The December 2022 issue of IEEE Spectrum is here!

Close bar

Hmmm.

This morning's Wall Street Journalclaims that a subsidiary of Citigroup was hacked by a Russian cyber gang which stole "tens of millions" of dollars, and that the incident is being investigated by the US Federal Bureau of Investigation (FBI), National Security Agency (NSA), along with the Department of Homeland Security (DHS). The WSJ gives US "government officials" - presumably from one or more of the above agencies - as its sources for the story.

The story also quotes Joe Petro, managing director of Citigroup's Security and Investigative Services, who said that, "We had no breach of the system and there were no losses, no customer losses, no bank losses.... Any allegation that the FBI is working a case at Citigroup involving tens of millions of losses is just not true."

The WSJ also says that federal agencies will not comment about their story.

So, was Citi hacked or not?

Back in 2008 in another hacking incident, Citi also denied it was hacked, but the evidence strongly indicated that it knew about the problem all along.

Banks that get hacked are generally loath to admit it, as this 2000 story in Forbes on "How to Hack a Bank" discusses. A Computer Crime and Security Survey from 2005 indicate that only 20% of companies reported security breaches to authorities.

In fact, the Forbes story tells about how it wouldn't have been difficult to steal a $1 billion from Citi at the time because of its lax security standards. 

It would not surprise me that the FBI has asked Citi to be quiet about the incident, while other government officials couldn't resist blabbing about it to the WSJ.

In other security news, the Obama Administration finally found someone to take the job as cyber czar: Howard A. Schmidt, a cyber-adviser in the Bush Administration.

According to the Washington Post, "Schmidt served as special adviser for cyberspace security from 2001 to 2003 and shepherded the National Strategy to Secure Cyberspace, a plan that then was largely ignored. He left that job also frustrated, colleagues said. "

Anyone want to bet how long Mr. Schmidt will last this time, especially since observers tell the Post that he is over-qualified for the job?

The Conversation (0)

Why the Internet Needs the InterPlanetary File System

Peer-to-peer file sharing would make the Internet far more efficient

12 min read
Horizontal
An illustration of a series
Carl De Torres
LightBlue

When the COVID-19 pandemic erupted in early 2020, the world made an unprecedented shift to remote work. As a precaution, some Internet providers scaled back service levels temporarily, although that probably wasn’t necessary for countries in Asia, Europe, and North America, which were generally able to cope with the surge in demand caused by people teleworking (and binge-watching Netflix). That’s because most of their networks were overprovisioned, with more capacity than they usually need. But in countries without the same level of investment in network infrastructure, the picture was less rosy: Internet service providers (ISPs) in South Africa and Venezuela, for instance, reported significant strain.

But is overprovisioning the only way to ensure resilience? We don’t think so. To understand the alternative approach we’re championing, though, you first need to recall how the Internet works.

Keep Reading ↓Show less