A regrettable breach of security regulations

Remember this post from 2006, and especially this one from a year later on the next big miscarriage of justice? Well, look what just happened. It’s far worse than even I thought – the police were well aware that there were serious problems with the Landslide case as early as February, 2003. Specifically, the old National Crime Squad seems to have been extremely gung-ho about the whole project while the regional police forces were much more sceptical. Later the whole thing was slung to the Child Exploitation and Online Protection Centre, one of the weird sort-of police agencies that proliferated in the late Blair years. Meanwhile, a suspect has succeeded in claiming damages. Both cases show various police forces in a very bad light indeed – the US postal inspector in the first suddenly retired to look after his “sick wife” when his evidence was challenged, while as for Hertfordshire Police:

Despite this, the officer, Detective Constable Brian Hopkins, pressed three charges of possession of indecent images of children. Mr Justice Mackay said he cut a “rather pathetic figure” in the witness box, having initially claimed he could not give evidence because of a psychiatric condition….The judge found that Mr Hopkins, who has since left policing, not only had “no honest belief in the possession charges when he caused them to be brought against [Mr Clifford]”, but did so “to protect his own position”.

Feel the fremdscham, baby!

Meanwhile, my bank card has been compromised. So I was in San Francisco of a Sunday, walking around the Tenderloin looking for a cash point that wasn’t looking back at me with mischief in its eye. Preferably one attached to a bank. I eventually walked up as far as Van Ness and found a Wells Fargo branch. It wouldn’t give me any money, nor would the Bank of America. So I ended up phoning the bank at extortionate roaming rates, standing on the forecourt with a small encampment of the homeless. Thinking that I had less US currency to my name than they did, I struggled through the IVR thickets, confirmed my salary hadn’t somehow vanished, and got into a queue to report that the fraud-detection robots had zapped me. I stayed on the line until AT&T dropped the call after 12 minutes. The phone started whining; it’s like a little jet fighter. You can do a lot of cool things with it, but it’s best not to go too far from the refuelling tanker or you’re screwed. Back to the hotel. I tried to call them on Skype, but AT&T’s WLAN was too bad to hear the IVRs. I plugged in the phone, called again, explained that I didn’t want to report the card stolen but rather the opposite, and sat in 23 minutes of queues. Curses…curses…24 hour fraud algorithms…not 24 hour staffing, though…why not call me?…banks…banks…banks…!

And then I got through. And the fraud investigators told me that the police had found my card in a list of cloned cards offered for sale on the black market. In the circumstances, they hadn’t called me or given out any information for fear of giving away the secret, as the investigation was still going on. Oh…right. They listed some transactions, agreed to let me withdraw up to £100 a day in cash and honour direct debits, and left the Visa facility frozen. They refused to say anything about where or when the security breach might have occurred, although I think the detail about the Visa card might be significant. Call us when you get back to the UK – and by the way, here’s the direct number.

The whole incident had just been annoying up to that point, but this changed the game. I was left with a whole load of surplus indignation on my hands past its use-by date. It cluttered up my room at the Phoenix like a chunk of un-Californian, clanking machinery. I suppose I could spend it on the thieves, but who were they? Rather than just harassing me and profiteering, my bank had actually done something I could only agree with. And the police had actually protected me from an actual crime, without my even noticing, with the occult efficiency Norman Lewis said had attached itself to the word “intelligence”.

As far as I know, no money is missing, but I haven’t audited as many as 14 months’ worth of transactions through my current account yet. That’s since this card was issued – they couldn’t give me any other bounds on it. After all, as they said, it was impossible to say how far the list of cards had been sold on by whoever had originally collected them.

Anyway, I didn’t even need to draw any more cash after the first $100. My expenses in Silicon Valley were unusually frugal – the nearest I came to spending significant amounts of money was trying to catch up with two colleagues who’d gone out looking for amusement. (I spent 20 minutes looking for a cab in Palo Alto at 10 o’clock at night and eventually gave up, having noticed that there seemed to be less traffic on the roads at that time of night than I would have expected in a Yorkshire Dales village.) I read the two Operation Ore articles and logged them for future use. As briefed, I called HSBC on my arrival back in Britain and they initiated a new card.

And it was only as I wrote this that I remembered I ought to be scared. After all, it is impossible to say how far the list of cards…


  1. Revenge against the identity thieves can be sweet. Check out Bob’s video at http://notabob.blogspot.com/2011/03/how-much-do-movies-really-cost.html

  2. Richard J

    Oddly, precisely this thing happened to my wife, and for exactly the same given reason, when we were in Chicago over Christmas. In 2008. Either HSBC have been unlucky in being multiply hacked (most likely), or there’s some flagging system for a set of cards being used in the USA.




Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s



%d bloggers like this: