From: winn@Infowar.Com
To: Nmunro@access.digex.net
Message Hash: e9ff971c9e1c0f3182011f543039fc21355fefa2c9ace2282c97d9f4b95f24da
Message ID: <199606251406.KAA24757@mailhost.IntNet.net>
Reply To: N/A
UTC Datetime: 1996-06-25 20:20:35 UTC
Raw Date: Wed, 26 Jun 1996 04:20:35 +0800
From: winn@Infowar.Com
Date: Wed, 26 Jun 1996 04:20:35 +0800
To: Nmunro@access.digex.net
Subject: Tales from the UK: Basel Part IV
Message-ID: <199606251406.KAA24757@mailhost.IntNet.net>
MIME-Version: 1.0
Content-Type: text/plain
June, 1996: Basel, Switzerland
More on the London Attacks: Part IV
The International Banking Information Technology Forum seemed like an ideal
location to get a reading on whether the Times' articles held any water or not.
I sent the family to Germany for two days while I spoke and schmoozed and asked
some of Europe's and America's top bankers about the articles. (See my last
three reports [June 1 - 23, 1996] on the alleged attacks as reported in the
(London) Sunday Times
I browsed and wove in and out of this esteemed financial community and asked
anyone and everyone in the banking field: "Do you know anything?" "Is any of it
true?" "Do you know any victims?" "Was your bank attacked?" "Please, tell me!"
Of course I didn't scream this out to all four hundred of the world's top
bankers in the public forum of my keynote speech; rather I asked quietly and
discreetly, hoping for a discreet and honest answer. I got lucky and received
two.
Both people who did agree to speak about the events in question do *not* want to
be identified. They are both in the very senior ranks of European banking and
only asked that I do not divulge their companies, their positions, backgrounds
or names. They both feel that the *real* story should get out - at least as much
as they know - and that the leaks are inherently good for the banking industry.
[They do not agree with security by obscurity.] Further, they both told me, at
separate times during the two day conference, stories that were nigh on
identical (and I never told either one that I spoke to the other).
The bottom line is they both know about _four_ 'attacks' against financial
institutions, although it was unclear as to whether they were all in the UK or
not. I am left with the distinct impression at least three of them were. [Not
the 40 or more that the Times suggested or that I have heard about since April
of 1994.] However, unlike the Times article, there was no question as to the
method of attack, and both sources were very clear in the use and the meaning of
the word attack. Here is what they said as to how the technical extortion was
accomplished.
The perpetrator(s) would first place a call to the upper management of the
intended victim announcing his/her intention. "We will take down your bank (or
financial organization) unless you pay us a lot of money not to."
The intended victims each sluffed off the threats. Shortly thereafter (within a
day or two) their financial systems would seemingly collapse for no reason at
the prescribed time and as promised by the caller. Banking services and/or
trading would come to a halt, for about an hour or so, and then the affected
systems would come back on line. Backups were ineffective; typical disaster
recovery methods, I was told, just didn't work.
Thereafter, a second call would be made to senior executives of the victim
firms, and the extortion demands for payment made again. In these cases,
electronic payments to Switzerland were made, and the monies were then secreted
from their temporary Swiss home within seconds - destined for places unknown or
unannounced. No repeat attacks to paying institutions has occurred according to
my sources.
I was told unequivocally that all of the four attacks used the same methodology:
malicious software was somehow injected into the systems but neither was either
forthcoming or knowledgeable about the specifics. They specifically denied that
HERF techniques were used. But many questions remained, and I was unsuccessful
at getting what I would call good answers to these and more queries:
- Which systems were affected exactly?
- How were the backup/redundancies disconnected?
- Exactly what do you mean by remote control?
- Did you ever find the offending software?
- Was it an insider job?
- Was it pure hacking?
- Was is mission critical application software gone awry?
- And so on . . . .
My questions flowed but both people either didn't know the answers or wouldn't
talk. With both of them, there was a clear discomfort as I pushed and prodded
for more details. Despite having so many questions still unanswered, I do feel
fortunate to have found at least two people who were willing to support at least
aspects of the Times' story.
One of the two banking people in Basel went even further with detail. He/she
says the actual dollar figure extorted in these four cases using the software
techniques, was L63 Million (UK), which is just about US$100 Million. According
to him/her, a lot of meetings have been taking place amongst the banks and
financial institutions to deal with the situation but they have agreed and thus
made a conscious effort to avoid government and law enforcement.
So, no, none of this fully supports the Times' story, but it does support
aspects of it, and aspects of the rumors and stories I've been hearing since
April of 1994. No HERF Guns, although another of my contacts who will not let me
use much of his/her information yet, swears that the software attack stories are
merely obfuscating the higher technology methods.
I certainly don't know all of the facts, but as more people come forward with
bits and pieces we may be able to siphon through the maelstrom of noise and
rumor and find out what's really been going on.
Back at you as soon as I have something more.
Winn
Peace
Winn
Winn Schwartau - Interpact, Inc.
Information Warfare and InfoSec
V: 813.393.6600 / F: 813.393.6361
Winn@InfoWar.Com
Return to June 1996
Return to “winn@Infowar.Com”
1996-06-25 (Wed, 26 Jun 1996 04:20:35 +0800) - Tales from the UK: Basel Part IV - winn@Infowar.Com