Originally posted to Twitter[1] after seeing @ghuntley's post - below is a method of building a database of SVB account holders using a cleverly crafted Google query:
(121140399 OR 121145145 OR SVBKUS6S) AND 33**** filetype:xls | pdf | doc | txt -site:svb.com
The query[2] pulls back documents containing an SVB routing or swift number + SVB account number.
The name of the business tied to the SVB account number is usually within 100 characters of the account number and typically labeled "beneficiary" or "for credit of" (or some close variation on those themes).
In edge cases where a company name is not found near the account number, the account holder is often the source/author of the document[3].
Google only returns 1000 results for any given query - so retrieving the entire results set would require narrowing each query's scope and then iterating through the targets at a finer granularity.
For example, the current query looks for account numbers matching 33****. Replacing that with 33*NN**, where NN is 01-99 would let you iterate through ranges of account numbers (33*01**, 33*02**, and so on...).
Other approaches include geographically scoping the queries by adding "AND NJ" to queries (and iterating through each two-byte state code) or tacking on partial zip codes, etc...
It takes tweaking - but the goal is to build a query with elements that you can loop over to get your results into buckets of < 1000. Another option would be to use the
Bing Web Search API and paging through the json response.
These methods might complement the work you've already done on affectedbysvbornot.com - and help provide a more exhaustive list of companies impacted by the SVB collapse.
In the last 100 days, the MD Department of Information Technology (DoIT) has submitted $3,000,000 of ____emergency____ procurement requests for network monitoring, intrusion detection, and firewall assistance.
So...what do you think is going on at Maryland's Department of IT?
____TRULY SHAMEFUL INCIDENT COMMUNICATIONS____
Bad things happen in IT departments every day. Some can be anticipated, some even possibly prevented - but there will always exist the risk of data breach/attack.
“Public officials have no higher responsibility than keeping the American people safe, and there is no greater threat to their safety than the cyber vulnerabilities of the systems that support our daily lives,” said Governor Hogan in November 2021.
Secretary Leahy's commitment to the Governor and the people of Maryland is to lead the state's IT resources in taking all reasonable measures to protect against such risks.
I do not yet know if this situation could have been reasonably prevented or if it is due to MD DoIT negligence/oversight. The flurry of emergency procurement requests suggests awareness and good intentions. And yet - here we are...
What is clear to me, however, is that Secretary Leahy and his directs have ___failed to effectively manage communications___ throughout the response and remediation effort.
Most damning, in my opinion, is the use of the incident report as a venue for high-fiving and taking victory laps:
> Because of the state’s aggressive cybersecurity strategy, and the use of MD THINK and other cloud-based services, many of the department’s core functions were not affected.
Are you serious? It's been over two weeks. And it's clear from your report that you're nowhere close to understanding what happened, let alone fixing it.
____FUNDAMENTAL MISUNDERSTANDING OF INCIDENT IMPACT____
Whoever approved this for publication is oblivious to the downstream, rippling effects this incident continues to have:
- At the time of writing, MD's local public health departments have been ___fighting a war blindfolded___ for 16 days.
- The impact has rippled ___beyond MD's state borders___, impacting CDC data feeds as well. Hospitalizations (which are reported by each hospital network directly to the CDC) are trending upward while new cases (reported by each state's IIS to the CDC) have flatlined: https://imgur.com/gallery/k2gG5GS.
____AND WHAT THE HECK IS MD THINK?____
MD Think is Maryland's cloud application platform. The state, along with Deloitte and an army of subcontractors, has been working on migrating legacy applications to this new infrastructure since 2017.
The report points to the success of MD THINK in isolating the impact away from core MD Health Department services.
Is MD Think really a success? Is this a case of what happens when legacy applications are left outside to rot in the sun?
No.
It turns out that MD Think has been a nightmare since it's inception. A series of program failures that jeopardized open enrollment for medicaid recipients led to a full audit of the MD DoIT in 2020.
Here is what they had to say about MD THINK:
> "...for one project (MD THINK), the estimated $314.1 million cost of completion had increased by $141.1 million (81.5 percent)...an explanation was not provided for the increase..."
And on the topic of security:
> "We identified 55 firewall rules that allowed traffic from any source to 71 unique network destinations as well as a small network segment within DoIT’s internal network without IDPS coverage..."
> "...access to personally identifiable information (PII) for State vendors stored in the State’s Financial Management Information System (FMIS) was not adequately restricted, and the PII was accessible to thousands of State employees."
A question that begs an answer is why ImmuNet, the state's immunization registry, is not included under this "titanium umbrella of protection?"
And while there is a ton of publicly available paperwork about the scope of MD THINK, including the RFP, Deloitte's response, and transcripts of hearings to explore the audit report's findings, ImmuNet is not mentioned. Not once.
Please keep in mind - ImmuNet is not some podunk, state government hobby project. It is __law__ that Maryland retain vaccination records for its residents. School systems, employers, health providers, and the CDC all rely on Immunization Information Systems (IIS) for ground truth vaccination records. It is the public health equivalent of DMV.
____PASSION DISCLAIMER____
The lion's share of my time this year has been spent working with state and local COVID vaccination programs within upstate New York. I have seen firsthand how important accurate, timely test and vaccination data is to how local public health departments coordinate response.
It was infuriating to see the MD DoIT downplay disruptions to COVID related data feeds. We are going into year three of a war that demands accurate, timely data to inform decision making. What the hell have you guys been doing for two weeks?!
The country's public health departments are filled with the true unsung heroes of the pandemic. They're underpaid, exhausted, afraid, and constantly under attack - yet they're our last (and in many ways, only) line of defense.
SO...
To the three people that made it all the way to the end of this post - I ask just one thing:
IF YOU EVER FIND YOURSELF INVOLVED IN A FUCKUP THAT IMPACTS THE DEPARTMENT OF PUBLIC HEALTH:
- RULE 1: Apologize and fix it. Now. With the kindness, urgency, and empathy a mission controller would show a stranded astronaut--Proceed to RULE 6.
- RULE 2: If the problem is not your fault--return to RULE 1.
- RULE 3: If the problem isn't even real--return to RULE 1.
- RULE 4: If they are blaming you for a problem they created on their own--return to RULE 1.
- RULE 5: If the problem is related to Microsoft Access, FoxPro, or any other technology you swore an oath to avoid--return to RULE 1.
- RULE 6: The final rule. Do not downplay the importance of data and tools public health resources rely upon. And NEVER, EVER respond to the problem by boasting about all the great technical achievements made everywhere BUT the underfunded, under-appreciated public health department.
tl;dr: The recommendation is likely driven from you and the provider adding each other to a contacts app LinkedIn has been authorized to source connection data from.
The "People You May Know" feature on LinkedIn is powered by a combination of:
- network analysis (you know A, B, and C. they all know D. you may know D.)
- mining data from your mobile address book (you have A in your contacts, A has you in their contacts, you may know A.)
The recommendation likely occurred as a result of you and the provider adding each other as a contact in a contacts app each of you have authorized LinkedIn to access.
SEEKING FREELANCER | Greater NY Area | Remote | Volunteer Stipend | Covid-19 Vaccine Related
Join a group of MDs, data junkies, and political gurus working on data-driven methods for managing equitable distribution of covid vaccine into some of the most vulnerable communities in the country.
YOU = AN ETL GOD :)
Looking specifically for journeyman-level expertise in building simple yet powerful DQ and ingestion pipelines. Data is a grab bag from sources like cdc, census, state immunization registries, community vulnerability indices, etc...
Approach we have in mind is heavily inspired by this:
We are also considering the possibility of making it a bit more easy to manage by using Airflow to keep track of the ongoing DAGs.
AND IF ETL ISN'T YOUR THING...
All of that said, if you're interested in working in data analysis tied to the distribution and management of vaccination opportunities but have different skill sets, I would love to hear from you.
Our work in this area continues to get visibility from leaders in the field and we have several publication-ready findings they could be directly applicable to any future mass vaccination challenges the world faces.
Help our small development team expand our use of Gitlab!
A few things about our work:
* Heavy user of AWS platform services (like RDS, Elasticsearch Service, S3, Cognito, API Gateway, Lambda etc...)
* Backend components are almost exclusively built in Python. Exceptions to this would be cases where we are relying on non-Python based platforms, such as Elasticsearch.
* Frontend components are almost exclusively built as React webapps.
Before shifting work to Gitlab, we experimented with using AWS Codestar (which has fully managed build service, automated continuous delivery and deployments, etc...). It was extremely useful to be able to commit code and have that automatically kickoff a deployment so we could examine the changes from within the context of the application.
For the scope of this project, I would like your help with the following:
- Installation and configuration of Gitlab Enterprise on AWS, Including any integration required to enable automated deployments. This would include configuration of the AWS kubernetes service, etc...
- Guidance on how to best handle projects with heavy AWS dependencies - for example, would deploying a review app standup an entirely separate environment via CloudFormation? Or would we have dev/test/prod AWS assets setup ahead of time that the review apps would depend on (for example, if we were building an app atop the AWS Elasticsearch service).
- Guidance on how we can build application templates that may facilitate the process of beginning work on a new project. For example, CodeStar had several project templates to choose from (https://docs.aws.amazon.com/codestar/latest/userguide/templa...).
- Any other expertise you can provide to help our team move through projects in a more efficient manner (across project management, development, testing, deployment, etc...).
(121140399 OR 121145145 OR SVBKUS6S) AND 33**** filetype:xls | pdf | doc | txt -site:svb.com
The query[2] pulls back documents containing an SVB routing or swift number + SVB account number.
The name of the business tied to the SVB account number is usually within 100 characters of the account number and typically labeled "beneficiary" or "for credit of" (or some close variation on those themes).
In edge cases where a company name is not found near the account number, the account holder is often the source/author of the document[3].
Google only returns 1000 results for any given query - so retrieving the entire results set would require narrowing each query's scope and then iterating through the targets at a finer granularity.
For example, the current query looks for account numbers matching 33****. Replacing that with 33*NN**, where NN is 01-99 would let you iterate through ranges of account numbers (33*01**, 33*02**, and so on...).
Other approaches include geographically scoping the queries by adding "AND NJ" to queries (and iterating through each two-byte state code) or tacking on partial zip codes, etc...
It takes tweaking - but the goal is to build a query with elements that you can loop over to get your results into buckets of < 1000. Another option would be to use the Bing Web Search API and paging through the json response.
These methods might complement the work you've already done on affectedbysvbornot.com - and help provide a more exhaustive list of companies impacted by the SVB collapse.
1: https://twitter.com/thegrif/status/1634841498876272641
2: https://bit.ly/svb-account-holders
3: http://bit.ly/svb-invoice-example