reckon I have worked with about 25 heads of IT, or of the departments in which I was stationed, and would say 24 of them didn't know enough about data security.
Click to expand...
Yes it's just basic stuff which catches people out. But I can't understand why people can't seem to understand that any content on an email is never 100 per cent secure so don't use emails for anything sensitive. We don't seem to have moved on from Garry Cook making a tasteless joke about cancer and copying in half the world after he pressed send. Perhaps City have expanded so quickly that we just don't have the right systems in place. This happens quite a lot in the business world.
 
BlueAnorak said:
The biggest IT security risk (email wise) is senior bosses wanting to be able to read their employees emails. This tends to leave email data at rest unencrypted as they aren't prepared to pay for an electronic key store solution.
Click to expand...

Don't know about you, but in my place, email is end-to-end encrypted, so the boss would need either the employee's password, or an IT guy who was willing to change password's at the boss' say so?
 
TheRemainsOfTheDave said:
I work as a contractor via a PSC but did this guy definitely work in the same way or as a consultant via a consultancy? It would seem weird for the article to mention the ending of "its relationship with the IT firm" and not specify he WAS the IT firm. Maybe it's just the way I read it.
Click to expand...

Ahh it sounds like that’s the case then, he may have worked for a consultancy, rather than a recruitment agency, I misread.
 
Plain Speaking said:
Apparently the guy that wrote the article was asked to work for City, which he initially did some work but then said it was too leaky. I don't think he's looking for a scapegoat he's just reporting things as he found them. Why would he be looking to scapegoat anyone?
Click to expand...

No he isn’t. He’s a blogger based in London that exposes corruption in football.

A while ago now, before the leak, he offered to provide the club with evidence he had...presumably the Rui Pinto hacks, but became aware the club had several security leaks and withheld his information for fear of compromising himself. That’s my understanding of it.
 
You must log in or register to reply here.
Unread Posts

Don't have an account? Register now and see fewer ads!

SIGN UP
Back
Top