Interesting People mailing list archives
IP: MORE ON THE UK BANKING INCIDENTS
From: Dave Farber <farber () central cis upenn edu>
Date: Tue, 25 Jun 1996 15:41:50 -0400
To: farber () central cis upenn edu (David Farber) Date: Tue, 25 Jun 96 10:05:15 PDT From: "Willis H. Ware" <willis () rand org> Dave: The following is making its way around the net. It's a follow-on to your recent post on the incident. BTB - the Rand games are called "The Day After" games and essentially put a group of decision makers in an environment that has been corrupted/damaged/invaded by infowar sorts of things. they have attracted a certain amount of attention, including the popular media. The scenarios are very sci-fi in a sense, and the decision makers are thrust into a situation for which they have little-to-none prior experience in dealing with. But it is an effort to get some analytic attention on the IW scene. The "120 countries" does NOT comes from Rand; I believe it originates in some USG study, possibly by DISA, or possibly from the intell community. The GAO report in large measure lifted facts from the story and briefings that DISA have been giving around town. ww ------- Forwarded Message From: winn () Infowar Com Subject: Tales from the UK: Basel Part IV Date: Tue, 25 Jun 1996 10:06:02 -0400 June, 1996: Basel, Switzerland More on the London Attacks: Part IV The International Banking Information Technology Forum seemed like an ideal location to get a reading on whether the Times' articles held any water or not. I sent the family to Germany for two days while I spoke and schmoozed and asked some of Europe's and America's top bankers about the articles. (See my last three reports [June 1 - 23, 1996] on the alleged attacks as reported in the (London) Sunday Times I browsed and wove in and out of this esteemed financial community and asked anyone and everyone in the banking field: "Do you know anything?" "Is any of it true?" "Do you know any victims?" "Was your bank attacked?" "Please, tell me!" Of course I didn't scream this out to all four hundred of the world's top bankers in the public forum of my keynote speech; rather I asked quietly and discreetly, hoping for a discreet and honest answer. I got lucky and received two. Both people who did agree to speak about the events in question do *not* want to be identified. They are both in the very senior ranks of European banking and only asked that I do not divulge their companies, their positions, backgrounds or names. They both feel that the *real* story should get out - at least as much as they know - and that the leaks are inherently good for the banking industry. [They do not agree with security by obscurity.] Further, they both told me, at separate times during the two day conference, stories that were nigh on identical (and I never told either one that I spoke to the other). The bottom line is they both know about _four_ 'attacks' against financial institutions, although it was unclear as to whether they were all in the UK or not. I am left with the distinct impression at least three of them were. [Not the 40 or more that the Times suggested or that I have heard about since April of 1994.] However, unlike the Times article, there was no question as to the method of attack, and both sources were very clear in the use and the meaning of the word attack. Here is what they said as to how the technical extortion was accomplished. The perpetrator(s) would first place a call to the upper management of the intended victim announcing his/her intention. "We will take down your bank (or financial organization) unless you pay us a lot of money not to." The intended victims each sluffed off the threats. Shortly thereafter (within a day or two) their financial systems would seemingly collapse for no reason at the prescribed time and as promised by the caller. Banking services and/or trading would come to a halt, for about an hour or so, and then the affected systems would come back on line. Backups were ineffective; typical disaster recovery methods, I was told, just didn't work. Thereafter, a second call would be made to senior executives of the victim firms, and the extortion demands for payment made again. In these cases, electronic payments to Switzerland were made, and the monies were then secreted from their temporary Swiss home within seconds - destined for places unknown or unannounced. No repeat attacks to paying institutions has occurred according to my sources. I was told unequivocally that all of the four attacks used the same methodology: malicious software was somehow injected into the systems but neither was either forthcoming or knowledgeable about the specifics. They specifically denied that HERF techniques were used. But many questions remained, and I was unsuccessful at getting what I would call good answers to these and more queries: - Which systems were affected exactly? - How were the backup/redundancies disconnected? - Exactly what do you mean by remote control? - Did you ever find the offending software? - Was it an insider job? - Was it pure hacking? - Was is mission critical application software gone awry? - And so on . . . . My questions flowed but both people either didn't know the answers or wouldn't talk. With both of them, there was a clear discomfort as I pushed and prodded for more details. Despite having so many questions still unanswered, I do feel fortunate to have found at least two people who were willing to support at least aspects of the Times' story. One of the two banking people in Basel went even further with detail. He/she says the actual dollar figure extorted in these four cases using the software techniques, was L63 Million (UK), which is just about US$100 Million. According to him/her, a lot of meetings have been taking place amongst the banks and financial institutions to deal with the situation but they have agreed and thus made a conscious effort to avoid government and law enforcement. So, no, none of this fully supports the Times' story, but it does support aspects of it, and aspects of the rumors and stories I've been hearing since April of 1994. No HERF Guns, although another of my contacts who will not let me use much of his/her information yet, swears that the software attack stories are merely obfuscating the higher technology methods. I certainly don't know all of the facts, but as more people come forward with bits and pieces we may be able to siphon through the maelstrom of noise and rumor and find out what's really been going on. Back at you as soon as I have something more. Winn Peace Winn Winn Schwartau - Interpact, Inc. Information Warfare and InfoSec V: 813.393.6600 / F: 813.393.6361 Winn () InfoWar Com - ------- End of Forwarded Message ------- End of Forwarded Message
Current thread:
- IP: MORE ON THE UK BANKING INCIDENTS Dave Farber (Jun 25)