World’s Biggest Bank Forced to Trade Via USB Stick After Hack(bloomberg.com)
bloomberg.com
World’s Biggest Bank Forced to Trade Via USB Stick After Hack
https://www.bloomberg.com/news/articles/2023-11-10/world-s-biggest-bank-forced-to-trade-via-usb-stick-after-hack
54 comments
I bet there's a specialized courier service in Manhattan who only deliver small and boring envelopes that just happen to be extremely valuable to financial companies.
No idea what that company might be, but I'd imagine they don't use bikes just for the "bus factor" risk of that person getting into an accident and the envelope lost.
No idea what that company might be, but I'd imagine they don't use bikes just for the "bus factor" risk of that person getting into an accident and the envelope lost.
There are thousands of these kinds of services. Almost all would be bonded, some would offer armed security escorts to go with the courier (of course, for a fee).
Imagine a bicycle messenger in lime green sports clothes with a dark green box on his back, followed by two guard motorbikes all black, carrying big guns. And the motorbikes riding comically slow in order to stay with the bicyclist. Even struggling to not tip over, because of how slow they are going at times.
[deleted]
More like a motorcade of motorcycles, 3 at the front in arrow formation pushing out the traffic, the forward section not shy about using their guns to move people away - these would be real NYPD with badges hired during their off-duty hours, they would be carrying NYPD weapons.
Then you have the main security cordon, a quad / box. They would be on motorbikes, but it would be like guards, and since the traffic is already cleared by the forward section, it would just go at the fastest speed the cyclist courier can go.
The cyclist is in the middle of the quad/box.
Then at the back you have a rear section (also 3 NYPD off duty cops on motorbikes with firearms licenses and authorized to shoot with no consequence because they are union protected), which will block traffic from coming too close to the courier.
Then you have the main security cordon, a quad / box. They would be on motorbikes, but it would be like guards, and since the traffic is already cleared by the forward section, it would just go at the fastest speed the cyclist courier can go.
The cyclist is in the middle of the quad/box.
Then at the back you have a rear section (also 3 NYPD off duty cops on motorbikes with firearms licenses and authorized to shoot with no consequence because they are union protected), which will block traffic from coming too close to the courier.
Sounds legit, but also reads like good fanfic without anything provided for external confidence.
I don't follow. Wouldn't you just send another USB drive? Doesn't seem any riskier than anything else sent by courier.
You could even send three couriers, each with the two public + private keys for the other couriers' data, and also their own encrypted blob.
Four couriers
Three memory sticks
Two encryptions
One file
Three memory sticks
Two encryptions
One file
No need. The courier has an implanted memory device with 160GB capacity. But it was pushed beyond specs to 360GB for this run.
Its actually bike messengers
Targeting the U.S. Treasury auction means the target was the US and its cost of funding itself, where this auction facility at ICBC was just the means.
I’m of the exact same mind. By missing this point people are missing the real story here. This smells like a fairly high-potency (and effective?) attack on a very vulnerable piece of critical financial infrastructure. Seems like a test perhaps?
The movie industry ships HDDs in locked boxes. You call to get the code when the package is received.
I imagine the banks have something like that or even better.
I imagine the banks have something like that or even better.
> You call to get the code when the package is received.
Sounds hackable.
Sounds hackable.
it's encrypted
Nobody wants to repeat back 512 character encryption keys over the phone these days
When I was in the navy, we used to ship both guns and secret material via the regular old US postal service.
[deleted]
Score one for a distributed system.
A large player in the US Treasury auction goes off line during the auction and it turns out to be a big nothing burger.
It had no impact on the auction but ICBC is a decent sized player in the repo market so it could have a slight impact on the over night rate, but again, there are so many banks involved in the repo market that the impact was not noticeable.
So far the hack is attributed to Lockbit, who is supposedly associated with the Russians, which is the first time I've heard of the Russians directly trying to interfere with a US treasury auction.
The hack seems to have affected China more than the US so maybe you can squint and say this is Russia attacking China more than Russian attacking the US here?
A large player in the US Treasury auction goes off line during the auction and it turns out to be a big nothing burger.
It had no impact on the auction but ICBC is a decent sized player in the repo market so it could have a slight impact on the over night rate, but again, there are so many banks involved in the repo market that the impact was not noticeable.
So far the hack is attributed to Lockbit, who is supposedly associated with the Russians, which is the first time I've heard of the Russians directly trying to interfere with a US treasury auction.
The hack seems to have affected China more than the US so maybe you can squint and say this is Russia attacking China more than Russian attacking the US here?
I bet more on the usual inability to predict obvious indirect consequences than on intent to harm China. For sure it’s not the right time to do so.
This just gave me infinite captcha challenges like some kind of practical joke.
This is a known issue with using 1.1.1.1 as a DNS
Maybe it would be better to report the issue the issue to archive.org because I can’t fix it…as much as I would like to.
Or maybe to your ISP?
Or VPN host if that’s involved?
Or maybe to your ISP?
Or VPN host if that’s involved?
archive.today isn’t associated with archive.org. It’s run by one guy who has a grudge against Cloudflare and gets angry when you use their DNS or anything that proxies your requests through Cloudflare, include iCloud Private Relay. You end up on a page that looks vaguely like a Cloudflare challenge, even though it’s his own doing and has nothing to do with Cloudflare.
If you’re on iOS, just open it in any browser other than Safari. Other browsers don’t get provided through iCloud Private Relay.
If you’re on iOS, just open it in any browser other than Safari. Other browsers don’t get provided through iCloud Private Relay.
Nevertheless reporting the problem to archive.org would still be at least as effective as reporting the problem to me.
Anyway, for what it's worth it works fine on my iPhone using iOS Safari.
Anyway, for what it's worth it works fine on my iPhone using iOS Safari.
You would need iCloud Private Relay enabled to encounter the issue. Even then, you don’t get a say in which edge provider you get routed through: it may be Cloudflare, or it may be someone else (e.g., Akamai). It’s up to Apple.
Sorry for being confused, I didn’t realize I would need to make things complicated in order to give myself problems to complain about.
The trouble is that most people who have it enabled don't realize. If you're paying for iCloud+, it's likely enabled.
I'm not suggesting anyone should be complaining to you, though--I'm just explaining why some people encounter issues visiting archive.today links and providing them with a workaround (disable iCloud Private Relay).
I'm not suggesting anyone should be complaining to you, though--I'm just explaining why some people encounter issues visiting archive.today links and providing them with a workaround (disable iCloud Private Relay).
That's quitter talk friend.
pushed up sleeves and starts editing code on archive.org
pushed up sleeves and starts editing code on archive.org
I have the image of someone opening up the browser's dev tools to write JS in the console tab. I'll just leave them to it!
VB6 all the way, baby!
[deleted]
Is falling back to USB a good idea? It seems like if it’s public knowledge that they’ll use removable media as a backup transfer system, it’d open a whole new attack vector for other systems.
There are ways to do it safely. I support regional banks and our procedure is to whitelist the drive by uuid in our antivirus (requires a decent drive, not whatever bargain bin marketing object you have banging around) and also using bitlocker to encrypt it.
So when you connect the drive for the first time, bitlocker reformats it and encrypts the partition, making it clean for business data and preventing you from bringing it to a non-bank computer.
It is not ideal, but ** batch processing must happen daily OR ELSE ** even if that means driving a flash drive or an emergency uhaul rental's worth of paper across the state at a moment's notice. Every bank has progressively subgrade procedure sets depending on how bad their emergency is to ensure that this work is done.
So when you connect the drive for the first time, bitlocker reformats it and encrypts the partition, making it clean for business data and preventing you from bringing it to a non-bank computer.
It is not ideal, but ** batch processing must happen daily OR ELSE ** even if that means driving a flash drive or an emergency uhaul rental's worth of paper across the state at a moment's notice. Every bank has progressively subgrade procedure sets depending on how bad their emergency is to ensure that this work is done.
Fascinating, thanks for the detail. It’s pretty cool that there are viable digital downgrade paths. Thanks!
I assume they would fall back to paper if needed. Anything that gets things done. Anything else is just implementation details.
RFC 1149
That has to be a joke.
Look at the date of publication
It started as a joke.
What would you suggest instead?
So it's Russians hacking Chinese now, that's an unexpected development.
Yesterday, https://securelist.com/modern-asia-apt-groups-ttp/111009/
> In this report, we share the most valuable intelligence that we gathered on Asian APT groups. Over the course of our work, we noticed that these groups attacked the greatest number of countries and industries. Most importantly, our analysis of hundreds of attacks revealed a similar pattern among various groups. They achieve specific objectives at various stages of the Cyber Kill Chain using a common but limited number of techniques encountered by security professionals all over the world. Unfortunately, security teams often have difficulty detecting these attacks in their own infrastructure.
> In this report, we share the most valuable intelligence that we gathered on Asian APT groups. Over the course of our work, we noticed that these groups attacked the greatest number of countries and industries. Most importantly, our analysis of hundreds of attacks revealed a similar pattern among various groups. They achieve specific objectives at various stages of the Cyber Kill Chain using a common but limited number of techniques encountered by security professionals all over the world. Unfortunately, security teams often have difficulty detecting these attacks in their own infrastructure.
So the report shows these APT groups attack more countries and industries using similar methods at different stages of cyber attacks that security teams struggle to detect.
Is that new?
Is that new?
Which country has the more talented group of hackers?
Reminds me of an anecdote/joke about Russian hackers in the 90's doing all their compiling in their head while they wait for access to limited computing resources.
"Russians"
Perhaps going forward, it’s better to create an Ai gap as opposed to a real Air gap
1. It happened during the Treasury auction, and if the timing was intentional, a case could be made about it being a national security issue. The hackers disrupted the largest, and possibly most important, auction in the financial world.
2. The hackers may have unintentionally provoked an entity you definitely don’t want on your bad side: the People’s Liberation Army’s cyber arm.
3. I wonder if ICBC used a specialized courier service to send the USB stick, or if such a thing even exists. Or did they just use any old messenger service in Manhattan? If the latter, it’s funny to think that there was somebody biking across the city carrying billions of dollars worth of liquidity and settlement data and he/she would’ve been none the wiser.