Regulator to probe deleted bank emails

My experience of these head honcho types is they barely comprehend IT systems.

If you delete an email from your outbox it does not go away. To have any chance of ‘seriously’ deleting emails would require extensive involvement and support from the IT department. Backups/DR Systems would also have to be destroyed or altered.

Banks are incredibly anal about preserving data (two live copies plus an offsite ‘cold’ backup of EVERYTHING).

No matter what was deleted from the production system, I bet you there is a backup of it floating around somewhere :nin

If there was any involvement by the IT Dept in an attempted coverup, I would hope that someone would have the gumption to come forward as a whistleblower. I bet the plebs in the IT Dept weren’t getting secret €87m loans to feather their nests.

Surely a “search warrant” from the Garda if that’s how its done is all that’s needed and a visit to the IT dept post haste!

My reading that there may have been deliberate attempts to destroy/conceal emails.

Any such attempts would need to be far in excess of simply deleting emails from your PC’s inbox, they would require explicit involvement and co-operation from the IT department because there are so many backups of everything.

If the IT guys are involved too then the whole fucking place is rotten to the core and we should be locking them up, not guaranteeing them.

While it is quite easy to recover data “deleted” by the average user, recovery is more difficult if it deleted “properly” by someone who knows what they are doing. That said, there are multiple routes back to the original data.

Additionally, recovering or freezing data in such a way that allows it to be admissible in a court can be a delicate process.

Blue Horseshoe

Most of the Masters of the Universe guys are such remedial nincompoops they think by deleting the shortcut to Outlook off their desktop that they’ve permanently deleted all their emails. :angry:

Way to go. Let’s tell everyone we’re going to do this. Only fair to give them a head start. When being seen to do something, best to do it when there’s nothing left to find.

I wonder. The smart thing to do might be to gather some preliminary evidence, then look for an insider in the IT department who might bring the backups out on a stick before they are shredded. Or indeed, to already have the data and look for a whistleblower - with someone to say “he told me to do it”, it’s hard to claim that they were shredded as part of routine maintenance (even if the emails reveal little, the cover-up may point in a different direction).

I don’t think the Gardai will have any problems; lets not forget how well the Banks have treated their IT staff in the past :smiley:

Just seems that they haven’t sealed off the crime scene.

Equally the Regulator probably has many communications and private reports that could land FF in the shit. He’s smart enough to cover his own arse. I’m sure Neary and Hurley sent numerous warnings to the government about our credit bubble. I think this ammo saved him from having to resign this week. If he goes, it will be on his terms.

WTF have CAB not gone Italian polizia style with ski-masks and take the info with them? :frowning:(

Watch this space.

Don’t worry CC, in most larger insitutions, there is pretty much only one way to permanently remove such data (and I’m not telling what that is).

Based on what I’ve seen and heard of Irish Bank’s current IT procedures, it would not be terribly difficult for property trained forensic data recovery professionals to recover any data.

Blue Horseshoe

They should check the recycle bin

I don’t know what you are referring to when you say that there is only one way to destroy the data, please elaborate, at least to some degree.

I would think that in a fairly standard setup it would require the following to destroy the data:

Remove the data from live repository.
Remove the data from local (user) archive.
Ask everybody with a copy of the data to do the same.
Remove the data from any cold/warm/hot standby systems.
Destroy all local backups.
Scrub all disks to ensure the data can’t be reconstructed.
Request all backup tapes - daily/weekly/monthly, light fire and add tapes.

I may have missed some other areas that would need to be addressed but clearly the data can be destroyed though it is not an easy task. There is also the problem that in destroying the backups that you would actually have to destroy lots more of the data than actually intended. The likelihood is that you would be putting your business in a very precarious position. The gravity of what you are trying to destroy and the consequences of somebody using this against you would probably help make this decision.