Morgan Stanley Hacked in Operation Aurora

Eddie Braverman's picture
Eddie Braverman - Certified Professional
Rank: The Pro | banana points 21,143

Shit just got real for the IT folks over at Morgan Stanley. The same Chinese hackers who busted into Google last year also breached Morgan Stanley. The attack lasted for months and the damage was substantial. Dubbed "Operation Aurora" by cyber-security giant McAfee, Inc., it is now believed that hundreds of American companies were compromised in the attack. Morgan Stanley is the first major bank to have detected the attack.

"They were hit hard by the real Aurora attacks (not the crap in the news)," wrote Phil Wallisch, a senior security engineer at HBGary, who said he read an internal Morgan Stanley report detailing the so-called Operation Aurora attacks.

It looks like the hackers were after information on the various M&A deals the bank is involved with -- information potentially worth hundreds of millions of dollars. The attack went on for over a year, and only stopped when the hackers realized Google (whom they also hacked) was closing in on them. Morgan Stanley tried to keep the attack quiet but, in a final twist of irony, a cyber-security consulting firm they hired to deal with the issue was hacked by Anonymous, who then published all the emails they discovered.

Hackers from Anonymous, best-known for attacks on Scientology and Wikileaks detractors, trashed Barr's online life Sunday evening after learning he planned to meet with the FBI tomorrow and hand over information he'd gathered about them. They defaced the website of HBGary Federal, the D.C.-based computer security firm Barr works for. Then they took over Barr's Twitter account, tweeting his social security number and a file containing 50,000 HBGary company emails. They even claim to have wiped his iPad.

With so many threats from every angle, it's hard for a company to know whether or not its data is secure. We can make all the assumptions of security that we want, but it certainly looks like the hackers are one step ahead.

Which brings up an even more interesting question: if the Chinese government is behind this attack, doesn't this border on a national security issue? I mean, since we essentially said our country can't survive without TBTF banks when we bailed them out, doesn't an attack on those banks then constitute an act of war? A bit of a reach to be sure, but worth considering.

I'm sure the NSA has hackers every bit as gifted poised to counter attack, but I can't help wondering what a year's worth of Morgan Stanley M&A information netted the hackers. That's not to mention the over 200 other companies that were compromised in the attack.

Anyone else changing their passwords today?

Comments (22)

Mar 1, 2011

wohh, scary stuff.

Mar 1, 2011

guess who made the stuxnet worm
and keep your treasurers with cautious you beau monde, the world around you is made up with conspiracies and traps

Mar 1, 2011

I'd love to find out what the US has done to China on the hacking front over the years.

Mar 1, 2011

I was wondering if anyone more knowledgeable than me knew just how powerful Anonymous was. It seems like no one can bring them down.

Mar 1, 2011

Cyber security has been talked about since well before the first 14 year old Palestinian hacked the pentagon, but there's no solution in sight, probably because we haven't suffered wholesale mayhem yet. That's just the way things are. The problem with security is that by default the protocols get more rigid and innovation is stifled, especially for smaller players who just don't have the resources to operate in a beaurocratic environment. Freedom and security exist at opposite ends of the spectrum. Since the internet is the equivalent of the wild west at this point, people are just getting too much out of it to take this stuff seriously.

Mar 1, 2011

lets shove everything in a vault and lock it up
probably the most secured way to safeguard your stuff
nothing is safe on the web these days

this is actually a quite clever way to get your hands on some insider info though, I wonder how much money was made through making moves ahead of everyone from obtaining these info

Mar 1, 2011

Yikes! This doesn't bode well for the rest of the bulge brackets...

Metal. Music. Life. www.headofmetal.com

Mar 1, 2011

Wiped his Ipad.....man thats just low

"Hold on to your butts"

See all my other WSO posts here

Mar 1, 2011

I think I am going to remember 2010 as the year in which I decided that I'd rather have american "imperialism" than chinese "self defense".

Mar 1, 2011
Frabjous:

I think I am going to remember 2010 as the year in which I decided that I'd rather have american "imperialism" than chinese "self defense".

Much of life come down to 'pick a side'.....and I'm with you 100%

But we're not THAT imperial. Look at what other empires have done throughout history, and honesly, we're not only BETTER at it than anyone has ever been, we're relatively nice about it when compared to say the Romans, British, or Spanish. Just saying...

Mar 1, 2011

Anonymous is incredibly far-reaching. The thing the average person doesn't realize is the latent power the body collectively has. There's people who work for some major, major companies across many industries who participate. Angry about Verizon's customer service or charges? Know the right anon.head and something happens. Wanna know the identity of someone you know is a T-mobile customer? Someone gets you private info. Guy who leaked the iPhone 4 by accident? His life got put back together because anon didn't think he deserved to be punished.

The thing that bothered me most about it was the collective idea that not only were they above the law but they also decided how it applied to other people. I've done enough twerpy stuff with computers as a kid for the hell of it, but when you start hurting people's lives, invading privacy, and breaking some serious laws, I'm not down with that shit. The final straw for me was when they backed Julian Assange.

Mar 1, 2011

Anonymous isn't some formal organisation. It's an internet meme that spawned from the "Anonymous" posting on 4chan. Basically anonymous is anyone who uses the internet, and when they band together to do anything they say "anonymous" did it. Doesn't always involve the same guys/the same hackers at all. Saying Anonymous has an agenda or "members" is a meaningless statement.

Mar 1, 2011
Warhead:

Anonymous isn't some formal organisation. It's an internet meme that spawned from the "Anonymous" posting on 4chan. Basically anonymous is anyone who uses the internet, and when they band together to do anything they say "anonymous" did it. Doesn't always involve the same guys/the same hackers at all. Saying Anonymous has an agenda or "members" is a meaningless statement.

Yeah, this is basically the same as 'terrorism', just digital. While there ARE some actual groups, a lot of it is just some geek who decides he's going to fuck some stuff up. I'm thinking that the MS attacks had to be a group though, there's just too much data for one human to ever crunch.

Mar 1, 2011
Warhead:

Anonymous isn't some formal organisation. It's an internet meme that spawned from the "Anonymous" posting on 4chan. Basically anonymous is anyone who uses the internet, and when they band together to do anything they say "anonymous" did it. Doesn't always involve the same guys/the same hackers at all. Saying Anonymous has an agenda or "members" is a meaningless statement.

Co-sign. I still remember the countless hours I spent on 4chan as a youngster and the notion that the anonymous users on there resemble an organisation in anyway is laughable at best.

Mar 1, 2011

You're misguided if you think 4chan and Anonymous are synonymous. One is a spawn of all things foul online and the other is a independent, unorganized hotbed of technological know-how coupled with ill-will and discontent.

Mar 1, 2011

If they read theese boards we're in for it....I already see my cursor flickering like crazy.

Mar 1, 2011
karypto:

If they read theese boards we're in for it....I already see my cursor flickering like crazy.

I hope that WSO stays of their radar as well, I like this site.

Mar 1, 2011

Why does information this sensitive have to be connected to the internet? I can understand why a company would want to have computers with sensitive information attached to the internet, but is their any reason for the government to have nuclear designs and other sensitive designs easily accessible?

I am not cocky, I am confident, and when you tell me I am the best it is a compliment.
-Styles P

Mar 1, 2011

They connect to each other ... and there's always a way to get to what you want.

Mar 1, 2011

^ Remember when a former president wanted nuclear weapons to be connected to the white house electronically so that people who may, at the last minute, disobey an order to launch would be removed from the decision making process? This is why I was so against the idea.

That having been said, does anyone know any more about the groups who penetrated these systems?

Mar 2, 2011
Mar 1, 2011