http://securityratty.com/tag/kieber Mon, 25 Feb 2008 11:03:19 +0000 iRatty Engine http://blogs.law.harvard.edu/tech/rss http://securityratty.com/article/6220385518c92bd41671151d57327dcd http://securityratty.com/article/6220385518c92bd41671151d57327dcd Security Breach

Date Reported:
2/22/08

Organization:
LGT Group - The Wealth and Asset Management Group of the Princely House of Liechtenstein
English Version
German Version
French Version
Italian Version

Contractor/Consultant/Branch:
LGT Treuhand AG
(LGT Trust Ltd in English)

Victims:
Clients of LGT Trust (prior to 2002)

Number Affected:
~1,400*

*there may be an additional 4,527 beneficiaries affected.

Types of Data:
Confidential bank account information.

Breach Description:
Confidential customer information was stolen from LGT Trust in 2002 by a former employee of the company.  As a result of this breach, Heinrich Kieber was convicted of "serious fraud, dangerous threats, unlawful compulsion, and suppression of documents."  Now it appears that German authorities paid Mr. Kieber "as much as 5 million euros ($7.4 million)" for information about German account holders for the purpose of investigating tax evaders.  Other countries that are interested in the information allegedly stolen by Mr. Kieber include the United Kingdom (U.K.), the United States (U.S.), Australia and others.  Mr. Kieber now has a new identity (possibly as part of the arrangement with Germany) and his whereabouts are unknown.

Reference URL:
LGT Group Media Communique dated 2/24/08
[Evan] Highly recommended interesting read
The Australian online news story
Bloomberg.com online news story
MarketWatch online news story

Report Credit:
Chad Thomas, Bloomberg.com

Response:
From the online sources cited above:

For LGT Group, all the facts now point - despite contradictory statements form sources said to be close to the German intelligence service - to the fact that the data material illegally disclosed to the German authorities is limited, in as far as LGT is concerned, to the client data stolen from LGT Treuhand in 2002.

Even though other rumors have been circulated about the occurrences, LGT Group is assuming on the basis of numerous indications that the person, who illegally passed the data on to the German intelligence service, is the same former employee of LGT Treuhand who stole the data in 2002.

Apparently, the stolen data material has also been illegally disclosed, directly or indirectly, to other authorities.  According to reports in the media, the previously convicted offender was paid a sum of several millions for the information and was provided with a new identity.

this is a possibility that law firms were interposed as intermediaries.  LGT will now re-register its report of a criminal offence committed by a person unknown directly against the convicted data thief.

approximately 1,400 client relationships with LGT Treuhand, which were established before the end of 2002.  The largest proportion, about 600 clients, are resident in Germany.  The figure circulated in the media of 4,527 sets of data represents the number of beneficiaries of all the foundations

it has become increasingly clear that the so-called "informant" of the BND German intelligence service is indeed the same convicted data thief who illegally disclosed the client data in 2002

Acting on the information, German authorities raided the home of one of the country's most high-profile executives, the chief executive of Deutsche Post AG, alleging he evaded paying about E1 million in taxes.

The government, which paid as much as 5 million euros ($7.4 million) for information on German account holders in Liechtenstein on a disk provided by an informant to the Federal Intelligence Service, or BND, will share this information with other countries, the finance ministry said today.
[Evan] You mean to tell me that its possible (and acceptable) to steal confidential corporate information and sell it for big bucks?  German authorities paid over $12,000 per record (7,400,000/600)!  The question is, is this an informant or a data thief cashing in?

U.K. tax collectors, after initially turning up their nose at an informant's offer to sell them confidential data from a Liechtenstein bank, have now paid up and have information on about 100 wealthy British subjects

they were persuaded to pay the informant around 100,000 pounds only after Berlin tax officials launched in recent weeks a high-profile crackdown on Germans with money said to be stowed away in Liechtenstein
[Evan] The UK got a deal.  They only paid ~$2,000 per record.

Australian authorities have been given details of Australian clients of Liechtensteinische Landesbank (LL, according to reports in the Wall Street Journal and Guardian newspapers.

"The Australian Tax Office does not pay for information about tax schemes," an ATO spokeswoman said. "Nonetheless, we have a good flow of information from people concerned about fairness and equity in the tax system."
[Evan] The best deal of all.  Australia got the stolen information for free!

The former employee, who was convicted of the data theft, is a Liechtenstein citizen named Heinrich Kieber (HK).

He was active from October 1999 as an external employee of an IT-company, and from April 2001 to November 2002 as an employee of LGT Treuhand.  At the time of his recruitment and during his employment with LGT Treuhand, he had not been previously convicted of a crime.  However, as would become known later, an arrest warrant had been issued against HK, which was not accessible for examination during the standard checks carried out on new employees.

This arrest warrant was linked to a real estate deal in Spain in 1996, which HK had allegedly financed with uncovered checks, and was issued by the Spanish criminal prosecution authorities in 1997, firstly at national and subsequently at international level.

It has been reported that he (Heinrich Kieber)  has been given a new identity and is living in Australia.

Commentary:
This is a very intriguing story and one that will take a while to shake out.  I am a little torn by the series of events, and struggle with the ethics of it all.  I don't think Heinrich Kieber is any kind of hero by any means.  I think he is a common thief that just received a huge payday.

A couple of questions to think about:

• Do you think Heinrich Kieber is lucky criminal, or do you think he is an honest "informant" and "whistleblower"? 
  
• If he were truly an honest guy, why would he shop the confidential information around like he did and not give it freely?
• Do you think this story will encourage other insiders to follow suit?
  

On one hand authorities catch criminals, which is great!  On the other hand, we just enabled (and in some circles encouraged) insider criminal activity and potentially employee fraud.  Read the LGT Group Media Communique, it is very interesting stuff.

Past Breaches:
Unknown

]]> Mon, 25 Feb 2008 11:03:19 +0000 confidential confidential data kieber named heinrich kieber lgt lgt trust data confidential information information Cashing in on employee theft, or honest whistleblower?