How the HSBC whistleblower used the internet to leak private bank information to the police

Advertisement

Herve Falciani, an ex-HSBC employee indicted in Switzerland on charges of stealing data on bank accounts

Reuters

Hervé Falciani, the French-Italian whistleblower who handed over information on 100,000 HSBC client accounts to French authorities in 2009, has published a detailed account on how the transfer of the data actually took place.

Advertisement

The IT engineer has published a book, La Cassaforte degli Evasori, which tells his side of the story, writing how he came up with the decision to organise the greatest leak of secret bank details to date.

First of all, it did not take that long: "The data from HSBC was smuggled in just a few months in 2007."

Complimentary Tech Event
Transform talent with learning that works
Capability development is critical for businesses who want to push the envelope of innovation.Discover how business leaders are strategizing around building talent capabilities and empowering employee transformation.Know More

Falciani, who had been working for HSBC in his native Monte Carlo, arrived in Geneva in 2006. By the end of 2008, Falciani had to flee Switzerland and ask French police for protection.

Working alongside Falciani was a complex network of secret agents, tax officials, and HSBC employees who had decided to drag down the international bank.

Advertisement

All the data was smuggled through the internet. There was no secret disk or hard drive used to store the data. The software, which was created by member of the secret service who Falciani barely met, seemed to use torrents to upload the bank files:

"The cloud was easy to use: it was like going on a web page through a computer that allowed you to see the data. I used a USB key to connect to the Internet, but that was it. [...] The system was based on a similar software to BitTorrent, a P2P protocol used to for exchanging files on the Internet. The information uploaded from our contacts from within the bank was split into thousands of files and sorted in the hard drives of thousands of computers. The owners of those PCs didn't even know that their disks contained the HSBC files."

Falciani writes that in order to access the cloud, he would call a phone number, from which the secret service would give him a password that changed every night. And every night he would check that the data uploaded during the day was correct.

That was Falciani's role: reviewing and organising. Falciani wasn't in a position to have access to the costumers' data. His role at HSBC was a technical one, not an accountant.

"From HSBC I personally didn't take any data, for the simple reason that I was not allowed to," he said.

Advertisement

But Falciani was the controller of the data, and the final editor of what was leaked. That is why he is still wanted by the Swiss police for breaking banking secrets, a criminal offence in the Confederation.

By February 2008, the work was done. Falciani and the team behind him had already stored 800 gigabytes of data in the cloud.

About a quarter of it was passed to the French fiscal police.

Falciani then had to attract the attention of the Swiss police because, unless the Swiss would have openly demanded the data he had smuggled, the French police were not allowed to use the files.

Europe still lacks a protective framework for whistleblowers and, ironically, someone needs to accuse the whistleblowers of theft before the data can be openly discussed.

Advertisement

According to Falciani, he got into the eye of the police by going to Lebanon and pretending to set up fake societies to sell the data. By the end of 2008, Swiss police took the bait and summoned Falciani to the police station.