Attackers affiliated to the Anonymous collective claimed to have taken down the Bank of England’s internal email server.
According to Anon News, the attackers claimed to have taken down the Bank of England’s internal email server as part of an operation dubbed ‘OpIcarus.’ The websites of the National Reserve Bank of Tonga, the Federal Reserve Bank of Boston and the central banks of Sweden, Myanmar and Laos were also claimed to have been hit.
Stephanie Weagle, senior director at Corero Network Security, said: “While the impact on the individual targets of the DDoS attack campaign, ‘OpIcarus’ is unclear; obstructing or eliminating the availability of email servers is significant. In an online world any type of service outage is barely tolerated, especially in the banking industry where transactions and communications are often time-sensitive, and account security is of utmost importance.”
In January, a statement about OpIcarus said that the power behind the throne lies “within the global financial system, centered within the New York Stock Exchange and Bank of England”.
It went on to say: “We must strike at the heart of their empire by once again throwing a wrench into the machine, but this time we face a much bigger target; the global financial system. This time our target is the New York Stock Exchange and Bank of England."
"This is a call to arms my brothers who for too long have stood for nothing but have criticized everything. Stand now, behind the banner of free men against the tyrannical matrix of institutions that oppose us. Ready your weapons and aim them at the New York Stock Exchange and Bank of England. This is the operation to end all others. Innocent people may stand to lose something from this but the powers that be stand to lose much more.”
Federico de-la-Mora, vice-president in EMEA at Lastline, said: “Based on the coverage across the media, the Waking Shark exercise was indeed a success. However, this recent breach at the Bank of England brings to the fore three key points in cybersecurity: First, it is not possible to eliminate all the cyber risk. Organizations would require an unlimited amount of resources and budget to close all the gaps, and even then new ones would be likely to appear.
“Second, cybersecurity professionals are taking a more pragmatic approach to protect their organizations. They focus their limited resources to protect the organization's most critical assets and applications to ensure the continuity of the business. Something we can't answer based on the available information is whether the Bank of England considers its internal email a critical service or not. The answer is likely yes, but with so many alternative communication technologies, the downtime might have had a more limited impact.
“Finally, scenario planning supported by exercises like Waking Shark has limitations. For instance, it is not possible or practical to simulate all the critical scenarios or to implement timely defenses for new vulnerabilities identified during the exercise. As a result, it's important for organizations to implement robust breach detection processes and the Incident Response capability to deal with a breach.”