$10 Router, No Firewall Blamed In $80M Bangladesh Bank Hack (reuters.com) 96
Earlier this a year, a spelling mistake in an online bank transfer prevented nearly $1 billion heist at Bangladesh's central bank and the New York Fed. The hackers, however, still had managed to steal about $80 million. Bangladesh government blamed the New York Fed for not spotting the suspicious transactions earlier. As it turns out, they should also be taking some blame, if not all. An anonymous reader writes: Bangladesh's central bank was vulnerable to hackers because it did not have a firewall and used second-hand, $10 switches to network computers connected to the SWIFT global payment network, an investigator into one of the world's biggest cyber heists said. The shortcomings made it easier for hackers to break into the Bangladesh Bank system earlier this year and attempt to siphon off nearly $1 billion using the bank's SWIFT credentials, said Mohammad Shah Alam, head of the Forensic Training Institute of the Bangladesh police's criminal investigation department.
Re:Make the 81M come of the VP's bonus (Score:5, Interesting)
I dunno... (Score:5, Interesting)
Make the 81M come of the VP's bonus.
That $10 switch seems alot of like some cost reduction yahoo is calling the shots and does not want to pay for the needed costs to due it right.
I dunno... reading through the hacking team [schneier.com] break-in (by which I mean, reading the hacker's first-person description [pastebin.com], it's unclear to me how *anyone* could be considered responsible for these sorts of things.
The hacked system should encrypt passwords, use a salt, have offsite backups that are regularly tested... all that "of course" stuff applies.
But I'm not at all sure how having a modem or router hacked could be the responsibility of the system.
How can you tell? Is there an exploit for your high-end Juniper firewall [wired.com]?
The hacking-team narrative suggests that the person who did it replaced the [router?] firmware with a custom one with his own backdoor. A single 0day exploit on an internet-facing appliance.
Did someone intentionally weaken the PRNG in your Intel CPU at the mask level? Did someone replace the firmware on your hard drive? Is your BIOS compromised?
I read where someone put malware into the firmware of an intelligent *battery*.
Welcome to the future: everything has firmware, and all firmware can be reflashed by the factory.
(The update service installed when you install our product will automatically upgrade the system as needed. Just download and execute! This fixes the rendering issue in the Tagalog language pack, it's a *must have* upgrade!)
I'm not sure how anyone can guarantee their systems are secure any more.
If the State department can't secure their computers [cnn.com], what hope is there for regular mortals?
Could be North Korea? (Score:4, Interesting)
North Korea's been hurting under the new sanctions. The amount of money that was almost stolen is insane for a person to steal but makes sense for a country (or more specifically, a military and ruling party) to steal. It was a well-organized effort involving many people. They were caught because of a mistake that an English-speaker wouldn't make.