SoylentNews is people
SoylentNews
from the put-it-in-the-cloud-what-could-go-wrong dept.
For a long time in Australia when you purchased property you had to visit the local Land Titles office or local equivalent to pay your stamp duty and get paperwork done. Recently several state governments decided to outsource this critical function to a private company, the Property Exchange Australia - PEXA. It was seen as a win-win with a private company taking over storing and maintaining land titles and the State Governments getting a kick back for it. Until it all went wrong recently when $250,000 was stolen from a PEXA conveyancer's account.
The victim of the hack was Dani Venn, who is well known for being on the local version of Masterchef. PEXA has claimed no responsibility for the loss and with the PEXA system soon to be made mandatory in NSW, Victoria and Western Australia, many people are concerned that the system is not secure and should not be used for title or money transfers. While the Commonwealth Bank was able to freeze and recover 138K of the funds, 110K is still missing leaving Ms Venn in the lurch. PEXA has claimed to be taking action to secure the service.
While PEXA has claimed that their online system will be of benefit to lawyers, sellers, buyers and real estate agents, the reality of moving data out of offline systems to internet based servers may very well have just created the sweetest honeypot ever seen online in Australia.
(Score: 5, Insightful) by Whoever on Thursday July 05 2018, @04:03AM (11 children)
The benefits of government outsourcing critical activities to a private company!
(Score: 4, Insightful) by Arik on Thursday July 05 2018, @05:08AM (10 children)
Private companies can do very good work, or very shoddy work. The difference is often in the contract.
If the aussies outsourced this WITHOUT an ironclad contract to prevent this sort of thing from happening, and to permit the contract to simply be cancelled outright should they fail to perform properly, then they should have expected this.
Unfortunately all too often these sorts of contracts are handed out as political plums and are intended to enrich the recipient rather than discharge the public interest.
If laughter is the best medicine, who are the best doctors?
(Score: 2) by krishnoid on Thursday July 05 2018, @05:19AM (3 children)
I thought one would typically pick a company based on reputation, which seems like it shouldn't make a difference what the contract itself says. I've been under the impression that if you have to resort to examining the contract, both sides have already lost.
(Score: 4, Insightful) by Arik on Thursday July 05 2018, @05:26AM
Of course it's only due diligence to examine reputation and bear it in mind. But that's not enough. Reputation is a record of the past. You've heard of pump and dump? It's not just for stocks, it happens with reputation all the time. It's so common the accountants have a special name for it, it's called 'Goodwill' and you'll find it right there on the ledgers at most companies.
So the company that has no reputation may be looking to build goodwill, the company with a great reputation might just be ready to cash some in. Caveat emptor.
Regardless of the reputation, you always want an iron-clad contract spelling out what you require and giving you a viable path forward in the event the other party fails to deliver what is promised.
If laughter is the best medicine, who are the best doctors?
(Score: 5, Insightful) by Whoever on Thursday July 05 2018, @05:41AM (1 child)
As someone who has negotiated contracts in past jobs (but I am not a lawyer), I take the view that contracts should be viewed primarily as the document that defines what happens when things go wrong. When two companies have an agreement on working together and things are going smoothly, no one really cares about what the contract says. It's only when there is a disagreement that the contract becomes important. Unfortunately, too many authors of contracts really don't understand this simple concept.
(Score: -1, Spam) by Anonymous Coward on Thursday July 05 2018, @07:28AM
Waiting. Watching. Waiting. Watching. Waiting. Watching. Waiting. Watching. Waiting. Watching. Grinning. The man got up.
***
Little Bobby happily waved goodbye to his friends and began walking home from school. As the boy was going home, he couldn't help but notice a creepy obese man sitting on a park bench; it seemed as though the man was staring at him intently. Bobby's fear of the man caused him to unconsciously walk faster, even as he tried to tell himself that it was all in his imagination. In fact, the boy was so anxious that he couldn't even look back to check if the man was still there. Bobby hurriedly got away from the park and out of the man's line of sight. Then, once he realized how far he had traveled, he sighed; finally, he could calm down. Just then, Bobby felt a pair of hands grab him. As the child looked up to see who it was, he saw the creepy man's face staring down at him; the word "abomination" came to mind. The last thing that little Bobby ever heard was the man screaming, "Galoop!"
***
"Junk. Junk. Junk. Oh, this looks interesting!" A man was pulling something out from the depths of a dumpster. While some would find it strange to see someone riffling through garbage, others would realize that many valuable treasures are discarded and waiting to be found by those who are bold enough to seek them out. This was the man's - Wilham the Adventurer's - favorite hobby: Dumpster diving. He just never knew what he would find next, which kept things exciting. Then, it came out.
Wilham had finally managed to pull out the object and began inspecting it. "Hm." the man muttered to himself. It appeared to be the brutalized corpse of a naked little boy. While this by itself was fairly mundane, Wilham decided to ascertain whether or not it could still be utilized. The man closely examined the body's anus and genitals for several seconds and appeared to be deep in thought. Suddenly, and without any warning, the man exclaimed, "Warped!" Following this, and while the taste still remained in his mouth, Wilham tossed the irreparable garbage aside and continued his search for usable treasure.
Little Bobby eventually rotted away and was all but forgotten, but at least he had been fully utilized.
(Score: 3, Interesting) by c0lo on Thursday July 05 2018, @05:35AM (4 children)
I wish it would be that simple.
Being awarded a digital services contract by a government is a dangerous proposition most of the time - it creates a "de facto monopoly" commercial entity.
Someone says "commercial monopoly"? Where's the interest to give more than mediocre services, the money come anyway?
The money don't come because the contract is broken? Heh, they fill for liquidation and still keep your data captive (if you are lucky not to be wiped out in the process).
https://www.youtube.com/watch?v=aoFiw2jMy-0 https://soylentnews.org/~MichaelDavidCrawford
(Score: 2) by Arik on Thursday July 05 2018, @06:12AM (3 children)
If laughter is the best medicine, who are the best doctors?
(Score: 3, Insightful) by c0lo on Thursday July 05 2018, @06:22AM (2 children)
... or else?
Objectively, what can you do to them once they file for bankruptcy?
https://www.youtube.com/watch?v=aoFiw2jMy-0 https://soylentnews.org/~MichaelDavidCrawford
(Score: 3, Informative) by MostCynical on Thursday July 05 2018, @07:10AM (1 child)
Accenture are the "Business Partner" running the Australian Electronic Health Record. Luckily, the data is (contractually required) to be held in Australian, on-shore data centres (main and back ups)
Property data has no such protection:
PEXA has moved their data onto AWS... techworld.com.au/article/643399/pexa-ascends-cloud
"I guess once you start doubting, there's no end to it." -Batou, Ghost in the Shell: Stand Alone Complex
(Score: 0) by Anonymous Coward on Thursday July 05 2018, @02:43PM
They are? OMFG Accidenture really suck. We are screwed :(
(Score: 0) by Anonymous Coward on Friday July 06 2018, @02:41AM
I work to support similar systems (in WA, rather than Vic) but this wasn't a PEXA or Government outsourcing issue; from TFA:
Basically PEXA did exactly what it's meant to do; it brokered the transfer of money from one account to another. The issue was that the Conveyancer (the company who organises the settlement and does the paperwork and running around on the buyers behalf) had weak email security, and their account was compromised. Imagine if someone had the keys to your GMail account and how many different things they could reset the password of?
This is shitty, celeb-world problems journalism; whilst the government is moving to more automation, what it means is that transfers, which used to take up to 30 days to occur, are now able to be processed in as little as 2, and at greatly reduced cost.
(Score: 5, Informative) by Mykl on Thursday July 05 2018, @04:08AM (5 children)
The linked article doesn't mention it, but PEXA eventually (under pressure from the media) agreed to refund the money with no caveats. I tried finding the article, but no luck.
In my opinion, a conveyancer is paid to transfer money safely from A to B. If they fail in that task (for whatever reason), the fault should be with them. Let them take it up with PEXA, the bank or whoever, but the client should not be losing out here.
(Score: 3, Insightful) by Runaway1956 on Thursday July 05 2018, @04:49AM (2 children)
Agreed, 100%. The first line I keyed on was "when $250,000 was stolen from a PEXA conveyancer's account."
If I put money into your hands, then you lose that money, it is YOUR LOSS, not mine. If I put money into your account, and you lose that money, it is YOUR LOSS, not mine. Had the money been stolen from the Venn's at gunpoint, it would be THEIR LOSS. Had the money been stolen from a Venn account - then it would probably be their loss, up to a certain amount, depending on what insurance the bank carries. (In the US, most banks are covered by the FDIC, limiting losses to the customer when something really crazy happens.)
Any and all losses in this case should be losses to PEXA and/or their insurance company, not the Venn family.
(Score: 3, Interesting) by Whoever on Thursday July 05 2018, @05:11AM (1 child)
Years ago, I was involved in a case where a Delaware based escrow company had to be sued twice before it would accept responsibility and eat all the costs incurred because it had sent some money that it was holding before the conditions to disburse the money had occurred. The company incurred costs by suing the entity it had sent the money to, but, since that entity had no connection to the USA, all the suit did was incur legal bills to get an unenforceable default judgment. The escrow company tried to get the other beneficiaries to eat its costs in suing the off-shore entity that received the money, and to eat the costs of defending (and losing) the case that one of the beneficiaries initiated and won against the escrow company.
I would not trust a Delaware based escrow company.
(Score: 2) by etherscythe on Thursday July 05 2018, @05:21PM
Citation needed? I'm not seeing the Delaware connection here. Maybe the lesson is, check the BBB ratings of companies you do significant business with?
"Fake News: anything reported outside of my own personally chosen echo chamber"
(Score: 3, Insightful) by Whoever on Thursday July 05 2018, @05:01AM (1 child)
And the extra costs they incurred? Were those paid by PEXA or the conveyancer?
(Score: -1, Troll) by Ethanol-fueled on Thursday July 05 2018, @05:39AM
The Chinks are involved, 100% possibility. Fellow Ozzies, let's start an anti-Chink consortium. Fuck the Chinks!
(Score: 0, Troll) by MichaelDavidCrawford on Thursday July 05 2018, @04:14AM
You say that like it's a bad thing.
Yes I Have No Bananas. [gofundme.com]
(Score: 4, Informative) by Whoever on Thursday July 05 2018, @05:18AM (9 children)
In the UK, there have been numerous reports of similar, but somewhat simpler scams. It works like this:
Someone is buying a house. Either the buy or the lawyers handling the conveyancing have their email hacked (the news reports are never clear on whose email was hacked). At some point, the lawyers send information to the buyers on how much money (deposit and costs) to send and the bank details to which the money should be sent. The hackers then send another email (which appears to come from the lawyers) to the buyers with "corrected" bank details. Usually, the money is unrecoverable by the banks by the time the hack has been discovered.
(Score: 1) by anubi on Thursday July 05 2018, @05:59AM (2 children)
Here's another nasty one... it just sits and waits for you to copypasta a bitcoin address...
Then sends the contents of the clipboard home, and they proceed to empty your wallet.
Clipboard HiJacker [firstorderhistorians.com]
"Prove all things; hold fast that which is good." [KJV: I Thessalonians 5:21]
(Score: 4, Informative) by qzm on Thursday July 05 2018, @06:18AM (1 child)
No, they dont.
And it would be a bit useless, since bitcoin wallet addresses are usually quite public (which is kind of the point).
What these things do it recognize a bitcoin wallet address, and substitute another address they know of.
Hence you end up pasting their address instead of your own, they hope you dont notice, and that you (or someone else) then sends bitcoins there.
Rather smart, really. In a 'ffs thats not good' kind of way.
(Score: 1) by anubi on Thursday July 05 2018, @06:35AM
Thanks for the FTFY.... I remembered seeing that, but did not really understand how they were doing it.
"Prove all things; hold fast that which is good." [KJV: I Thessalonians 5:21]
(Score: 2) by acid andy on Thursday July 05 2018, @06:36AM (5 children)
Moral is, never send large sums of money to anyone if the payment details are over e-mail. Confirm them in person if possible. Over the phone's probably better than e-mail although you don't necessarily know who you're speaking to. Snail mail does get interfered with sometimes but even that is probably safer than e-mail.
If a cat has kittens, does a rat have rittens, a bat bittens and a mat mittens?
(Score: 2) by acid andy on Thursday July 05 2018, @06:44AM (1 child)
Actually, why not "two factor" it? Use two of those communication media and only proceed if the payment details match.
If a cat has kittens, does a rat have rittens, a bat bittens and a mat mittens?
(Score: 1, Interesting) by Anonymous Coward on Thursday July 05 2018, @02:34PM
Two factor is broken. They got around it this time. RTFA.
We need better security.
(Score: 2) by choose another one on Thursday July 05 2018, @01:00PM (2 children)
Personally I never ever send large sums without sending a small sum first and verifying that it went to the right place, and then using the same details for the large transaction.
(Score: 2) by fritsd on Thursday July 05 2018, @04:31PM
Yeah, that's what we did when we bought our house.
(Score: 1) by nitehawk214 on Thursday July 05 2018, @07:44PM
This is how most banks do wire transfers. Or at least how my bank did it when I was setting up an investment account.
"Don't you ever miss the days when you used to be nostalgic?" -Loiosh
(Score: 0) by Anonymous Coward on Thursday July 05 2018, @06:11AM (3 children)
While it may be required to use this outfit to perform the settlement, what prevents a face to face closing where a mediating person guarantees that the funds will flow to the intended target? In many cases the funds will come from a bank loan, and banks would hate to have their money at risk like this.
(Score: 0) by Anonymous Coward on Thursday July 05 2018, @10:26AM (2 children)
If I am reading this correctly, then this PEXA system must be used for property conveyancing. The money goes through PEXA.
Last time I purchased a property I went to the back on the day to get a cheque. Both my side and theirs didn't like it. Nothing they could do. Paying the contact complete cost by cheque is legal. Nfi what I'd do if I had to use this PEXA crap
(Score: 1, Interesting) by Anonymous Coward on Thursday July 05 2018, @11:24AM (1 child)
That is really messed up. In Germany (and similar, though with some differences in Sweden and probably other companies), the bank provides the information that it has granted a loan when the sales contract is signed.
After it is signed, the bank transfers the loaned money to the seller, directly. A bank very much should know how to get money safely to the right person.
The seller then notifies the notary that the money has arrived, at which point the property transfer is finalized.
There are some potential exploitable issues, like the seller selling to multiple people and running away, but at least the money doesn't go through random unrelated accounts...
(Score: 0) by Anonymous Coward on Friday July 06 2018, @12:22AM
That's escrow, and that's more or less how it normally works in the US as well. And typically you have to have insurance on the title when you use a mortgage to make the purchase.
I'd be surprised if most developed countries didn't use something similar.