
What if financial systems were hacked - I-M-S
http://worldif.economist.com/article/12136/joker-pack
======
atemerev
I work in finance.

Our systems are as shitty as any other industry, security problems are there,
and social engineering is a problem. However, there is one simple rule which
allows us to worry less about possible hacks, and when this rule is broken for
some reason, shit usually hits the fan (like in the case of Bangladesh heist).

The rule is: it always should be possible to manually reverse the transaction.

Ethereum got it right. Welcome to the real finance.

~~~
amelius
> The rule is: it always should be possible to manually reverse the
> transaction.

In a financial transaction there are two parties, and both must agree to a
reversal. Especially if you want to reverse thousands of transactions. Unless
there are special circumstances. But in no way will it always be possible to
manually reverse a transaction.

~~~
JumpCrisscross
There are lots of parties to any financial transaction. Transfer agents,
exchanges, clearing houses, regulators, central banks, _et cetera_. Various
combinations of the above, along with banks and the "buyer" and the "seller",
can reverse transactions.

~~~
amelius
s/can/could in some cases/

------
jondubois
Financial systems have been hacked since the beginning and now the hacking is
getting worse.

Regulations will make it progressively harder for newcomers to compete in the
marketplace, executive pay will keep rising, corporations will get bigger.
Owners of capital won't be able to trust outsiders so they will only recruit
their family and close friends into well-paid executive positions. Advertising
will completely dominate consumer behaviour; small businesses will disappear;
once virtual reality takes over, corporations will make sure that customers
forget that these small companies even exist.

Machines will replace people in the workplace. The rich won't care because at
that point; because of social tensions and advertising, rich people will have
grown to literally hate the poor and want them dead.

~~~
imglorp
Humor aside, the real crimes are the systemic from the top, like the Libor
clowns, which will erase public trust at some point, which will cause the
public go back to keeping money in mattresses.

Fortunately there are some small wins, like these little fish going to jail:
[http://www.bbc.com/news/business-36737666](http://www.bbc.com/news/business-36737666)
but we need to keep it up and restore accountability.

~~~
jondubois
Yes, I think 'honesty', 'trust' and 'reputation' used to be very important in
the old days but not so much now - The system is extremely generous when it
comes to giving people 'second chances'.

In our semi-globalized world, you can take HUGE risks and make a COMPLETE MESS
of your reputation and credit rating in your home country, but then you can
move to a different country (and often, you can also bring along your dirty
money with you) and start fresh as though nothing ever happened. Unless you're
a major public figure; no one will know what a crook you are.

A partially-globalized world is a perfect world for crooks. I think we should
either give up on globalization completely or go full steam ahead and merge
into a 'world government' under which everyone can be held accountable for
their past behaviour without any loopholes.

~~~
hx87
We don't need a global government as much as a global reputation system, and
we're slowly moving towards that direction. It's especially true of the United
States and Europe--if you screw up big time there, it's easy to find out, and
it's not like authoritarian regimes outside the west have any incentive to
protect the reputations of western companies via censorship.

------
riskable
The article talks about all these sophisticated attacks that could _hurt_ the
financial system but I think they're not seeing the elephant in the room: What
if someone just ran "rm -rf /" on thousands of servers at just _one_ of the
"too big to fail" banks?

How long would it take to recover from that? Would it even _be_ recoverable?

I don't think any of the big banks employ enough IT people to recover tens of
thousands of servers in time to save the world's economies from a major
collapse. Recovering from such a situation would take _months_. Not only that
but let's assume they hire temporary contractors to do the work... Can you
even vet that many people that quickly? You'll be handing these folks some of
the world's most sensitive information.

The Fed needs "IT stress testing" in addition to their balance sheet stress
tests. They need to ask these sorts of questions: "If half your servers were
deleted how long would it take to recover from backups?" "Demonstrate a backup
recovery on the following ten randomly-selected servers _right now_. You have
8 hours. Good luck!"

~~~
trequartista
Having worked at 2 of these "too big to fail" banks, disaster recovery testing
is par for the course now. We would do DR testing every quarter on both the
primary and secondary data centers. Common simulation scenarios were -
network/disk failures in which case the secondary data center would take over
the operations. We would also time how long it took for applications to come
back up, with high priority apps (trading, payment etc) being given extreme
importance.

~~~
kemiller2002
We did this too. We tested our DR plan at least once every year (this included
busing people to a different location, timed responses etc.), and we were
considered a non essential part of the bank. We also had to make sure that all
our servers had dual power supplies, and were attached to diesel generators in
case of a power outage. They were much more on top of it than any other place
I worked.

------
ktRolster
A lot of financial systems are running COBOL on mainframes (which can look
very pretty, check out the z13:
[https://www.google.com/search?q=z13&tbm=isch](https://www.google.com/search?q=z13&tbm=isch)
)

There was a talk last year at DefCon that went over mainframe vulnerabilities,
and it was like a playground. The biggest barrier to entry is getting a
mainframe to experiment with.

~~~
padiyar83
This reminds me of an article on wired[1] where someone hacked into hosts that
were hooked into legacy X.25 networks. And just like mainframes and COBOL,
there are not very many engineers who understand X.25 networks today, and
hence had a very relaxed security posture.

[1] [https://www.wired.com/2016/05/maksym-igor-popov-
fbi/](https://www.wired.com/2016/05/maksym-igor-popov-fbi/)

~~~
voltagex_
Thank you for that article. It's fantastic - I'm assuming you also read
KrebsOnSecurity? There are similar kinds of stories there.

------
Animats
Transactions should be logged to something that can't be tampered with. Then
you can go back and recover state by re-running transactions. Sarbanes-Oxley
tries to require this, and it produced a boom in write-once media, such as DVD
writers. There are also DAT tapes and even disks with controllers which
supposedly enforce write-once.

It's not clear how good compliance with this actually is.

~~~
johnloeber
I would be hard pressed to think of things that "can't be tampered with." When
you make something difficult to tamper with, you usually just increase the
potential payout of tampering.

There's an essential problem: all security systems can be compromised. When a
security system seems more safe than the others, more people will use that
system, thereby increasing the incentive for adversaries to try to break it
(and almost always they will succeed).

~~~
asuffield
> When you make something difficult to tamper with, you usually just increase
> the potential payout of tampering.

The real goal is to make the cost of tampering exceed the payout. The standard
mechanisms for increasing the cost are computational power needed
(cryptography) and ability to participate in mainstream society (legislation).

------
rbcgerard
As an someone on the outside, I would imagine the OCC, DTCC or some other
clearing house getting hacked as creating far more havoc? Any reason this
wouldn't be the case?

[http://www.dtcc.com/](http://www.dtcc.com/)
[http://www.theocc.com/](http://www.theocc.com/)

------
JumpCrisscross
> _But if this happens to many banks concurrently, and nobody understands why,
> would central banks be able to save the situation?_

Why not? If we restrict ourselves to sovereign, first world central banks (
_i.e._ the Fed, the BoE, the ECB, _et cetera_ ), a bank holiday (to reconcile
records) followed by a liquidity injection would not only be expected, it
would have direct precedent from FDR's bank holiday on 6 March 1933.

------
emn13
I think the underlying issue here is that responsibility for preventing these
attacks is misplaced. In short: we need to blame the victim.

There's a popular notion to "not blame the victim" when it comes to many other
crimes (e.g. rape). Because long-standing culture traditions or implicit
biases can be involved, it's not almost glaringly obvious that somebody is
blaming the victim. As such, it's become a kind of litmus test: you look for
warning signs that some policy or statement is (even unintentionally) laying
the blame on the victim. And that habit is easily transferred to new
misconduct, such as hacking.

I think we need to step back and understand _why_ we should not blame the
victim for other crimes: I'd argue it is not because they're already
suffering, but because the best way to prevent the problem is by focusing on
(A) those we can influence and (B) those best placed to prevent the problem.
Often that's not the victim - but sometimes it is. In many sex-crimes, the
perpetrator is socially well-respected and in a position of power, so that's a
(typically) a man that can be influenced (satisfies A), and since he's using
his position of power he apparently has it; so he's well placed to prevent the
problem (satisfies B).

So for example, we might prosecute people breaking into cars. But most people
realize that we're not likely to catch enough thieves to really reduce theftto
a minimum, so we also invest in locks, and we teach people not to leave
valuables in sight. This is a form of blaming the victim - justifiably so,
since I'd argue that if you left your car unlocked and/or leave valuables in
sight you're not just hurting yourself, you're hurting others too: you're
making theft easy, and by making it worthwhile, you may encourage thieves to
try more frequently - also against other targets.

For another example, consider vaccination. Failure to vaccinate make cause the
victim to become sick (or their kids to become sick). But here too, it's not
just themselves they hurt; they hurt others by propagating dangerous diseases.
Beyond a certain level, they'll contribute to epidemics that can hurt even the
vaccinated since no vaccine is perfect.

From the perspective of preventing harm, protecting yourself from malicious
hacks is more like a cross between theft prevention and vaccines, and not like
preventing rape by a powerful individual. Most hacks are trivially easy to
prevent (it often takes numerous bugs, mis-designs, and some social
engineering to gain access) if there were systematic effort to prevent hacks,
so the victim is in a place to prevent the harm from occurring. And since it
takes considerable organization to run most vulnerable services in the first
place, the victim is also one we can influence.

Focusing on the hackers isn't just futile, it's actively harmful in several
ways. Not only is it obvious that many hackers cannot currently be found, many
are beyond the reach of law enforcement by virtue of living elsewhere (or at
least, acting through not-entirely cooperative countries). So it's immediately
apparent that's it's never going to suffice to focus on the perpetrators (they
don't satisfy A: we can't influence them). But also, by focusing on the
hackers, we help keep vulnerabilities secret. Would you rather be hacked by a
script kiddy or by an unscrupulous competitor or hostile country? Hiding
vulnerabilities rather than fixing them means that the vast majority of
hackers that can never be caught simply have more targets. Additionally, by
focusing on hackers, we draw attention _away_ from those that _can_ bear the
responsibility to prevent hacks: the victims. And that lets them get off the
hook too easily. Most companies suffer rather few consequences for running
infrastructure that is, in essence, a public menace. And much like theft and
vaccination examples, they hurt others by remaining vulnerable. When an
organization is hacked, it affects not just it, but many others. In a data
leak, most harm is usually suffered by those who's data is leaked, not by the
company holding the data. And when financial infrastructure is hacked then
it's not just the organization running it that is harmed, but in particular
those that rely on it.

In short: we need a sea-change. To really address the risks posed by hacking,
we need to stop focusing on hackers, and instead blame the victim. By failing
to defend themselves they are hurting themselves and others, and focusing on
hackers is never going to work anyway (and indeed makes it less likely that
vulnerabilities are discovered by non-malicious or mildly malicious actors
rather than those really motivated and out to get you).

~~~
softawre
You're speaking to the choir here. Find a way to make your point more concise
and convince the popular media and your non technical friends, and then we're
on to something.

------
elgabogringo
$100M theft from the central bank already this year:

[https://en.wikipedia.org/wiki/2016_Bangladesh_Bank_heist](https://en.wikipedia.org/wiki/2016_Bangladesh_Bank_heist)

~~~
ktRolster
That is mentioned in the article.

------
tmaly
I am surprised they did not mention the FDIC hack.

This is dangerous stuff when a small hack can destroy peoples lives.

~~~
infinite8s
Do you have any links/sources?

------
known
Not surprised [http://cnbc.com/id/43471561](http://cnbc.com/id/43471561)

------
gmarx
Return to gold standard and have process for rolling back transactions if the
gold doesn't match

------
Atwood
TPFAssembly uses sheet metal and scrap pallet guillotine. It is super
effective.

------
ittekimasu
Bitcoin rises; Fiat burns.

~~~
easuter
Haha! I'll take bitcoin seriously once it can actually process a useful number
of transactions without choking.

~~~
atemerev
It does now. 30 minutes is much better than a day for bank transfer.

~~~
oarsinsync
Typically ~seconds in the UK with Faster Payments (which is generally up to
£10,000)

~~~
al_chemist
> Faster Payments Scheme Limited (FPSL) is (private) company

It's like saying that banks allow you to send money instantly, because you can
just give cash to your friend by hand.

~~~
oarsinsync
Except it's not, as I'm just initiating a normal online payment through my
online banking, and the recipient receives it (usually) close to instantly.

Giving cash to a friend still requires me to withdraw the cash from an ATM,
pass it to the friend, who then needs to deposit it using a deposit ATM or
visit his branch.

One involves a few clicks on your online banking website, the other requires a
much longer process. The backend company isn't really relevant, what is
relevant is that 'Faster Payments' has been used as a marketing term for 'near
instant bank transfers' that transparently use FPSL as a backend.

Not at all equivalent.

