'Should a bank admit technical problems are because of hackers? ' blog discussion

Former_MSE_Helen

This is the discussion to link on the back of Martin's blog. Please read the blog first, as this discussion follows it.

Read Martin's "Should a bank admit technical problems are because of hackers? " Blog.

Please click 'post reply' to discuss below.

telsco

It was probably a mix of hackers and their friends on the inside trying to break the security.

PoisonPen

Banks will never admit to such a security breach. However even though this has been "explained" my background in City Banking IT finds that, all things considered, this has more to do with a security breach than a system error. Interestingly a few days afterwards MI5 was talking about cyber attacks and threats. If this was a security breach then it would seem the defense worked to protect customers albeit at the pain of customers thereafter. If this was a system error I wouldn't like to be the person responsible !

Zorz_2

A correction:

In 2007 MSE suffered a DDOS (dedicated denial of service attack) – effectively a deliberate simulation of billions of users to crash the servers.

The first D of DDOS is for "distributed", not "dedicated".

MSE_Martin

Zorz wrote: »

A correction:


The first D of DDOS is for "distributed", not "dedicated".

quite right - that'll teach me for writing it so quickly. I've changed it - ta

jamesd

You, me and every member of your staff as well as every member of bank staff will screw up. It's just a question of time. Precautions to reduce the frequency and severity are good but one of the more significant features of such cases is how the problem is handled.

The banks will almost certainly be prohibited from disclosing any significant threat to their systems during any live attack. Like lies from regulators staying that a bank doesn't need money during a run, such things are to be expected and will only be disclosed later, sometimes much later.

As a practical matter today no UK bank is likely to get a large enough run to overpower the flood of money that would flow from the Bank of England and Treasury to ensure that every request was met unless the ATM withdrawing was happening too fast to get the machines restocked and keep up. Most of the money would be getting deposited back at the BoE by whatever financial institution it was being transferred to, so the net cost to the BoE would be quite low and it would make a profit on the emergency funding charges. Finding which securities to end against and broadening that definition enough to meet the needs might be something that requires quick creative thinking sometimes.

arcon5

No - they shouldn't admit it publicly.

Admitting it could cause major panic with people going in to branches to withdraw cash (sound familiar?) and online to transfer the money to a different bank - how would this affect their cash reserves? How would this look on their books when loans very quickly and very significantly outweigh deposits? Such action could have catastrophic effects on the bank, particularly if they sought help from another bank to find either a) nobody would lend them money because they see them as a high risk or b) a hike in interest rates.

A specialist team should go in to determine how it happened, whether it could have been prevented, what damage was caused and how to ensure it won't happen again. People can be held accountable and regulators can step in still without public knowledge.

Admittedly exposing it to the public would sell newspapers and make an interesting read but this would not outweigh the potential problems it could cause.

wanchai_2

Ulster Bank is still not back to normal grrr!!!!

spufidoo

It wasn't hacking at all - why do muggles (non-techies) always find hacking conspiracies where there are none?

Take a look at page /2012/06/26/rbs_natwest_ca_technologies_outsourcing at theregister.com

It was a combination of the banks draconian staff-reduction money-saving policy and offshore incompetence.