My Archives


August 2014



Очередной взлом, очередного банка…

И, снова, виноваты… русские хакеры.

Russian hackers attacked the U.S. financial system in mid-August, infiltrating and stealing data from JPMorgan Chase & Co. (JPM) and at least one other bank, an incident the FBI is investigating as a possible retaliation for government-sponsored sanctions, according to two people familiar with the probe.

The attack resulted in the loss of gigabytes of sensitive data, said the people, who asked not to be identified because the probe is still preliminary. Authorities are investigating whether recent infiltrations of major European banks using a similar vulnerability are also linked to the attack, one of the people said.

In one case, the hackers used a software flaw known as a zero-day vulnerability in one of the banks’ websites. They then plowed through layers of elaborate security to steal the data, a feat security experts said appeared far beyond the capability of ordinary criminal hackers. The incidents occurred at a low point in relations between Russia and the West. Russian troops continue to mass on the Ukrainian border and the West tightens sanctions aimed at crippling Russian companies, including some of the country’s most important banks.

The sophistication of the attack and technical indicators extracted from the banks’ computers provide some evidence of a government link. Still, the trail is muddy enough that investigators are considering the possibility that it’s cyber criminals from Russia or elsewhere in Eastern Europe. Other federal agencies, including the National Security Agency, are now aiding the investigation, a third person familiar with the probe said.

Небольшая поправка…

..К этому.

Я тогда написал, что “прикрутил” возможность авторизации, практически отовсюду. Делал я все это глубокой ночью (ранним утром), — это уж как кому удобно. Проснувшись утром и посмотрев на все здраво, (прочитав документацию) оказалось, что практически по каждому сервису нужно было выполнять некий танец с бубном. То есть, все нужно было прописывать отдельно…