How Hackers Breached a Government (and a Bank)
Project and Program: Enterprise Data Center
, Security and Compliance
, SHARE in Seattle 2015
In early 2012 a group of 3 hackers were caught when a Swedish government mainframe was no longer running as expected. This was the first warning that hackers had penetrated the supposedly unpenetrable IBM mainframe. Using an old emulated operating system (z/OS 1.4), some newly released tools, and dedication, these hackers were able to learn about the weaknesses in the platform and use it to successfully break in, maintain access, and steal some highly confidential information. The hackers then leveraged their newly acquired skills to attack banks, schools, etc.
One such bank, Nordea, decided to go public with the breach, although others didn't. With Nordea the attackers were able to successfully steal $6,400, but were stopped when they tried to steal $1,000,000. These breaches resulted in emergency fixes from IBM, two zero-day exploits (one remote, one local), Sweden declaring it a 'Special Event', the theft of Sweden’s tax processing source code, and multiple databases including those used by the Swedish police for 'protected' individuals, SPAR (SSN equivalent) and their DMV equivalent.
Due to being the only person talking about this topic publicly, Philip Young was able to obtain the detailed investigations to the attacks and some extras that weren't in the report. This talk with walk through the attack, start to finish, giving live demo's of the attacks, the backdoors, and the offline password cracking, to show their effectiveness against z/OS. It will also cover some of the shortcomings from the system operators' perspective, and the outcomes from the breach.-Philip Young-VISA
Back to Proceedings File Library