Morgan Stanley hit by same attackers that breached Google
The 'real Aurora attacks (not the crap in the news)'
Morgan Stanley was hit by a “very sensitive” breach to its network by the same attackers who penetrated computer systems maintained by Google and dozens of other companies, according to leaked emails reviewed by Bloomberg News.
The emails came from California-based HBGary, which suffered a major compromise of its own at the hands of hackers from Anonymous. After being hired by Morgan Stanley in 2010, HBGary members found that the world's top merger adviser fell prey to the so-called Aurora hacks, which siphoned source code and other sensitive data from the victim companies over a period of many months.
“They were hit hard by the real Aurora attacks (not the crap in the news),” Phil Wallisch, a senior security engineer at HBGary, wrote in one email.
In a May 10 email to HBGary President Penny Leavy-Hoglund, Wallisch wrote: “They have given me access to a very sensitive report on their Aurora experience. I will honor their wishes about not sharing the info with anyone, but the good news is that I have some great ideas for our final reports.”
A spokeswoman for Morgan Stanley declined to comment on the emails.
Morgan Stanley hired HBGary in 2010 to handle suspected network breaches. The attackers “successfully implanted software designed to steal confidential files and internal communications,” Bloomberg reported, citing dozens of HBGary emails. ®
HBgary fails again? Their rep is way down the drain
This is just another hit on the reputation of HBgary and the gullibility of IT managers of HBgary's reputed infallibility. Sounds like that technique that many of us experience - run this free anti-viru test then they try to sell you a program.
Perhaps the SEC should check up on trading emanating from China and HongKong to see if there were unusual trades following these intrusions.
Not to mention...
...that part of the HBGary hack was performed thanks to an unpatched escalation privilege hole on a Linux box.
I am very much NOT platform-agnostic, I am even a rabid *NIX fanboy, but I can recognise a stone in my garden when I see one. That's a prerequisite when you want to avoid history repetition...
actually you'll find a lot more linux desktops at morgan stanley than most other institutions.