Hackers Hacks Into Banks System

hack-bank-systemsRecently a cyber-security alert has been issued to banks by the Federal Financial Institutions Examination Council is shortly known as FFIEC. The alert is on cyber security of the interbank messaging system. The warning is the latest one to the banks after Bangladesh Bank has lost an enormous amount of money in a recent attack by hackers.

 

Reports on Breaching of Interbank Messaging System:

After the assault on the Bangladesh Bank, there are some reports according to which some other banks have breached their interbank messaging system. The SWIFT banking network issued a warning that one more bank had been attacked. The name of the bank is unknown. According to the reports of BAE Systems Applied Intelligence division, the Bank was a commercial bank in Vietnam. A warning to the banks has been issued by the Federal Bureau of Investigation.

The recent hacking attacks have no direct link of breach to the central systems of SWIFT Banking Network but the client side messaging components has been compromised by these attacks.it does rely on the client-side messaging components being compromised. The both recent attacks done by the hackers are done using profound and classic knowledge of detailed controls or may be by cyber-attacks. There is a chance that these attacks are accomplished with the help of both.

 

About what the FFIEC warned the banks?

In the view of the two most recent attacks the FFIEC has alerted the banks that they should keenly manage the risks that are related to the interbank messaging system. This is done to warn financial institutes again that they should go through the controls in IT and check their practices used in risk management. The institutes should particularly need to pay attention to the authorization, authentication, response management systems and other processes.

 

How can Banks Reduce the Risk?

The statement provides a list of steps that can be used whenever any bank is looking to mitigate the chance. The steps that can be utilized are as follows:

  • The institutes should conduct ongoing info security risk evaluations.
  • Around critical systems, the organizations should regularly enforce and assess controls.
  • The should perform risk mitigation, prevention and security monitoring.
  • Protection against any unauthorized access should be done.
  • They should improve awareness about information security and training programs.
  • Business continuity risks should be managed.
  • The institutes should take part in industry information-sharing forums.

The above seven steps are critical as the FFIEC is merely concerned about financial institutions. The steps can be adopted by any IT security team as they are very easy to implement. These seven steps can prove an excellent initiative for the audit committees that are working inside the companies to evaluate the enterprise’s security.

 

Conclusion:

Small countries are the focus of the attacks as well as the banks that are having tiny security in different parts that possess an IT environment.  As the attackers are refining their expertise and they are increasing their learning about the interbank messaging systems, they will not take much time to attack the larger financial institutions as well as the banks.

Navy Seal Killed in Firefight

seal

Hearing the news about a military death is never an easy thing for anyone involved, be it the American public or fellow service members. It is even worse when that member was lost during combat. Unfortunately that is the current situation this month. A United States Navy Seal was recently killed in a firefight against ISIS forces in Iraq. The Navy Seals were there attempting to assist the Kurdish Peshmerga troops who had already been fighting the ISIS militants for roughly an hour before service members arrived to assist and hopefully drive back the militants. It was during this firefight that the currently unnamed service member was shot and killed by small arms fire believed to be an AK-47 rifle.

This newest unfortunate death is not the first that has occurred within Iraq during this long and ongoing fight against the militants. This is actually the third American military death that has occurred in the ISIS fight in Iraq alone. The first death occurred back in October of 2015 when Delta Force Master Sgt. Josh Wheeler was killed during a fight. He was acting in a very commendable situation that is currently credited with freeing as many as 70 hostages. The second military personnel that was killed was U.S. Marine Staff Sgt. Louis Cardin in March of 2016. He was killed in a rocket attack on a firebase.

This tragic death of a Navy Seal came shortly after more troops were recently deployed to both Iraq and Syria. These additional troops totaled about 450 which was approved by President Obama. The United States currently has the most troops dedicated to this fight with a little more than 4,000 troops dedicated to this cause. The country that follows is France with just 1,000 military personnel dedicated to the fight. All of the other countries that have dedicated any military to this fight have no more than 400 military members dedicated to this particular fight. The severe differences in numbers are hard to overlook.

Although this cause is undeniably a just cause, there does not seem to be an end in sight and higher ranking military do not see an end to the fight within this calendar year. The little bit of good news is that this most recent skirmish seems to have dealt a considerable blow to the militants. It is reported that the militants suffered a not inconsiderable amount of loss of fighters. Beyond the unfortunate loss of the American serviceman, there were several injuries among the Christian fighters as well as the Peshmerga troops.

While the news of the service member’s death is terrible news, it is good to hear that the militants suffered such a critical blow. It is also good to hear that the service members that were fighting alongside the still unnamed service member did not stop fighting until they began to run low on ammunition. This dedication is impressive and speaks well for our side during the rest of this long and drawn out ordeal.

The Cyber War Against ISIS

cyber attack

While the private realm has been waging an admittedly less than successful war against the extremist Islamic State for some time now, it’s only been recently that the US government has publicly talked about cyberattacks against ISIS. But what does the cyber war against ISIS really entail?

 

An Ongoing Operation

 

At the forefront of the Department of Defense’s operations seem to be focused on social media. Encrypted messaging apps are used by the Islamic State to recruit and distribute propaganda, and with messages that aren’t captured or monitored, the US is looking first to establish back doors to apps with end-to-end encryption.

 

Operations launched out of Fort Meade, Maryland, began in early 2016 at the prompting of Defense Secretary Ash Carter. At this point, though, the DoD is being decidedly quiet on the details of their actions. Statements from officials have had the sentiment of trying a number of things to see what works and what doesn’t. This is not to say that there is not a plan in place, only that those behind the operation are being decidedly and perhaps necessarily tight-lipped about the planned attacks.

 

In addition to attempts to disrupt social media, other plans seem to focus on preventing the Islamic State from conducting financial transactions or setting up logistics. Though seemingly the lower priority (or perhaps just the less discussed one), it is here that DoD and partnering agencies may have the potential to do more. ISIS has proven incredibly adept from the onset with their use of technology to recruit and motivate. With other battles still circulating in the public sphere regarding the government’s access to encrypted technology, working in areas external to those apps may show more promise.

 

An Internal Battle

 

Some are left wondering if the cyber war is too little too late as Carter waited months before bending to the pressure to do more against the Islamic State’s virtual presence. Carter’s big concern, he claims, is that attacks might disrupt intelligence officers’ ability to find warning or indications of the group’s current activity.

 

There is also worry that attacks on the infrastructure that allows ISIS to distribute virtual information will also impact civilian networks and systems needed for critical operations in the nations targeted.

 

One of the more striking points to come from the announcement of this self-proclaimed aggressive attack is how unequipped the US seems to be to conduct offensive attacks on a technological level. Overseeing organization Cyber Command only began operations in 2010, and has been largely defensively focused up to this point. A more comprehensive team is underway with the Pentagon, but will not see full numbers until 2018. There is little talk of how operations are going to be approached prior to the completion of team building and training. Until then, the cyber war against the Islamic State is set to continue under the same unclear policies and practices with which it was launched. What good it does, if any, will likely not be known for some time to come.