• C++ Programming for Financial Engineering
    Highly recommended by thousands of MFE students. Covers essential C++ topics with applications to financial engineering. Learn more Join!
    Python for Finance with Intro to Data Science
    Gain practical understanding of Python to read, understand, and write professional Python code for your first day on the job. Learn more Join!
    An Intuition-Based Options Primer for FE
    Ideal for entry level positions interviews and graduate studies, specializing in options trading arbitrage and options valuation models. Learn more Join!

Morgan Stanley Attacked by China-Based Hackers

Joined
5/2/06
Messages
11,750
Points
273
March 1 (Bloomberg) -- Morgan Stanley experienced a “very sensitive” break-in to its network by the same China-based hackers who attacked Google Inc.’s computers more than a year ago, according to leaked e-mails from a cyber-security company working for the bank.

The e-mails from the Sacramento, California-based computer security firm HBGary Inc., which identify the first financial institution targeted in the series of attacks, said the bank considered details of the intrusion a closely guarded secret.

“They were hit hard by the real Aurora attacks (not the crap in the news),” wrote Phil Wallisch, a senior security engineer at HBGary, who said he read an internal Morgan Stanley report detailing the so-called Operation Aurora attacks.

The nickname came from McAfee Inc., a Santa Clara, California-based cyber-security firm, which said the attacks occurred for about six months starting in June 2009 and marked “a watershed moment in cyber security.” The number of companies known to be hit in the attacks was initially estimated at 20 to 30 and now exceeds 200, said Christopher Day, senior vice president for Terremark Worldwide Inc., which provides information-technology security services.

Morgan Stanley hired HBGary in 2010 to address suspected network breaches by hackers not linked to Operation Aurora who broke through the company’s Internet security systems. The hackers successfully implanted software designed to steal confidential files and internal communications, according to dozens of HBGary e-mails that detail efforts to plug the holes.

One e-mail, dated June 19, said that the attackers may be the same ones who had hit a U.K.-based defense contractor and discusses hacking software called Monkif, which can be used by intruders to remotely orchestrate a sophisticated form of cyber attack known as an ‘advanced persistent threat’ or APT.

“This Monkif payload may represent APT or play a part in the APT’s campaign,” HBGary Chief Executive Officer Greg Hoglund wrote to Wallisch. “Phil, you might find this of value given that you are dealing with the same attack over at Morgan.”
http://www.businessweek.com/news/20...ed-by-china-based-hackers-who-hit-google.html
 
The nature of hacking is that it is really quite hard to identify the source, so although it may be true that this was Chinese in origin, I would need more evidence to completely accept that assertion. Even a mildly competent hacker ought to think about giving the impression that someone else did it.

I also don't believe for a second that you need to be a master hacker to penetrate the security of any bank, google on Jerome Kerviel...
 
Back
Top