Privacy notice: We do not currently use cookies, only session variables that are automatically deleted when the browser is closed. By clicking "I agree", you confirm to the use of these technologies and also agree to our terms and conditions. You can view our privacy policy here, our above mentioned session variables by clicking here.


Pandora's Box
About Wirecard's IT Architectures
1705091297
 Copied 
   Dark Mode
Listen to this article
Pandora's Box

According to Greek legend, the almighty Zeus, in revenge for Prometheus' kidnapping of fire, created a box containing all the world's evils and all its hopes. The order never to open the box did not last long. Pandora, lavishly endowed with gifts and beauty, soon marries Prometheus' brother and, shortly after their wedding, opens the box given to her. Whereupon all the evil imprisoned in the box escapes, apparently unable to be recaptured to this day.

Such or similar was the outcome of the questioning of a Wirecard IT director in the Munich-Stadelheim prison courtroom on May 17, 2023. Witness N. was until Wirecrd's insolvency responsible for technology issues at Wirecard Europe and Asia Pacific, working in a Vice-President role (VP). She was one of the first employees at Wirecard, hired in 2005 after a six-month internship there. It was also her first real job at the time. She initially worked as a software developer for Wirecard for a total of 5 years. Quite possible that at least during her initial Wirecard years she worked either with or under Jan Marsalek, who was initially responsible for software development. From 2010 on she worked as a business analyst, two years later as Head of Issuing in the SAP environment, another two years after that she became VP for Technology, from then on responsible for the oversight of Wirecard's IT architectures and systems in Europe and Asia-Pacific.

00:00


Witness N. states early on here at court that during her time as VP Technology she reported exclusively to managing director Susanne Steidl. She states she had never had any contact with Jan Marsalek or Dr. Braun, who sits a few meters to her left. Not even via Telegram, which was used as the main internal communication tool for messages and calls - WhatsApp was not allowed at Wirecard.

Things turn out to get interesting when witness N., under questioning by the presiding judge, begins to shed light on Wirecard's IT architectures. Wirecard had few computer servers of its own, the company instead outsourced its data and applications to external service providers. At its Munich headquarters, Nordisk Networks was one of the companies contracted to do this. There were also data centres in Austria and Dubai, some third-party partners in Singapore and Asia had either their own or outsourced data centres. Apparently coinciding with the launch of Wirecard's own so-called 'Elastic Engine' in early 2019, there was an increase in the use of additional Cloud-Services - that is, outsourced computers that would store not only data but could also run program logic on Wirecard's behalf. Some of these clouds were set up at IT service provider giant Amazon (AWS) in no other location than Toronto, Canada.

However, at the beginning of 2019, Wirecard's then new 'Elastic Engine' platform was introduced, which finally enables a reliable end-to-end assessment of third-party transactions. Accordingly, the scope of the audit was expanded, but due to the high transaction volume of 200 million data lines for December 2019 alone, there was simply not enough time for KPMG to fully review this data set. The good news is that KPMG was still able to publish a preliminary assessment showing that the transaction volumes were consistent with the partner's accounting and were accurately reflected in the financial statements.

"Wirecard Bombs Again" article dated May 4, 2020.

Wirecard's key IT architecture piece, called the 'Elastic Engine', could be replicated to run on a large number of servers. Witness N. states there was at least one request to outsource the entire source code to a third party partner, it came from Jan Marsalek sometime in 2019. The project was abandoned shortly after. Interesting to note is also that after the project was commissioned, an employee named Manoj Sahu was transferred to Toronto at Wirecard's cloud service provider to manage these cloud instances from there. Sahu worked directly under Jan Marsalek and, for the most part, reported only to the fugitive Wirecard COO. This opens up a whole range of at least theoretical possibilities regarding Wirecard's entanglements with Canada and PaySafe. Since the Elastic Engine can be seen as a software gateway that only distributed money transaction requests for further processing, Wirecard needed a number of additional credit card processing servers and instances, located initially in Dubai and later also in Munich.

Following the discussions about Wirecard's fundamental IT architectures, the court seems to fully open Pandora's box when it displays a few email conversations over the monitor. In a chain of messages from 2018,
Asked if the clearly recognisable FTP addresses and API password keys for retrieving data directly from networked computers would mean anything to her, she denies. The confidential access logins from a few years ago, recognisable for any halfway IT expert here, "don't mean anything" to her.
witness N. asks Toronto whether she could not have a precise overview of the IT architectures of the third-party partners, as well as a general overview of all cloud instances. She was given the following answer: "White label instances are provided in the cloud, usually for PSPs. White label instances run independently in the cloud, we only provide the technical support".

Another larger one of Pandora's boxes evils is released when the judge throws another email snippet from several years ago onto the court monitor. Asked if the clearly recognisable FTP addresses and API password keys for retrieving data directly from networked computers would mean anything to her, she denies. The confidential access logins from a few years ago, recognisable for any halfway IT expert here, "don't mean anything" to her. Things turn out even more Pandoric when the judge displays a list of 45 global cloud servers onto the screen. Asked if she was familiar with these servers, she replies, quote, "no, never heard of them".

Pandora's box still had some surprises at hand when the court asked about the actual transaction volumes on Wirecard's servers. That number was at around 40 million for a good month, the witness replied, a far cry from the forecasted figures for Wirecard's 'Vision 2025' project from 2019. Pullings from Pandora's box continued when statements like "Bellenhaus is a money machine, he thought it is an effective system to save taxes" were procaimed here at court. Or that a number of Wirecard employees had known for quiet some time that there were literally zero people employed at Card Systems, and since had been asking themselves self-critically for some time already the question "who is actually making all the money over there ?".

Also exciting were the matters surrounding the oftentimes way too unnoticed, gigantic Softbank investment into Wirecard from April 2019. Susanne Steidl, management board member and elected as one of the 100 most influential women in the entire German economy in 2018 and 2019 - plus among the most influential top tech women in the same country at the same time - suddenly tumbled into the witness's office and demanded a complete database with all transaction data of the past years, including confidential ones. When the witness inquired that this was not so easy to do and what it was for, Ms. Steidl replied that "Jan Marsalek needed it for Softbank". After a few weeks, he received the file of about 150 GB on a small hard drive. As if that was not enough, the witness confirmed that a second such data table for all financial transactions was requested from her some time later again by Steidl - with even more detailed information.
It was also stunning to hear the witness explain that at an offshore event in May 2019, the pressing questions of Wirecard's own employees as to who exactly was responsible for the many sales were countered with the Pandora's argument of 'major customers we are not allowed to mention'.
Here in the court room, emails which claim it was allegedly possible to partially extract complete credit card information from these data lists were also read out.

Apparently, the electronic list of some 200 million financial transaction records, handed over to KPMG for their special audit, was only a smaller subset of the two above mentioned Pandora lists. The KPMG data tables contained only 8 to 10 column fields, far too little information to fully track transactions. Because of the large lists and records, the witness called Toronto back then again to receive all the relevant transaction data from their cloud servers. However, a friendly gentleman immediately refused to provide detailed information. He told her she was not allowed to fetch data here and promptly clicked the red button to end the phone conversation.

It was also stunning to hear the witness explain that at an offshore event in May 2019, the pressing questions of Wirecard's own employees as to who exactly was responsible for the many sales were countered with the Pandora's argument of "major customers we are not allowed to mention". Shortly after, Susanne Steidl, Wirecard's executive board member and formerly elected super-manager for all of Germany, called to restrain from follow-up questions and made it clear that any further discussions of this topic was henceforth forbidden.

The Wirecard VP witness further tells that she had rarely personally experienced any unusual behaviour by the supervisory and executive board members. Except for one time in 2019 or so, when she forgot to pay a parking violation ticket for a company car. CFO von Erffa immediately contacted the witness personally and warned her in a harsh tone to restrain from such behaviour in the future, since unneccessary costs of around 10 Euros had to be paid by Wirecard in her name.

Dr. Braun finished the day by asking a few questions, also about the low transaction figures, which were in fact net bookings related only to Europe and Asia-Pacific. Project Aslam was apparently not included in the transcations at all, which accounted for an additional 20 to 30 billion. Furthermore, the figures she presented were only for 4 of the 11 countries Wirecard was doing business in. When Dr. Braun asked how many acquirers were actually connected to the Payment Engine in 2019, the witness was unable to provide an answer.

One company name kept popping up in all the discussions and questions, including in those of Dr. Braun: One Stop Money Manager.


Apparently, one of the very last evils in Pandora's box.









Leave a comment:


Send

 
This article was entirely created and written by Martin D., an accredited and independent, investigative journalist from Europe. He holds an MBA from a US University and a Bachelor Degree in Information Systems and had worked early in his career as a consultant in the US and EU. He does not work for, does not consult, does not own shares in or receives funding from any corporation or organisation that would benefit from this article so far.

Support independent investigative journalism. Buy me a green tea or coffee:

Buy me a Coffee



 Copied 


For tips and confidential information: send us your fully encrypted message at news@sun24.news by using our public PGP encryption key (online tool here).



Recommended:

The Grand Orchestra

About Wirecard's share price and dolphins against sharks

Mount Wirecard

About Swiss Wirecard entanglements and the remains of Crypto AG

Wirecard Court Halftime

About seven months in Munich Stadelheim and the miracle of Bern

The Third Man

About Wirecard's interim CEO James Freis and nice shoes

Deflective Attorneys

About a five hours Wirecard indictment

Bavariacard

About a Germanic Wirecard Poker

A Munich Fraud

Wirecard and Munich's Public Prosecutor's Office

Royal Courts of Wirecard

About a Wirecard Lawsuit and Quantum Physics

Brilliant Consultants

About Wirecard's financial auditors and the chess game

Back To The Wirecard

About the roots of the insolvent German payment provider

BaFin The Thirteenth

An April 13th day at the Wirecard investigational committee



© 2024 Sun24 News - All rights reserved


Rate this article
    
Thanks !
or leave a comment
Send