Morgan Stanley Hacked in Operation Aurora

Shit just got real for the IT folks over at Morgan Stanley. The same Chinese hackers who busted into Google last year also breached Morgan Stanley. The attack lasted for months and the damage was substantial. Dubbed "Operation Aurora" by cyber-security giant McAfee, Inc., it is now believed that hundreds of American companies were compromised in the attack. Morgan Stanley is the first major bank to have detected the attack.


“They were hit hard by the real Aurora attacks (not the crap in the news),” wrote Phil Wallisch, a senior security engineer at HBGary, who said he read an internal Morgan Stanley report detailing the so-called Operation Aurora attacks.

It looks like the hackers were after information on the various M&A deals the bank is involved with -- information potentially worth hundreds of millions of dollars. The attack went on for over a year, and only stopped when the hackers realized Google (whom they also hacked) was closing in on them. Morgan Stanley tried to keep the attack quiet but, in a final twist of irony, a cyber-security consulting firm they hired to deal with the issue was hacked by Anonymous, who then published all the emails they discovered.


Hackers from Anonymous, best-known for attacks on Scientology and Wikileaks detractors, trashed Barr's online life Sunday evening after learning he planned to meet with the FBI tomorrow and hand over information he'd gathered about them. They defaced the website of HBGary Federal, the D.C.-based computer security firm Barr works for. Then they took over Barr's Twitter account, tweeting his social security number and a file containing 50,000 HBGary company emails. They even claim to have wiped his iPad.

With so many threats from every angle, it's hard for a company to know whether or not its data is secure. We can make all the assumptions of security that we want, but it certainly looks like the hackers are one step ahead.

Which brings up an even more interesting question: if the Chinese government is behind this attack, doesn't this border on a national security issue? I mean, since we essentially said our country can't survive without TBTF banks when we bailed them out, doesn't an attack on those banks then constitute an act of war? A bit of a reach to be sure, but worth considering.

I'm sure the NSA has hackers every bit as gifted poised to counter attack, but I can't help wondering what a year's worth of Morgan Stanley M&A information netted the hackers. That's not to mention the over 200 other companies that were compromised in the attack.

Anyone else changing their passwords today?

 

Cyber security has been talked about since well before the first 14 year old Palestinian hacked the pentagon, but there's no solution in sight, probably because we haven't suffered wholesale mayhem yet. That's just the way things are. The problem with security is that by default the protocols get more rigid and innovation is stifled, especially for smaller players who just don't have the resources to operate in a beaurocratic environment. Freedom and security exist at opposite ends of the spectrum. Since the internet is the equivalent of the wild west at this point, people are just getting too much out of it to take this stuff seriously.

Get busy living
 
Frabjous:
I think I am going to remember 2010 as the year in which I decided that I'd rather have american "imperialism" than chinese "self defense".
Much of life come down to 'pick a side'.....and I'm with you 100%

But we're not THAT imperial. Look at what other empires have done throughout history, and honesly, we're not only BETTER at it than anyone has ever been, we're relatively nice about it when compared to say the Romans, British, or Spanish. Just saying...

Get busy living
 
Best Response

Anonymous is incredibly far-reaching. The thing the average person doesn't realize is the latent power the body collectively has. There's people who work for some major, major companies across many industries who participate. Angry about Verizon's customer service or charges? Know the right anon.head and something happens. Wanna know the identity of someone you know is a T-mobile customer? Someone gets you private info. Guy who leaked the iPhone 4 by accident? His life got put back together because anon didn't think he deserved to be punished.

The thing that bothered me most about it was the collective idea that not only were they above the law but they also decided how it applied to other people. I've done enough twerpy stuff with computers as a kid for the hell of it, but when you start hurting people's lives, invading privacy, and breaking some serious laws, I'm not down with that shit. The final straw for me was when they backed Julian Assange.

I am permanently behind on PMs, it's not personal.
 

Anonymous isn't some formal organisation. It's an internet meme that spawned from the "Anonymous" posting on 4chan. Basically anonymous is anyone who uses the internet, and when they band together to do anything they say "anonymous" did it. Doesn't always involve the same guys/the same hackers at all. Saying Anonymous has an agenda or "members" is a meaningless statement.

 
Warhead:
Anonymous isn't some formal organisation. It's an internet meme that spawned from the "Anonymous" posting on 4chan. Basically anonymous is anyone who uses the internet, and when they band together to do anything they say "anonymous" did it. Doesn't always involve the same guys/the same hackers at all. Saying Anonymous has an agenda or "members" is a meaningless statement.
Yeah, this is basically the same as 'terrorism', just digital. While there ARE some actual groups, a lot of it is just some geek who decides he's going to fuck some stuff up. I'm thinking that the MS attacks had to be a group though, there's just too much data for one human to ever crunch.
Get busy living
 
Warhead:
Anonymous isn't some formal organisation. It's an internet meme that spawned from the "Anonymous" posting on 4chan. Basically anonymous is anyone who uses the internet, and when they band together to do anything they say "anonymous" did it. Doesn't always involve the same guys/the same hackers at all. Saying Anonymous has an agenda or "members" is a meaningless statement.
Co-sign. I still remember the countless hours I spent on 4chan as a youngster and the notion that the anonymous users on there resemble an organisation in anyway is laughable at best.
 

You're misguided if you think 4chan and Anonymous are synonymous. One is a spawn of all things foul online and the other is a independent, unorganized hotbed of technological know-how coupled with ill-will and discontent.

I am permanently behind on PMs, it's not personal.
 

Why does information this sensitive have to be connected to the internet? I can understand why a company would want to have computers with sensitive information attached to the internet, but is their any reason for the government to have nuclear designs and other sensitive designs easily accessible?

I am not cocky, I am confident, and when you tell me I am the best it is a compliment. -Styles P
 

^ Remember when a former president wanted nuclear weapons to be connected to the white house electronically so that people who may, at the last minute, disobey an order to launch would be removed from the decision making process? This is why I was so against the idea.

That having been said, does anyone know any more about the groups who penetrated these systems?

Get busy living
 

Sunt nemo quo quo earum. Nostrum dolor vero id corporis temporibus. Consequatur enim et beatae distinctio ut. Beatae aliquid facere quo dolore est sit qui dolor. Sapiente natus expedita sint repellendus qui aut nulla dolorum. Facere quia consequatur modi. Velit quam doloribus ex ad soluta et.

Molestiae rerum minima voluptatem odio possimus voluptatem quia. Et molestiae quam sequi voluptas. Non vero iusto suscipit odio dolores. Voluptas error expedita impedit. Cumque repellendus voluptas sit tenetur tempore et. Repellat sit nobis non deleniti.

Rerum beatae odio nesciunt provident. Alias excepturi necessitatibus repudiandae aut. Error beatae similique vel dolorem cum amet.

 

Qui voluptas exercitationem facilis quaerat. Sed quas quia enim perspiciatis et quia. Laudantium voluptate dolorem praesentium explicabo cum adipisci. Sit fuga nobis tempora dolorem qui qui a dolores.

Qui voluptatem voluptates aliquid voluptas. Quo qui dolorum soluta autem aut nostrum. Omnis recusandae a repellat aut eum.

Voluptatem eius quo cumque in maxime officia. Quae et dolorem numquam dolor voluptatem commodi animi. Omnis aliquam sint eius soluta quod. Cupiditate facilis ea omnis quia et. Consequatur occaecati et omnis mollitia fugit est tenetur.

Ea omnis qui commodi est qui doloribus rerum. Quaerat sint dicta sed itaque voluptates. Mollitia in omnis rerum ut est sapiente. Est qui sapiente iusto. Nam soluta ad et sint ex numquam facere natus. Laborum et blanditiis sunt magni.

Get busy living

Career Advancement Opportunities

March 2024 Investment Banking

  • Jefferies & Company 02 99.4%
  • Goldman Sachs 19 98.8%
  • Harris Williams & Co. (++) 98.3%
  • Lazard Freres 02 97.7%
  • JPMorgan Chase 03 97.1%

Overall Employee Satisfaction

March 2024 Investment Banking

  • Harris Williams & Co. 18 99.4%
  • JPMorgan Chase 10 98.8%
  • Lazard Freres 05 98.3%
  • Morgan Stanley 07 97.7%
  • William Blair 03 97.1%

Professional Growth Opportunities

March 2024 Investment Banking

  • Lazard Freres 01 99.4%
  • Jefferies & Company 02 98.8%
  • Goldman Sachs 17 98.3%
  • Moelis & Company 07 97.7%
  • JPMorgan Chase 05 97.1%

Total Avg Compensation

March 2024 Investment Banking

  • Director/MD (5) $648
  • Vice President (19) $385
  • Associates (86) $261
  • 3rd+ Year Analyst (13) $181
  • Intern/Summer Associate (33) $170
  • 2nd Year Analyst (66) $168
  • 1st Year Analyst (202) $159
  • Intern/Summer Analyst (144) $101
notes
16 IB Interviews Notes

“... there’s no excuse to not take advantage of the resources out there available to you. Best value for your $ are the...”

Leaderboard

1
redever's picture
redever
99.2
2
Secyh62's picture
Secyh62
99.0
3
Betsy Massar's picture
Betsy Massar
99.0
4
BankonBanking's picture
BankonBanking
99.0
5
dosk17's picture
dosk17
98.9
6
DrApeman's picture
DrApeman
98.9
7
kanon's picture
kanon
98.9
8
CompBanker's picture
CompBanker
98.9
9
GameTheory's picture
GameTheory
98.9
10
Jamoldo's picture
Jamoldo
98.8
success
From 10 rejections to 1 dream investment banking internship

“... I believe it was the single biggest reason why I ended up with an offer...”