The Risk Factor

This coming Thursday, the 4th of October, will be the 50th anniversary of the launching of Prosteishiy Sputnik (or the Simplest Satellite) and the beginnings of the Space Age and Space Race. Only now is the fascinating back story detailing the events leading up to the launch coming out in the open.

For instance, the public was told that the object they were seeing as it twinkled across the night sky was Sputnik itself. However, the satellite weighing in at 184 pounds was too small to be seen with the naked eye. What people actually were looking at was the second stage of the booster rocket used to lift Sputnik into orbit. Interestingly, the Soviet leadership at the time did not at first realize the magnitude of their achievement until the Western governments and press made a big deal out of it.

Yesterday, Fairchild Semiconductor celebrated its 50th anniversary as well. Founded by Gordon Moore, Robert Noyce, C. Sheldon Roberts, Victor Grinich, Eugene Kleiner, Jean Hoerni and Julius Blank, and Jay Last with $3,500 of their own money, the company helped make Silicon Valley. Fairchild perfected the capability to mass produce transistors from a single wafer, whereas up to this point only one transistor could be produced per wafer. The company also created the monolithic integrated circuit and the planar transistor, which is still the the primary method for producing transistors today.

Moore and Noyce left 11 years later to start another company in the Valley, something called Intel.

E Bay admitted yesterday that it had overpaid for Skype by over $1 billion (purchase price:$2.6 billion) two years ago and that its original projections for future profitable growth were, shall we say, overly optimistic. While Skype has 220 million registered users, fewer that 45 million are estimated to be active users, and the percentage of active users to registered users has been dropping. In addition, those who are active users are shunning Skype's premium (meaning paid) services - and this is a surprise how, given that calling is free?

When E Bay bought Skype, there was all this happy talk about synergies to be had:

"Skype will streamline and improve communications between buyers and sellers as it is integrated into the eBay marketplace. Buyers will gain an easy way to talk to sellers quickly and get the information they need to buy, and sellers can more easily build relationships with customers and close sales. As a result, Skype can increase the velocity of trade on eBay, especially in categories that require more involved communications such as used cars, business and industrial equipment, and high-end collectibles.

The acquisition also enables eBay and Skype to pursue entirely new lines of business. For example, in addition to eBay’s current transaction-based fees, ecommerce communications could be monetized on a pay-per-call basis through Skype. Pay-per-call communications opens up new categories of ecommerce, especially for those sectors that depend on a lead-generation model such as personal and business services, travel, new cars, and real estate. eBay’s other shopping websites — Shopping.com, Rent.com, Marktplaats.nl and Kijiji – can also benefit from the integration of Skype."

Oh well, not is all lost, if you believe Pop!: Why Bubbles Are Great For The Economy author Daniel Gross who argues that bubbles are the way to get infrastructure paid for which otherwise wouldn't get built.

Hmm, maybe the real reason why E Bay failed is that it didn't pay enough for Skype. Well, there may be hope yet, if you believe those who are encouraging other companies like Google, Microsoft, or Yahoo to buy Skype from E Bay. All of them (except maybe Yahoo) can afford to blow a couple of billion more blowing bubbles.

Starting last Monday, large retailers that accept payment via credit cards begin facing fines ranging from $5,000 to $25,000 per month if they aren't in compliance with the Payment Card Industry (PCI) data security standards. Unfortunately, according to news reports, at least half won't meet the standard.

Why? Cost of course.

It is expensive to implement the PCI standards if you haven't been too diligent about implementing IT security in the past, and just as expensive to prove that you are now in compliance. The public companies who have had to comply with Sarbanes-Oxley can regal you for hours about the difficulties (and costs) associated with proving compliance with an enterprise-wide standard.

Also, these non-PCI compliant retailers may be looking at the massive data breach and its aftermath at TJX and reason that non-compliance is worth the risk and the fine. TJX's stock hasn't tanked, its 2007 revenue is up, and customers seem to have forgotten about the incident. Yes, there was some short term financial loss and bad PR, but overall, non-compliance might have been an acceptable cost of business decision for TJX even in retrospect.

At 0819 this morning, a gentleman emailed to the Department of Homeland Security (DHS) a note that said he was changing jobs, and would like to receive the DHS daily reports at his new email address. The DHS daily report provides an open source news summary of articles involving the US infrastructure that might be of interest to the security community.

This gentleman mistakenly sent his request to the Distribution List email header, which was also configured incorrectly. Instead of this gentleman's request being bounced, his email went out to all the DHS daily report distribution list recipients. Chaos (and spam) soon began.

People who received this gentleman's email soon emailed back him saying that he had made a mistake - unfortunately, some used the "Reply All" button. This started another round of email broadcasts.

The New York Times wrote a nice little article this morning on the e-mail spamming mess. It claims that over 2.2 million emails were generated by the incident.

What will be more interesting to watch is how people who helped keep the spurious email traffic going and disclosing their personal contact information along the way to boot, will like seeing their names and email posted in the New York Times.

I would love to be a fly on the wall when some of these folks are explaining in the future to their bosses why IT security policy is important, why everyone needs to follow it, why they need more resources for improving security, etc., etc., and then being asked by their boss why they couldn't keep their own damn hands off the keyboard.

As the Times article notes:

"The accident raised questions among cybersecurity experts about how well prepared the Homeland Security Department is to defend against a cyberattack because it had trouble dealing with this computer problem."

No kidding.

I wouldn't be surprised that Congress gets interested in this little episode, given the response of both DHS and the many government security professionals (the term is debatable) who kept it going. Maybe Congress will call a few in to testify to find out what was so irresistible about keeping a spam chain letter going, and clogging up government servers. Or maybe disclosing what appeared to me to be email addresses and telephone numbers including cell phones of folks doing highly classified work. And now that this incident has been reported world wide, how valuable do you think this information is going to be, even if only for a short time?

I'll also be curious to see how the employers of those folks looking for new jobs will view it. Maybe they will help their employees find new ones.

Please, all of you who I am sure are happy to get their names and places where they work in the NY Times, let me know.

According to today's Boston Globe (registration may be required), the Massachusetts Appeals Court upheld the accuracy of information received from automobile event data recorders (EDR) for use in court cases. Event data recorders, sometimes called car "black boxes," are devices installed in a motor vehicle to record technical vehicle and occupant information for a brief period of time (seconds, not minutes) before, during and after a crash, according to the National Highway Transportation Safety Association website.

An EDR may record (1) pre-crash vehicle dynamics and system status (e.g., wheel speed, engine rpm), (2) driver inputs (e.g., braking, acceleration), (3) vehicle crash signature, (4) restraint usage/deployment status, and (5) post-crash data such as the activation of an automatic collision notification (ACN) system. According to an article in Time magazine, some 64% of cars made today have EDRs, and about 33% of all cars on the road today have them installed.

In the Massachusetts case, a woman was sentenced to two years in prison after her GMC Yukon skidded on ice and hit a tree, killing her passenger in 2003. The woman claimed that she was traveling only 20 to 30 miles per hour when she lost control, but the car's recorder showed that she was traveling 58 m.p.h. in a 40 m.p.h. zone. Her lawyer appealed her case arguing that the EDR's information was not reliable or accurate.

Consumer and privacy advocates have been opposite sides of the debate. According to the Time article, Public Citizen's Joan Claybrook "wants tougher rules compelling automakers to install EDRs in every car because objective crash data will lead to the design of safer cars and highways. Privacy activists want the government to prevent police and insurance companies from checking drivers' black boxes without permission. 'We have a surveillance monster growing in our midst," says Barry Steinhardt of the American Civil Liberties Union. 'These black boxes are going to get more sophisticated and take on new capabilities.' "

Like most technologies, once out of the bottle, they can't be put back in. And when its a question of public safety or privacy, privacy usually loses. The same will likely be true in the case of electronic medical records.

James Oberg reports in an IEEE Spectrum webcast a very important story on the background to the NASA computer failure that occurred in June. Oberg stories states that, "The critical computer systems ... had been designed, built, and operated incorrectly—and the failure was inevitable. Only being so relatively close to Earth, in range of resupply and support missions, saved the spacecraft from catastrophe."

The problem was a cable short-circuit caused by moisture build-up, likely itself caused by a malfunctioning dehumidifier. But as Oberg writes, the short-circuit should not have caused the problems it did. "..in a shocking design flaw, there was a “power off” command leading to all three of the supposedly redundant processing units. The line was designed to protect the main computers, which are downstream of the power monitor, from power glitches too great for normal power filters to protect against. It does so by turning the computers off when it senses trouble. But in a failure unanticipated by its designers, this one command path itself was able to kill all three processing units due to a single corrosion-induced short."

As Oberg noted, if this happened on the way to Mars, it would likely have resulted in loss of the crew. What's worse, was the instinctive reaction of those involved to look for assigning blame instead of looking for the root cause of the problem, or a means to mitigate it.

Everyone interested in risk assessments, communication and management should read it.

The LA Times reported last week that yet another payday passed with erroneous paychecks for employees of the LA Unified School District (LAUSD). The number of errors have remained basically the same over the past three paydays.

The rush is on to try to fix things before the end of the year, when tax forms will be mailed out. This could prove to be a real issue for the thousands of employees who have been overpaid, who could find themselves in trouble with the US Internal Revenue Service and California tax authorities for underpaying their taxes.

The LAUSD is contemplating ".. a plan to designate overpayments as no-interest loans that would not be counted as income." I am not a certified public account (anyone out there who is?), but I would suspect that this information would still need to be reported to the IRS at least by a person receiving this income. And if so, this means at a minimum a tax preparation day headache if additional more tax forms are required to be filed.

LAUSD management "anticipated that the technological glitch at the root of the problem would be fixed before the next payday in November, but left open the possibility that it could take longer."

Bets, anyone?

Last Tuesday, the General Services Administration, which manages '.gov" websites, shut down California's state government use of the Internet for three hours because a small California state website had been hacked (again) by a porn provider.

Needless to say, this was a bit of bothersome overkill. If this happened every time a ".gov" website was routinely hacked, well, ...

The GSA later apologized "to the citizens of California" but protecting everyone from the scourge of pornography was a highly important matter at GSA.

Contrast GSA's action to DHS's inaction the following day when the email spam problem occurred. Maybe the GSA and DHS can do a joint lessons learned and figure a good strategy to manage e-gov in times of trouble.

Last week, the Massachusetts Division of Professional Licensure mailed 28 computer disks to 23 marketing agencies who requested the names of the 450,000 licensed professionals in Massachusetts; unfortunately, the disks also contained the professionals' social security numbers.

As of today, all but one of the disks has been recovered.

According to the Boston Globe, the spokesperson for the the state Executive Office of Housing and Economic Development, which oversees the Massachusetts Division of Professional Licensure blamed it on "a software failure during computer upgrades last month. An employee noticed the error a week later."

Now, if I only had a Euro or Canadian dollar for every time I heard that lame excuse and another for the promise of a thorough review of security procedures to keep it from ever happening again after such a problem occurs.

Today's Washington Post has an interesting article and some neat video on the new class of insect-sized robotic spy cameras, some looking like dragonflies. The CIA tried this 30 years ago, according to the article, but gave up: seems the insectothopter couldn't be controlled in a cross-wind.

The Defense Advanced Research Projects Agency (DARPA) is funding a Hybrid Insect Micro-Electro-Mechanical Systems Project, which "is aimed at developing tightly coupled machine-insect interfaces by placing micro-mechanical systems inside the insects during the early stages of metamorphosis."

Some protesters at the 2004 Republican National Convention in New York claim they saw what looked like a dragonfly-like object suspiciously hovering as if spying on them. Law enforcement claims to know nothing about it, and an entomologist says that it was probably just a dragonfly.

However, the entomologist also says dragonflies don't fly in packs. So, if you see a bunch of dragonflies just kind of hanging around ...

As many as 40 employees at Palisades Medical Center in North Bergen where actor George Clooney and a companion was taken after his motorcycle accident a few weeks back are being investigated for looking at his medical records, with over two dozen suspended without pay so far. It is probably a safe guess that at least one leaked Clooney's records to the press, since the media reported in detail on his injuries within "minutes" of his admittance.

The employees got to Clooney's medical records by accessing the hospital's computers. Let's hear it for computerized medical records - makes spying so easy.

As I noted a few weeks back, a celebrity's (reported to be ex-English football coach Sir Bobby Robson) medical records were looked at in a UK hospital.

A Palisade's hospital workers union spokesperson said, "It was inappropriate but they [the employees who sneaked a peak] are paying a steep price. But I don't even think George Clooney would want people to pay. Again, the apology to him for his privacy rights [is necessary], but I think in fact the hospital is overreacting."

"There are hospital obligations to have security systems so that a breach can't occur -- obviously that failed," she added. The spokesperson also tried to argue that since the employees (for the most part) only looked at Clooney's medical record and didn't disclose it (what, other than to friends and relatives?), it was a "no harm, no foul situation."

I hate to differ - I think they all need to be terminated. Or how about this as a compromise: a full public disclosure of the medical records (or better tax records - what's the difference?) of all those who sneaked a peak, and for fairness, let's include the union spokesperson since she thinks snooping does not rate a suspension, let alone a firing. That's a fair trade, right?

Furthermore to say that it's the hospital's fault for not having technology to keep prying eyes out is more than a bit self serving. In the UK incident, for example, those authorized to look at Robson's medical records simply gave access to those who did not. Technology doesn't prevent bad behavior or a lack of personal responsibility.

With attitudes expressed by this spokesperson, I would say that ensuring the privacy of electronic health records still have a long way to go.

ComputerWorld has two interesting stories today. The first was from this morning, which was about lawyers suing Apple for $2.6 billion claiming that, "Apple blocked third-party applications, barred any ring tones but those it sold via iTunes and disabled unlocked phones with last month's 1.1.1 version update."

Then this afternoon, it reported that for between $60 to $99, "The iPhoneSIMFree, a commercial venture that was the first to publish a point-and-click unlock hack last month, has announced Version 1.6 of its software, and claimed that it could bring any bricked iPhone back to life."

But wait; according to the story, "another unlock hacking group, the iPhone Dev Team, urged owners of bricked iPhones to sit tight. 'Free unlock of 1.1.1 is coming soon.' "

I would have loved to have seen the lawyers' faces this afternoon. Maybe by the weekend, their case will have been vaporized by hackers. Shakespeare would be proud.

Boeing finally admitted yesterday that it was delaying the introduction of the 787 Dreamliner from May 2008 to the end of 2008. Just a few days ago, Boeing was insisting that it would make the May delivery, even if it had to work 24 hours a day to do so.

Along with some production problems having to do with parts availability (e.g.,"from fasteners .. to clips and brackets and small assemblies being provided further down in the supply chain") as well as - drum roll please - software.

The issues with software are "coding and integration." More time is required to let the software "mature" through additional testing.

Quoting from Scott Carson,Boeing Co., EVP, CEO Boeing Commercial Airplanes:

"But let me say this about the overall system integration work. We have had two or three software areas that have been on the critical path right along with the production build of the airplane. .... the software and structures work, were running neck and neck."

"As it became clear that in fact the most critical pacing item was the structures, this has actually given us a little bit of headroom on the software side. We're going to have much more time with the software in the lab, both in terms of maturing the individual software itself but also in integrating the software packages to assure service-ready functionality by the time the airplane flies. So the silver mining in this cloud tied to the structures work is we think it has given us some breathing room that is going to allow the software piece to be much more mature by the time the airplane flies."

Ah, the old game of software versus systems chicken to see who has to blink first, and admit they are more behind than the other guy.

Congratulations!! The software guys win.

How hard do you think the software folks were praying that those fasteners wouldn't be available before their tests were? So even though the software is late (and over-budget?), it doesn't look as bad as if software development were alone the hold-up to the Dreamliner's in-service date.

BTW, a note to the FAA - you may want to do some extra "maturity" checks on that software.

Government Computing News (GCN) reported that a "typical government agency or company now spends 20 percent of its information technology budget on security, including product purchases, training, assessments and certification, according to a survey released today by the Computing Technology Industry Association." This up from 12 percent in 2004.

I don't know where the opportunity cost of IT security becomes too great to bear, but I have to believe we are starting to get into the ballpark range.

A friend of mine, John Stone, author of Developing Software Applications in a Changing It Environment: Management Strategies and Techniques, recently e-mailed me a question, "After reviewing the IT blunders in your blog, it’s clear that although we continue to make substantial progress in technologies, IT management has made halting progress at best – with a many projects failing in some way and leaving that their companies and users have to cope as best they can."

"The analogy that comes to mind is the US car industry in the ‘60s and ‘70s, when the "Big Three” produced low quality products, leaving their customers to cope however they could. I wonder if we will see a similar exodus in IT – to hungry forward-thinking vendors where labor costs are low and education and quality are high?"

"What do you think your readers' would opine?"

Anyone want to answer John?

Last week, a system problem at Tokyo Metro Co., which operates the capital's largest subway network, and East Japan Railway Co., Japan's largest rail operator caused both of their electronic ticket gates to fail for several hours. As a result, several hundred thousand morning commuters rode the rails for free.

Nippon Signal Co., the maker of the gates, has not determined the cause of the malfunction, although a communication problem was suspected as the cause. It was the second time these electronic gates malfunctioned. Last December, the ticket gates wouldn't accept Suica (smart card) commuter passes as payment.

In November 2006, "Democrat Christine Jennings, lost to her Republican opponent, Vern Buchanan, by just 373 votes out of a total 237,861 cast — one of the closest House races in the nation. More than 18,000 voters in Sarasota County, or 13 percent of those who went to the polls Tuesday, did not seem to vote in the Congressional race when they cast ballots, a discrepancy that Kathy Dent, the county elections supervisor, said she could not explain," according to a story in the New York Times.

The uproar was such that this past February, Florida Gov. Charlie Crist announced that Florida would get rid of all of its touch-screen voting machines, and instead use a system whereby voters would cast paper ballots that would be counted by scanning machines. Crist demanded that this new voting system be put into place in time for next year's presidential election.

A recent story in the New York Times discusses Florida's on-going problems with dumping all 25,000 of its e-voting machines, purchased for tens of millions of dollars merely six years ago as a result of the voting problems in the infamous 2000 presidential election. Some Florida counties, like Miami-Dade, is now in the process of throwing out 7,200 touch-screen machines alone, even as the county still owes $15 million on them. Palm Beach county is trying to get rid of 4,900 touch-screens and it still owes $4.8 million. No one, it seems too interested in buying them.

As I noted a few months back, California has placed very severe limits on the use of electronic voting machines. The road to e-voting is a hard one, I guess.

By the way, the voting machines used last year in Sarasota County are sequestered under court order as the investigation into the apparent voting irregularities continues.

If you asked me where I was last Tuesday, I'd have to think about it for awhile. However, I can tell you where I was 20 years ago today: the Bayswater section of London where I was living at the time. I remember that because today and tomorrow mark the 20th anniversary of England's Great Storm of 1987.

At the time, the storm was considered the worst to hit England since 1703, devastated forests throughout southern England, killed 18 people, and caused over £1 billion in damages. I remember walking around London after the storm hit and being awed by the damage done. I had already seen the aftermath of hurricanes along the US Gulf coast, but this left a greater impression, probably since it was totally unexpected.

The UK Met Office had forecast heavy rains for the overnight of 15 - 16 October, but not the intensely strong winds. Weather forecasters thought a less powerful storm would stay south in the English Channel or hit northern France.

What made the forecasting mistake worse in the public eye was that BBC weatherman Michael Fish said on his 2130 forecast, "Earlier on today apparently a woman rang the BBC and said she'd heard there was a hurricane on the way. Well if you are watching don't worry, there isn't." Fish was actually talking about a different storm, but everyone assumed he was talking about the one that indeed did hit England.

As reported last week in Government Executive, the US Government Accountability Office (GAO) released a report (GAO-08-79) that discusses the four critical US Census Bureau information technology projects needed to support the 2010 census, and the several that are over budget and behind schedule. The GAO report in addition noted that risk management practice on these Census IT projects is weak.

The Census is fast running out of time to fully field test its new approach using hand-held computers instead of paper-and-pencil methods to gather census information. While the Census is confident that its approach will work at the required time, others, such as myself, are less sanguine.

The Census's approach to managing risk as a whole, and the risk management used by Census contractors responsible for the individual Census IT projects, has not, shall we say, been as good as it could have been. Given that the effort was high risk from the very beginning, and that the results of a census have tremendous economic and political import, the risk management practice was woefully short of what it should have been. For US citizens' sake, let's hope the past management decisions taken at the Census don't lead to a major IT blunder.

Los Angeles Federal Judge Audrey B. Collins issued a preliminary injunction yesterday against RMG Technologies, Inc., of Pittsburgh, Pennsylvania ordering the company "to stop creating, trafficking in, or facilitating the use of computer programs that allow its clients to circumvent the protection systems in the ticketmaster.com web site." Users of RMG software, typically ticket brokers and some ticket scalpers, have used it to flood Ticketmaster to obtain large blocks of tickets, denying consumers an opportunity to buy tickets.

According to a Wall Street Journal article, a recent Hannah Montana concert, the retail price of a ticket was $63, but were being sold for an average of $237. For some shows, according to the New York Times, the show's tickets were sold out in 12 minutes, and then appeared on sale for on the internet up to 10 times their face value. Ticketmaster said that for some shows, software "bots" were responsible for as much as 80% of all ticket requests.

I was in Washington, D.C. yesterday attending a breakfast seminar sponsored by Government Executive magazine on the topic, "What Are the Essential Ingredients for a Successful Large IT Project?" The two gentlemen speaking were Randolph (Randy) Hite, Director, IT Architecture and Systems Issues, U.S. Government Accountability Office and Zal Azmi, Chief Information Officer, Federal Bureau of Investigation. It was an interesting session for a number of reasons. In this post, I'll concentrate on what Mr. Hite had to say.

Hite was asked off the bat whether he thought that IT project management in the Federal government had improved over the past few years. Hite said that be believed that it had. He cited that the number of IT projects on both the Office of Management and Budget watch and high risk lists have been steadily declining.

OMB evaluates IT project plans to see, in Hite's words, "Whether they are well-positioned to execute." The OMB watch list highlights projects that, in OMB's opinion, have "weaknesses" in their capital budget and planning submissions, while those projects on the high risk list are those requiring "special attention" from the highest level of management because they may be very costly or mission critical.

However, Hite also placed a very large caveat on his belief that things have improved: he said that GAO audits have found that many of the IT projects don't have any data to support that their contention that they are "just fine, thank you."

When Hite said this, it was hard not to laugh out loud. What he just said, in effect, was that government program managers have quickly learned to adapt in the face of increased oversight: they now know how to "game" their budget submissions to OMB and hiding potential weaknesses that might gain them more management attention from above. Give credit where credit is due: government IT project managers are good at figuring out how talk a good game.

Hite had more to say.

As I noted yesterday, I was recently in Washington, D.C. attending a breakfast seminar sponsored by Government Executive magazine on the topic, "What Are the Essential Ingredients for a Successful Large IT Project?" The two gentlemen speaking were Randolph (Randy) Hite, Director, IT Architecture and Systems Issues, U.S. Government Accountability Office and Zal Azmi, Chief Information Officer, Federal Bureau of Investigation. My previous post centered on Mr. Hite's comments, today I'll focus on Mr. Azmi's.

Azmi spoke of the current Sentinel project, the follow-on to the infamous Virtual Case File (VCF) system that failed so spectacularly a few years ago. IEEE Spectrum's Senior Associate Editor Harry Goldstein wrote an in depth story on VCF.

According to the FBI, "Sentinel will consolidate and replace the FBI's legacy case management capabilities with an integrated, paperless file management and workflow system," and be implemented in four phases. Phase I recently completed, and Phase II is ready to begin.

Azmi made the statement that Sentinel is not a technical program, but really a political program. He phrased it interestingly: Sentinel is the Bureau and the Bureau is Sentinel. In other words, the FBI's operations will be centered in Sentinel. If Sentinel fails as a program, the Bureau by implication, fails as an organization.

Azmi's went on to say that he briefs FBI Director Robert S. Mueller III every Wednesday at 2 PM on Sentinel's status, the DCI once a month, and Congressional folks once a quarter on the status of the project. I also know that Azmi holds a risk management review meeting once a day with the prime contractor. If Sentinel fails as a program, no one can say they didn't know its status.

Which brings me to something else Azmi discussed, and that is about his early days on the VCF program. Azmi related that he was asked by Mueller in November of 2003 to look into the status of the VCF program. Azmi said that he had a meeting in mid-November attended by 46 people (I assume FBI management and contractors) who assured him that everything was great. He also said that he was also told that only 68% of the test cases had been performed, and that the software problem reports were increasing, not decreasing. Given that this was only six weeks away from delivery, this was a bit disconcerting.

Azmi also was told by the contractor a few weeks later, that a "draft" version of the software was going to be delivered. Azmi related that he had never heard of that term before, which brought a chuckle from the crowd.

All this was already on the public record.

But then, Azmi said something that really got my ears pointed.

Supervalu, a large US grocer, apparently was scammed out of $10.1 million after wiring money to fraudulent bank accounts. The following is from an AP report:

"Supervalu first began wiring payments due to American Greetings into the wrong account on February 28, making a total of nine payments before catching the error on March 6. During that time, more than $6.5 million was wired to HSBC Bank in Miami Beach, Florida, to accounts opened under the names Society Nights Productions, doing business as Perini."

Some one claiming to represent Frito-Lay also convinced Supervalu to wire another $3.6 million a fraudulent account. However, the $3.6 million looks like it actually was owed Frito-Lay, which suggests an inside job at Supervalu.

"The FBI was able to capture the money before it was whisked away by the scammers, but now American Greetings, Frito-Lay and Supervalu have all laid claim to the money and U.S. District Judge B. Lynn Winmill will decide where it should go."

It will be intriguing to see how this all turns out, especially who the scammers are.