Shit just got real for the IT folks also breached Morgan Stanley. The attack lasted for months and the damage was substantial. Dubbed "Operation Aurora" by cyber-security giant McAfee, Inc., it is now believed that hundreds of American companies were compromised in the attack. Morgan Stanley is the first major bank to have detected the attack.. The same Chinese hackers who busted into Google last year
"They were hit hard by the real Aurora attacks (not the crap in the news)," wrote Phil Wallisch, a senior security engineer at HBGary, who said he read an internal Morgan Stanley report detailing the so-called Operation Aurora attacks.
It looks like the hackers were after information on the various M&A deals the bank is involved with -- information potentially worth hundreds of millions of dollars. The attack went on for over a year, and only stopped when the hackers realized Google (whom they also hacked) was closing in on them. Morgan Stanley tried to keep the attack quiet but, in a final twist of irony, a cyber-security consulting firm they hired to deal with the issue was hacked by Anonymous, who then published all the emails they discovered.
Hackers from Anonymous, best-known for attacks on Scientology and Wikileaks detractors, trashed Barr's online life Sunday evening after learning he planned to meet with the FBI tomorrow and hand over information he'd gathered about them. They defaced the website of HBGary Federal, the D.C.-based computer security firm Barr works for. Then they took over Barr's Twitter account, tweeting his social security number and a file containing 50,000 HBGary company emails. They even claim to have wiped his iPad.
With so many threats from every angle, it's hard for a company to know whether or not its data is secure. We can make all the assumptions of security that we want, but it certainly looks like the hackers are one step ahead.
Which brings up an even more interesting question: if the Chinese government is behind this attack, doesn't this border on a national security issue? I mean, since we essentially said our country can't survive without TBTF banks when we bailed them out, doesn't an attack on those banks then constitute an act of war? A bit of a reach to be sure, but worth considering.
I'm sure the NSA has hackers every bit as gifted poised to counter attack, but I can't help wondering what a year's worth of Morgan Stanley M&A information netted the hackers. That's not to mention the over 200 other companies that were compromised in the attack.
Anyone else changing their passwords today?