Slashdot Mirror

← Back to Stories (view on slashdot.org)

$10 Router, No Firewall Blamed In $80M Bangladesh Bank Hack (reuters.com)

Posted by msmash on from the router-rapidly-routed-rupees dept.

Earlier this a year, a spelling mistake in an online bank transfer prevented nearly $1 billion heist at Bangladesh's central bank and the New York Fed. The hackers, however, still had managed to steal about $80 million. Bangladesh government blamed the New York Fed for not spotting the suspicious transactions earlier. As it turns out, they should also be taking some blame, if not all. An anonymous reader writes: Bangladesh's central bank was vulnerable to hackers because it did not have a firewall and used second-hand, $10 switches to network computers connected to the SWIFT global payment network, an investigator into one of the world's biggest cyber heists said. The shortcomings made it easier for hackers to break into the Bangladesh Bank system earlier this year and attempt to siphon off nearly $1 billion using the bank's SWIFT credentials, said Mohammad Shah Alam, head of the Forensic Training Institute of the Bangladesh police's criminal investigation department.

64 of 96 comments (clear)

  1. Make the 81M come of the VP's bonus by Joe_Dragon · · Score: 4, Informative

    Make the 81M come of the VP's bonus.

    That $10 switch seems alot of like some cost reduction yahoo is calling the shots and does not want to pay for the needed costs to due it right.

    1. Re:Make the 81M come of the VP's bonus by anegg · · Score: 5, Interesting

      If I were analyzing their security, I would be much more concerned with the "no firewall" comment than how much they spent on a switch... No firewall, really? Bet they saved a lot of money not having to put that in place and monitor it....

    2. Re:Make the 81M come of the VP's bonus by anegg · · Score: 4, Informative

      Ok - after reading the article, I think they might not have had any security architecture whatsoever. No compartmentalization of data flows. No firewall. Probably no monitoring. And judging from the comments, no traffic accounting/auditing capability.

      It seems like they had no understanding of the IT risks at all.

    3. Re:Make the 81M come of the VP's bonus by GungaDan · · Score: 4, Funny

      Coming soon - this bank outsources IT to neighboring India.

      --
      Eloi are stupid, throw morlocks at them!
    4. Re:Make the 81M come of the VP's bonus by Anonymous Coward · · Score: 1

      after reading the article, I think they might not have had any security architecture whatsoever

      Something doesn't add up. With those kind of assets, why wasn't this system hacked a long, long time ago?

    5. Re:Make the 81M come of the VP's bonus by golden_hands · · Score: 1

      Coming soon - this bank outsources IT to neighboring India.

      They couldn't do that for $10 though. Based on the sophistication( or lack of it), It looks like the teenage son of the bank president set this up based on his experience in setting up a home network..

    6. Re:Make the 81M come of the VP's bonus by wagnerrp · · Score: 2

      The comment on the cheap switch was that they had the SWIFT servers connected to the same dumb switch as other unprotected computers in the building. More expensive switches would have allowed them to isolate those servers on their own network, as would one extra dumb switch dedicated to those servers, but either would have required them to install a router to link the two networks. It's all ultimately just a "no firewall" issue.

    7. Re:Make the 81M come of the VP's bonus by Hognoxious · · Score: 1

      There's probably thousands of cases where it's the other way round. Bangladesh is cheaper.

      --
      Confucius say, "Find worm in apple - bad. Find half a worm - worse."
    8. Re:Make the 81M come of the VP's bonus by webnut77 · · Score: 1

      They couldn't do that for $10 though. Based on the sophistication( or lack of it), It looks like the teenage son of the bank president set this up based on his experience in setting up a home network..

      Don't forget to chmod -R 777 / -- makes life easier.

    9. Re:Make the 81M come of the VP's bonus by l0n3s0m3phr34k · · Score: 4, Informative

      That article is crap lol. This article is far more interesting... Like how one of the security researches was abducted for several days, "malware was specifically designed to hijack access to the Swift network", Bangladesh Finance Minister A.M.A Muhith saying local banking officials were "100 percent" involved in the scandal, Rizal Commercial Banking Corporation (RCBC) President and CEO Lorenzo Tan ordering people to "move the money", how much of it has already been converted into Chinese casino chips, etc. This would make a great movie, it's so convoluted and messed up lol. It's even got "a man previously linked to illegal drug operations, Kim Wong, as the mastermind." per Philippines Senator Sergio Osmeña.

    10. Re:Make the 81M come of the VP's bonus by rahvin112 · · Score: 5, Funny

      You are apparently unaware of how finances work in states like Bangladesh.

      1. The government apportions the appropriate money for a task assuming market. Rates
      2. Department head siphons off 5% of the money and uses it to pay for Hookers and Blow.
      3. The Department manager awards the contract to a friend who then gives them 10% of the money remaining back as cash.
      4. The department representative responsible for ensuring the requirements are met then gets his 5% remaining kickback as well to look the other way as the requirements are not met. There are various other kickbacks as well, the city inspector and other involved.
      5. The company now responsible for the implementation has lost about 25% of the total. They then taken their 50% profit and buy $10 off the shelf routers to do a job that had originally required commercial grade products with support contracts and zero day support.

    11. Re:Make the 81M come of the VP's bonus by magarity · · Score: 2

      That $10 switch seems alot of like some cost reduction yahoo is calling the shots and does not want to pay for the needed costs to due it right.

      GDP per capita in Bangladesh is 750$US/yr. A $10 switch sounds like a wild extravagance.

    12. Re:Make the 81M come of the VP's bonus by The_Rook · · Score: 1

      let's all chip in and buy them a linksys router,

      --
      when religion is no longer the opiate of the masses, governments will resort to real opiates.
  2. The answer is obvious by smooth+wombat · · Score: 3, Funny

    More H-1b visas! Send them our way since they're so good at securing their own networks.

    --
    We will bankrupt ourselves in the vain search for absolute security. -- Dwight D. Eisenhower
  3. How can you digitally steal money? by i_ate_god · · Score: 1

    Presumably, if money is moved solely though digital means, it would be far easier to track where it ends up?

    --
    I'm god, but it's a bit of a drag really...
    1. Re:How can you digitally steal money? by Qzukk · · Score: 1

      money is moved solely though digital means

      I think you're looking for bitcoin. In this case the money was sent to a bank in the Philippines where almost certainly someone had opened an account with stolen ID, and closed the account out in cash as soon as the transaction cleared.

      --
      If I have been able to see further than others, it is because I bought a pair of binoculars.
    2. Re:How can you digitally steal money? by Salgak1 · · Score: 1

      . . . until you move it to payment cards, and buy items with it. . . or any of several thousand OTHER ways of laundering the money. Disposable accounts. Cash Cards. et cetera ad nauseam . . .

    3. Re:How can you digitally steal money? by whoever57 · · Score: 1

      and closed the account out in cash as soon as the transaction cleared.

      I think it unlikely that one would be able to close an account and walk out with the equivalent of millions of dollars. What bank has such large sums of cash available for customers to withdraw?

      --
      The real "Libtards" are the Libertarians!
    4. Re:How can you digitally steal money? by RabidReindeer · · Score: 1

      Many countries operate out of suitcases full of cash.

      I used to work for a Bangla guy who'd pay in $100 bills rather than write a check. Perfectly legit, tax-paid business, but he dealt in cash.

    5. Re:How can you digitally steal money? by whoever57 · · Score: 1

      Many countries operate out of suitcases full of cash.

      I am quite sure that cash is more common in many non-Western countries. But millions of dollars worth? That would be out of the ordinary.

      --
      The real "Libtards" are the Libertarians!
    6. Re:How can you digitally steal money? by Hognoxious · · Score: 1

      I think it unlikely that one would be able to close an account and walk out with the equivalent of millions of dollars.

      Depends how much of it you "accidentally" leave in the manager's office.

      P.S. if he says he needs some extra to cover "fees and expenses", he's not ripping you off. That's for the police chief.

      --
      Confucius say, "Find worm in apple - bad. Find half a worm - worse."
  4. Wrong trust boundary by Nkwe · · Score: 1

    It is not the $10 router's fault. If you have an international network, you must treat the network itself as hostile. On an international scale you simply cannot have a network that can be trusted as only having known devices and actors connected to it. On that scale you must assume that unapproved devices will be attached. Given this, the failure is in the design of the authentication system, not the network.

  5. Confusion? by Anonymous Coward · · Score: 3, Informative

    Headline states $10 router, but story states $10 switches. Who's not paying attention?

  6. Re:no surprise here by Aighearach · · Score: 1

    I think they actually make some routers in china that include firewalls.

    They actually might be the world leader in firewalls, having a Great Firewall of China.

    I don't care where a switch is made, it doesn't replace a firewall.

  7. Re:no surprise here by Joe_Dragon · · Score: 1

    No.

    More like bob we don't need a firewall just need a switch to get on the network so what can you do for $10 get a router/firewall that can't handle the load or just a basic switch that will work.

  8. Re:Router != Switch by Aighearach · · Score: 2

    Good point, App Guy! If they were running their bank using apps they would have been on wifi, and they'd at least have been behind NAT and had a minimal firewall.

    It would be an improvement!

  9. Re:Router != Switch by Killall+-9+Bash · · Score: 2

    I miss GNAA more every day.

    --
    "Prediction: within 10 years, Windows will be a Linux distribution." Me, 7-6-2016
  10. As the screw turns... by __aaclcg7560 · · Score: 1

    Most banks screw their own customers first. A bank screwing itself is something else. Another reason to use a credit union.

    1. Re:As the screw turns... by geek · · Score: 1

      Most banks screw their own customers first. A bank screwing itself is something else. Another reason to use a credit union.

      Don't be so sure on the credit union. All they do is take the money and then put it in the coffers of another bank. You're still at the mercy of the banks with a credit union, its just that now you have a middle man between you.

    2. Re:As the screw turns... by Khashishi · · Score: 1

      Sometimes, when liability is concerned, a middleman is what you want.

    3. Re:As the screw turns... by __aaclcg7560 · · Score: 1

      You're still at the mercy of the banks with a credit union, its just that now you have a middle man between you.

      My credit union doesn't charge a fee for having a checking account, making an in person transaction with a teller, or using an out of network ATM. The monthly fees I pay for being a credit union customer is zero.

  11. it's the consultant's fault! by Lead+Butthead · · Score: 1

    I am guessing they lack the know-how in house, and was unwilling to spend real money to keep full time IT staffs on board, so they instead hired some consultant who billing them a few thousand dollars for a ten dollar router...

    --
    ELOI, ELOI, LAMA SABACHTHANI!?
    1. Re:it's the consultant's fault! by jellomizer · · Score: 1

      I wouldn't even go that far. I expect a manager was tasked to setup the network. So he just did what he would do for his home network.

      --
      If something is so important that you feel the need to post it on the internet... It probably isn't that important.
  12. Irrelevant information by AchilleTalon · · Score: 2, Informative
    All the information is totally irrelevant to determine the cause of the breach.

    If you buy a cheap switch/router/hub you get a poor performance switch/router/hub or an unreliable switch/router/hub, not a hackable network. The protocol is totally encrypted end to end and getting access to a switch won't give you the keys to anything. So, the cheap switch/router/hub is totally irrelevant in this picture.

    Next, the lack of a firewall, again here, it all depends on how the network is built. Is it a single computer, single purpose network and the only port open on the computer is the port required by the SWIFT network? If yes, adding a firewall won't make it more secure neither. It is already listening on the port that would have been open by the firewall anyway. On another hand, if the computer is listening on multiple ports with pieces of software known to be flawn, it is likely to be vulnerable to an attack and maybe the encryption keys have been stolen or maybe not. We still don't know how the attack was successfully completed. So far, it is more likely someone just gave the keys and password to the hackers. It could be an inside job.

    BTW, expensive switches/routers/hubs are not necessarily more secure than cheaper one. They are made to be more reliable on 7/24 operations and have an larger capacity. That's where most of the price difference is justified to the customer

    --
    Achille Talon
    Hop!
    1. Re:Irrelevant information by ledow · · Score: 3, Informative

      I work in a school.

      Our switches cost 2000 GBP each, and we have a firewall that costs on the same order. They have features you cannot get on anything cheaper (RADIUS, et al are "freebie" features nowadays - we're talking direct MDM on the switch and all kinds of security).

      The question is not "was the $10 switch to blame?" but "why would you ever use a $10 switch anyway?" These people are storing money thousands of times more than anything we ever have to deal with, for thousands more customers than we will ever have, with thousands of times more budgets than I will ever see.

      And their stuff isn't even from the "19" rack networking" section of the catalogue. It's from the "bargain buys for home uses to 'double up' their network cables" section.

      Additionally, I'm bound by PCI DSS standards which demand things like firewalls and antivirus EVEN IF there's no need for them. I promise you. And IDS and IPS and separated networks and all kinds of security. That's just to TAKE a credit card payment to pass onto the bank. The banks themselves aren't then doing more?

      It's got nothing to do with what could be true at the bank. It's about not even trying to follow industry best practices, let alone actually getting close to them.

    2. Re:Irrelevant information by tom229 · · Score: 1

      Oh no, someone that knows what they're talking about using evidence based reasoning? Try using hyperbole and you'll get more attention and karma on this generation's slashdot and larger public consciousness.

      --
      If it ain't broke, don't fix it.
    3. Re:Irrelevant information by AchilleTalon · · Score: 1
      In case you don't know, the SWIFT network is available to single worker companies and I believe the network infrastructure of these is probably not more than a modem-router and a computer.

      Using cheap and crappy hardware at the link layer level of a network protocol doesn't make the protocol insecure, it makes it unreliable. You cannot crack on the protocol crypto because of a cheap, crappy and bad router/switch or whatever. It is simply just not involved at all in the cryptography and this is exactly for this reason you are using cryptography in first place, to avoid anybody to temper with your network traffic by cracking a networking component.

      Seriously guys, don't you known nothing about cryptography?

      --
      Achille Talon
      Hop!
    4. Re:Irrelevant information by AchilleTalon · · Score: 1

      BTW, I am not saying it is a good sounding choice to use a 10$ switch/router or whatever. I am just saying it is not the cause of the hack.

      --
      Achille Talon
      Hop!
    5. Re:Irrelevant information by AchilleTalon · · Score: 1

      If the security of your network relies on the routers and switches, you are an idiot.

      --
      Achille Talon
      Hop!
    6. Re:Irrelevant information by tom229 · · Score: 1

      So... Industry best practice is buying hardware you don't need simply because it does more things? I must have missed that course. The OP's argument is completely reasoned. We don't have enough information to make judgments here. There's no intrinsic requirement for everything to be behind firewall, or for every switch to cost 2 grand. So, a switch cost $10? I need more information to care.

      --
      If it ain't broke, don't fix it.
    7. Re:Irrelevant information by skids · · Score: 1
      1. 1 It's impossible to secure against DoS, at the very least, without relying on your switching/routing gear.
      2. 2 Security-in-depth means hardening the network not just the servers, and that requires you to rely on your network gear to provide a security layer.
      3. 3 There are certain behaviors that properly chosen network gear perform very securely and reliably, and are good choices for first-line defenses, with server-side safeguards playing only a back-up role.
      4. 4 Network gear provides a third point from which behavior of the trusted servers can be monitored for signs of compromise, rather than trusting the servers to police themselves.

      Network is part of the security picture. You can throw all the crypto you want at a problem, but if an attacker can wedge up the communications and cause services to fail before crypto is even a factor under consideration, I'd hardly call that "secure".

      --
      Someone had to do it.
    8. Re:Irrelevant information by AchilleTalon · · Score: 1

      You miss totally the point. In the case we are talking about, the only thing that matter is to know if compromising the routers/switches will grant access to the SWIFT network to initiate transaction or steal the encryption keys. The answer is clearly NO. End of the story.

      --
      Achille Talon
      Hop!
    9. Re:Irrelevant information by turbidostato · · Score: 1

      "I work in a school.
      Our switches cost 2000 GBP each, and we have a firewall that costs on the same order."

      You are expending too much.

      "They have features you cannot get on anything cheaper (RADIUS, et al are "freebie" features nowadays - we're talking direct MDM on the switch and all kinds of security)."

      See? You don't need to expend so much.

      I know, I know... paying that kind of money (maybe even public money to make things even worse) gives you a sense of accomplishment: "Mum, look at me! I'm using expensive toys because I'm already a big boy!" But, really, you don't need it.

    10. Re:Irrelevant information by ledow · · Score: 1

      It's not public money.
      It's a private school.
      With 1:1 BYOD's.
      With site-wide wireless.
      With site-wide PoE for CCTV, VoIP, access control and bell/speaker systems, all QoS'd.
      With need for multi-gigabit backbone.
      With device MDM so that when we block an BYOD (because it's not up to date, say, or is missing AV), it blocks it site-wide on the wireless and Ethernet, alerts, stops sending down paid-apps, etc. etc.
      And the network sockets are opened on the basis of device owner (set from VPP from Apple, Google, etc.), time of day, location, quarantine, etc. automatically.

      And that's just the basics. When you get into actual, useful technical features, live-cable-testing (including distance to fault), capture portals even on Ethernet, voucher codes to purchase network time, etc. the money is more than worth it. But you know what's the bit we pay for more? 48-port PoE, and a backbone in every switch capable of giving full gigabit to every port. Not many off-the-shelf switches can actually do that.

      We're not alone. Cisco Meraki is inside almost every school I visit, the larger ones especially. You don't convince bursars to pay that kind of money without saving it elsewhere.

    11. Re:Irrelevant information by turbidostato · · Score: 1

      Exactly my point.

  13. I dunno... by Okian+Warrior · · Score: 4, Interesting

    Make the 81M come of the VP's bonus.

    That $10 switch seems alot of like some cost reduction yahoo is calling the shots and does not want to pay for the needed costs to due it right.

    I dunno... reading through the hacking team break-in (by which I mean, reading the hacker's first-person description, it's unclear to me how *anyone* could be considered responsible for these sorts of things.

    The hacked system should encrypt passwords, use a salt, have offsite backups that are regularly tested... all that "of course" stuff applies.

    But I'm not at all sure how having a modem or router hacked could be the responsibility of the system.

    How can you tell? Is there an exploit for your high-end Juniper firewall?

    The hacking-team narrative suggests that the person who did it replaced the [router?] firmware with a custom one with his own backdoor. A single 0day exploit on an internet-facing appliance.

    Did someone intentionally weaken the PRNG in your Intel CPU at the mask level? Did someone replace the firmware on your hard drive? Is your BIOS compromised?

    I read where someone put malware into the firmware of an intelligent *battery*.

    Welcome to the future: everything has firmware, and all firmware can be reflashed by the factory.

    (The update service installed when you install our product will automatically upgrade the system as needed. Just download and execute! This fixes the rendering issue in the Tagalog language pack, it's a *must have* upgrade!)

    I'm not sure how anyone can guarantee their systems are secure any more.

    If the State department can't secure their computers, what hope is there for regular mortals?

  14. You see kids, this is why spelling is important. by Anonymous Coward · · Score: 1

    Even if you decide to turn to a life of crime.

  15. Could be North Korea? by GameboyRMH · · Score: 3, Interesting

    North Korea's been hurting under the new sanctions. The amount of money that was almost stolen is insane for a person to steal but makes sense for a country (or more specifically, a military and ruling party) to steal. It was a well-organized effort involving many people. They were caught because of a mistake that an English-speaker wouldn't make.

    --
    "When information is power, privacy is freedom" - Jah-Wren Ryel
  16. Re:no surprise here by Kreplock · · Score: 1

    Going to guess they do IT on a budget, let vendors do too much of their planning for them, drag their feet backfilling IT positions, and invest little in training for personnel. And management will never receive proper blame for running such a shop. Just a wild guess tho.

  17. Serves them to get screwed. by cyberzephyr · · Score: 1

    Hahahaha!

    And i never troll.

    --
    I'm here for the experience, not the Hyperbole.
  18. Re:no surprise here by Anonymous Coward · · Score: 2, Informative

    No.

    More like bob we don't need a firewall just need a switch to get on the network so what can you do for $10 get a router/firewall that can't handle the load or just a basic switch that will work.

    It is so painful reading your posts...

  19. Re:Router != Switch by tom229 · · Score: 2

    I'm sorry, why is Wi-Fi intrinsically using NAT? You are barely more knowledgeable than the OP, and at least he has a humorous, sarcastic point.

    --
    If it ain't broke, don't fix it.
  20. Resourceful employee of the year by RubberDogBone · · Score: 1

    My old workplace had an IT worker apply for a job who prided himself on finding the CHEAPEST possible solution to any problem. For example, he would grab any discarded printers or computers he could find on the side of the road or in dumpsters. The used appliance shelves at thrift stores were his source for cable modems and such. He bragged about how his last employer hadn't needed to spend much on IT because he cobbled together whatever was needed for cheap.

    Now, he was applying for a job with a company who routinely spent more on office food catering for the fun of it than his prior company's entire budget, so we were not overly concerned with acquiring network hardware from somebody's trash can. He didn't get the job.

    But I can see where someone with that kind of skill at finding a cheap way to do something might be considered a huge asset. And banks, being penny-pinchers, I can imagine he would have fit in well in such an operation and felt great about using used hardware.

    --
    Sig for hire.
    1. Re:Resourceful employee of the year by rahvin112 · · Score: 1

      Such skills are only valued by someone that thinks the ridiculously small cost of hardware is even relevant in the scheme of things. Such as a company that sees it's IT budget as an expense and not an investment in productivity. The TCO on the recycled hardware would be massive because the labor costs would dwarf any savings on hardware. And only a short sided penny pincher wouldn't see that.

      In business IT costs you need to weigh three intangibles.

      1. What's the cost of failure (in this case bankrupting the entire country).
      2. What is the TCO when you factor in labor and other related costs beyond raw hardware price.
      3. What's the differential productivity impact between each solution. (such as if the hardware is twice as expensive but makes IT twice as productive for the life of the hardware).

      Penny pinching companies might look at 2 but they roundly ignore 1 and 3. Business school isn't what it used to be, they are training people to only look at raw costs and if you are lucky TCO. They provide almost no experience with 1 and 3.

  21. The network is NOT the computer by pseudorand · · Score: 1

    Not that I'm against firewalls or managed switches or anything like that, but shouldn't the primary security control really be end-to-end encryption and strong auth at the OS level? I understand that in less secure environments we can rely on IP addresses and stuff like that for part of our protection. But at a bank I would hope that things would be secure even if your switch and firewall are both compromised.

    Of course, if you can't even get the simple things like a switch and firewall right, you have no hope of properly securing the OS. (why yes, that was a shot at the network guys! Feel free to fire back, as flamewars are fun for all here on /.!)

  22. Re:In the case of consumer $10 equipment... by skids · · Score: 1

    Yeah pretty much. What you can do, if you are integrating these things with real gear, is connect multiple ports from the same switch which send bpdus, to L3-configured (when operating) ports on the crap gear. Then set up a bpduguard on the real gear with a recovery timer, so when this happens the real gear shuts down the ports for a few minutes while the device reboots, and it'll only come up in sub-second blips Not perfect, but better than spanning tree loops and opportunities for hackery.

    ISTR there was some level of control via some firmware registers, but there was no utility to write those registers, or there was still a window of bridging, or something. That was a long long time ago.

    --
    Someone had to do it.
  23. Re:$11 Router by skids · · Score: 2

    From the way the article words it they hadn't even segmented the broadcast domains -- the sensitive servers were in the same VLAN as everything else -- nothing to do with logging capabilities, really -- they were apparently using a dumb switch with no dot1q capabilities whatsoever.

    --
    Someone had to do it.
  24. SWIFT is also to blame by l0n3s0m3phr34k · · Score: 1

    Being some huge banking system, SWIFT should have requirements for anyone connecting to their network. The US's regulatory compliance means little if we allow non-compliant systems to connect via links like this. Their website even has white papers talking about cybersecurity, IT risk management, etc. But their site also preaches quite a bit about "speed" and "ease of use", so to me it feels like SWIFT itself set up an atmosphere for their members to play fast-and-loose. There are security products that are actually FREE that they didn't even bother to use? There are numerous free applications for log analyzing, firewalls, intrusion detection, etc. Yet all these also require employees that know how to set these up and use them. Reading around the web, they've identified two Chinese nationals, and the casinos are also Chinese owned. SWIFT themselves are claiming their systems where never breached, ignoring their own reports of " sophisticated malware was deployed by the attackers on the SWIFT servers to process and authorise SWIFT transactions."

    On top of this all, there seems to be an indication that plain-old corruption had something to do with this, and that "Atiur Rahman...had kept details of the grand theft secret for weeks, seemingly even from senior government officials". So, they knew about a breech, choose to do nothing, then someone actually finally used the breach to commit the heist. If Atiur had reported the breech perhaps it could have been resolved before the money was actually stolen?

    1. Re:SWIFT is also to blame by Rakshasa+Taisab · · Score: 1

      SWIFT can only send money, not deduct money, so why should SWIFT require any security? Don't have it, well you pay for it.

      --
      - These characters were randomly selected.
  25. Inside job... by 0x537461746943 · · Score: 1

    Sounds like it was setup to be hacked... No firewall...

  26. Actually skimmed article... $10 switch = no VLAN by WoTG · · Score: 2

    Near the end of the article is the better info...

    The SWIFT connected computers should have at least been hived off into a separate VLAN. They weren't.

  27. Not as bad as it seems.. by edxwelch · · Score: 1

    The loss is not as bad as it seems. Sure $80M was stolen, but they made savings on those $10 routers, so that's maybe only $79,999,500 lost... not so bad as we first thought.

  28. Re:Router != Switch by JWSmythe · · Score: 2

    Be nice. Slashdot readership is no longer technical. Be happy that he (almost) did better than Hollywood screenwriters.

    --
    Serious? Seriousness is well above my pay grade.
  29. Re:Router != Switch by Aighearach · · Score: 1

    Wi-fi isn't intrinsically using NAT. However, the very cheapest consumer access points are all using it by default.

    I wasn't presuming that a company that used second-hand switches would buy an enterprise-grade access point, which of course wouldn't come with any of that "router" stuff, because the router wants to do that. I'm assuming they would use a second-hand consumer "soho" model. Customers would return it as broken if it didn't do NAT out of the box!