Slashdot Mirror
Malware Bank Attacks May Be Linked To Sony Pictures Hack (blogspot.fr)
itwbennett writes: Researchers at BAE Systems have found a long chain of coding coincidences linking attempted fraud over the SWIFT network to the 2014 Sony Pictures hack. "The overlaps between these samples provide strong links for the same coder being behind the recent bank heist cases and a wider known campaign stretching back almost a decade," the researchers concluded. But it's still anybody's guess who's behind all these attacks: in Bangladesh, government officials are pointing the finger at SWIFT technicians who worked on the central bank's network last year, while the FBI says that attack was an inside job -- but blames the North Koreans for the Sony hack.
Sunday a bank in Vietnam revealed that it had also identified and blocked a $1.13 million fraud attempt, saying that a third-party service it used to connect to SWIFT's global money transfers system may have been attacked by hackers.
Sunday a bank in Vietnam revealed that it had also identified and blocked a $1.13 million fraud attempt, saying that a third-party service it used to connect to SWIFT's global money transfers system may have been attacked by hackers.
Sony was attacked a number of times these past years, and some of these attacks targeted easy flaws, like SQL injection for instance. Are these bank attacks as dumb as Sony ones?
Slashdot, fix the reply notifications... You won't get away with it...
The FBI blaming the North Korean's always looked like at best a political motivated finger pointing of "we can't find who really did it but North Korea are currently pissing us off so lets blame them."
the amounts involved are too small for criminal organisations like CIA/Mossad/MI6/FSB etc to be involved in.
Who's behind the malware that prevents peoples brains saying Microsoft Windows in relation to malware fraud.
probably because only retards think the version of the OS is important when you are talking about insiders and social engineering attacks to launch malware, these were Windows based but are just as effectively on OSX or Linux etc.
Mossad is more interested in large scale operations such as executing the 9/11 attacks.
The Sony hack was an inside job done from an internal machine.
How fucking hard it is to track that down if marginally competent people are investigating?
This latest bank "attack" was also a (completely unrelated) inside job.
Is this what international banking has been reduced to by the worlds most innovative computer ecosystem. The financial worlds currency system gets hacked through a front-end running on Windows and people think that's normal. Microsoft the company that made typing dangerous.
So which OS protects you from a admin with malicious intent?
Hey, why don't you stop with that shit? Your racist trash is being down-modded time and again, but you continue to spew your hate.
Wasn't it Einstein that said insanity was defined by performing the same action repeatedly but expecting a different result?
I am sure they are too busy covering up Roswell or the fake moon landing to be doing 9/11 as well and let's not forget they still need to hide the fact Obama is an alien.
Couldn't be, because it was a hack. Therefore it was hackers. Same with this thing. It was hackers. HACKERS!
At some point you are at the mercy of those running the system. Operating System is irrelevant, it is the programs, the auditing and alerting that run on the system. Given how many people have been caught over the last hundred years doing similar scams from inside banks with fake accounts etc (and who knows how many more that got away with it or were hushed up) this is a people and processes problem in that as it was an insider with all the access, they needed to catch it faster as in the end it is near impossible to completely prevent an insider from abusing trust.
Arguing with nuts is usually a waste of time. People who hallucinate Jews under their bed are still going to "see" them under there even if you have 50 witnesses; they'll just say the witnesses were paid by the Jews to lie.
Rock, paper, scissors, hallucinations. Hallucinations always win.
Table-ized A.I.
In other words, nobody knows who did it but everyone has a favorite scapegoat that should be responsible, not because it's likely but because they'd like it.
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
uefi file drops.
alternate streams.
shadow file writers(sha checks pointless).
unnoticiable virtualization.
fake process ids for network.
linux has almost catched up but just almost.
The overlaps between these samples provide strong links for the same coder being behind the recent bank heist cases and a wider known campaign stretching back almost a decade
Maybe the coder is selling his code. Doesn't mean he is behind these campaigns...
Silence is a state of mime.
I can't imagine North Korea had an undersea fiber cable laid, nor is borrowing a cup of bandwith from their southern cousins.
That leaves one country fulfilling the role of NKs ISP. Funny how they continue to get a free pass. It's almost like both governments are of like mind and cooperate on this sort of theft and destruction.
When I first read the headline, I thought it was describing a malicious bank that was attacking somebody or something.
I guess I need to read more content before I jump to conclusions. Or maybe the editors/authors should learn to create better headlines.
Sony pays good money to the government to place the blame on North Korea.
Only the State obtains its revenue by coercion. - Murray Rothbard
@Anonymous: "So which OS protects you from a admin with malicious intent?"
@bloodhawk: "At some point you are at the mercy of those running the system. Operating System is irrelevant, it is the programs, the auditing and alerting that run on the system. Given how many people have been caught over the last hundred years doing similar scams from inside banks"
The second system that runs transparently to the first, that provides a full and irrevocable audit trail on the first, in order to precisely catch such scams.
So how does that solve user X typing into a terminal that Fake Person A just opened an Account and transferred X Dollars in or deposited Y dollars in or has requested a transfer of Z dollars. Those systems ONLY provide the audit trail, they do nothing to prevent the actual fraud as until you know the people are not real or the real deposits never happened it is based on trust of those entering it into the system.
An Audit trail does not prevent such scams, it only allows for forensic processing of what happened after the fact. such an audit trail has no way to tell which entries are fraudulent, it can only record them for later review.