Cyber Attack Forces World's Biggest Bank to Trade via USB Stick (time.com) 14
An anonymous reader shares a report: On Thursday, trades handled by the world's largest bank in the globe's biggest market traversed Manhattan on a USB stick. Industrial & Commercial Bank of China's U.S. unit had been hit by a cyberattack, rendering it unable to clear swathes of U.S. Treasury trades after entities responsible for settling the transactions swiftly disconnected from the stricken systems. That forced ICBC to send the required settlement details to those parties by a messenger carrying a thumb drive as the state-owned lender raced to limit the damage.
The workaround -- described by market participants -- followed the attack by suspected perpetrator Lockbit, a prolific criminal gang with ties to Russia that has also been linked to hits on Boeing, ION Trading U.K. and the U.K.'s Royal Mail. The strike caused immediate disruption as market-makers, brokerages and banks were forced to reroute trades, with many uncertain when access would resume. The incident spotlights a danger that bank leaders concede keeps them up at night -- the prospect of a cyber attack that could someday cripple a key piece of the financial system's wiring, setting off a cascade of disruptions. Even brief episodes prompt bank leaders and their government overseers to call for more vigilance.
The workaround -- described by market participants -- followed the attack by suspected perpetrator Lockbit, a prolific criminal gang with ties to Russia that has also been linked to hits on Boeing, ION Trading U.K. and the U.K.'s Royal Mail. The strike caused immediate disruption as market-makers, brokerages and banks were forced to reroute trades, with many uncertain when access would resume. The incident spotlights a danger that bank leaders concede keeps them up at night -- the prospect of a cyber attack that could someday cripple a key piece of the financial system's wiring, setting off a cascade of disruptions. Even brief episodes prompt bank leaders and their government overseers to call for more vigilance.
Russia cyberattack on China? (Score:4, Interesting)
Re:Russia cyberattack on China? (Score:4, Interesting)
Putin is Kim Jong UN's bitch now. Seems like China knew a loser when they saw one and wisely kept him at arms length after the ukraine invasion despite all the announcements of love and respect.
Automated Clearinghouse (Score:5, Insightful)
Fun fact - when banks first started automating transactions via giant rooms full of IBM 360 mainframes, they would resolve the day's bank-to-bank transactions by shipping pallets of 9-track tapes to a federal reserve clearinghouse. The clearinghouse's mainframes would then resolve all the day's transactions, write them back to the bank's tapes, then ship them back to the banks to be loaded back in to their own mainframes. This would happen every night.
And, to this day, it still works, more or less, the same way. Transactions are queued up and shipped off to be resolved by the federal reserve. It's all done over private networks nowadays, but the batch principle is still there.
So, reverting back to filling up a USB drive with transactions and resolving them "by hand" is not an out-of-band solution to this problem. It slows things down quite a bit, but that delay doesn't break anything in the overall system, as it was designed with it in mind.
Re:Automated Clearinghouse (Score:4, Interesting)
During college years (late 80's, early 90's) I worked maintenance for a local/regional bank that handled ACH for all the banks in the area. We were the step down from the main regional fed banks (e.g. NY, SF, SL, KC, CHI, etc.) In a wiring closet in the data center, a bright orange Ma Bell cover over a '66' telephony block had written. FED FEED - DO NOT TOUCH! in black Sharpie. It's where the T1 wiring pairs for ACH, wire transfer, and other such items terminated and were bridged to house trunks to head to the other wiring closets to be connected to station pairs.
Needless to say, I enjoyed the work while I was getting a CS degree... and I heeded the message and didn't touch it.
Re: (Score:2)
Fun fact - when banks first started automating transactions via giant rooms full of IBM 360 mainframes, they would resolve the day's bank-to-bank transactions by shipping pallets of 9-track tapes to a federal reserve clearinghouse. The clearinghouse's mainframes would then resolve all the day's transactions, write them back to the bank's tapes, then ship them back to the banks to be loaded back in to their own mainframes. This would happen every night.
And, to this day, it still works, more or less, the same way. Transactions are queued up and shipped off to be resolved by the federal reserve. It's all done over private networks nowadays, but the batch principle is still there.
So, reverting back to filling up a USB drive with transactions and resolving them "by hand" is not an out-of-band solution to this problem. It slows things down quite a bit, but that delay doesn't break anything in the overall system, as it was designed with it in mind.
I'm also guessing some warped definition of "resolved" was by design as well, given the federal reserve is involved.
I mean let's be honest...not like you're gonna use the word "audit" with any accuracy here.
Exception (Score:2)
I'd agree with your overall premise when it comes to Federal Reserve notes and other federally-backed financial instruments.
This is a different operation, and it's, de-facto, audited all the time, as these are bank-to-bank transfers. If Citibank is expecting a $4,412,451.23 electronic transfer from Goldman Sachs, you can be damned sure every penny is going to be accounted for.
Re: (Score:2)
In fact, depending on the system you're sending to, the USB stick might be faster. Some of these banks dealing with NACHA files only allow you to send them one at a time, and one per SCP connection; so if you have a large and complicated batch of transactions to post via ACH, your automation could be working for hours.
SWIFT (Score:4, Interesting)
What they're worried about is SWIFT, basically the chatroom for international finance.
I suspect that SWIFT's main vulnerability would be to an inside job. And while they make that extremely hard, the Business As Usual(BAU) version of "inside job" is "self-inflicted outage due to a change."
And THAT vulnerability will never go away.
As we all know, USB devices are no security risk (Score:2)
...unless you're able to plug them into a computer. I'm surprised the bank allows their computers to HAVE any USB connections. A billion little new security risks!
Re: (Score:2)
Banks have USB ports in computers just as anybody else. Now, to be allowed and able to use those ports is a different matter. No automatic opening or opening without special permissions in any sane banking laptop installation. Also you may have to go through some heavily armored doors and past armed security to even get to the other USB ports that are on server side. These ports may just work though.
Johnny Mnemoney! (Score:2)
Data couriers in vogue again?
Even today, it would be faster, easier and safer to encrypt the data and send it by modem, and by Johnny Mnemonic's time, the world will be wired with fiber optic cables allowing enormous files to be squirted around the world in seconds. [rogerebert.com]
Uhm, Roger...about that "safer"...
Lame excuse for a cyber attack (Score:2)
Ask Mr. Puggins what a real cyber attack [youtube.com] is like.