Morgan Stanley Was Hit By Chinese ‘Aurora’ Hackers

/ Source: SecurityNewsDaily

Morgan Stanley’s computer networks were infiltrated in 2009 by the same China-based hackers who launched the “Operation Aurora” attack against Google and other major American companies, according to leaked e-mails from the security firm HBGary Federal.

The e-mails don’t indicate what, if any, information may have been stolen from Morgan Stanley, or which sections of the New York-based multinational financial firm’s databases were targeted, Bloomberg News reported.

According to the leaked e-mails, Morgan Stanley was the first financial institution to be targeted in Operation Aurora, which was a series of high-profile online intrusions from China that began in June 2009 and eventually hit more than 20 top U.S. companies, including Google and Yahoo.

One expert told Bloomberg the number of companies targeted was more than 200. Few have been publicly named.

Google made its own security breach public in January 2010. Security experts analyzed the attacks and found that the intruders had exploited security vulnerabilities in Internet Explorer that had previously been known only to Microsoft.

Morgan Stanley joins a growing list of high-profile companies and organizations whose networks have been breached by intruders or websites have been brought down by denial-of-service attacks, including the Voice of America, the company that owns the Nasdaq stock exchange, PayPal, Amazon, MasterCard and the governments of Tunisia, Egypt and Canada.

Intriguing as it is, the story doesn’t end here. The same e-mails that disclosed the Morgan Stanley security breach have also led to the very public shaming of the executive ultimately responsible for their disclosure.

Aaron Barr, chief executive of HBGary Federal, announced yesterday (Feb. 28) that he was resigning from his position. His departure came just weeks after Barr and his company fell victim to an intrusion by the shadowy “hacktivist” group Anonymous.

The online humiliation began in early February, when Barr bragged to the Financial Times that he had uncovered the identities of the leaders of Anonymous and would reveal them at a security conference a few weeks later.

Before that could happen, Anonymous struck, taking down HBGary Federal’s website, hacking into Barr’s Twitter account, wiping his iPad, publishing his address, telephone and Social Security numbers and stealing and posting 70,000 of Barr’s corporate e-mails.

In that trove of stolen e-mails were the details of the Morgan Stanley hack, as well as a covert plan HBGary Federal was cooking up with two other government-connected security companies to bring down WikiLeaks through a campaign of disinformation and online attacks.