time.com
Open in
urlscan Pro
65.9.66.83
Public Scan
URL:
https://time.com/6333716/china-icbc-bank-hack-usb-stick-trading/
Submission: On November 13 via api from ZA — Scanned from DE
Submission: On November 13 via api from ZA — Scanned from DE
Form analysis 3 forms found in the DOM
Name: search — GET /search
<form name="search" action="/search" method="GET"><input type="text" placeholder="Search..." class="relative w-[13.5rem] bg-transparent py-1 pl-2 font-pt-serif italic text-time-gray-1 antialiased outline-none lg:w-96" name="q" value=""></form><form class="{{csscommon}}-form {{csscommon}}-text-tracks-upload-form">
<div class="{{csscommon}}-form-input {{csscommon}}-select-field {{csscommon}}-direction-pointer">
<select data-selector="select-text-tracks-label" tabindex="-1" class="{{csscommon}}-form-input {{csscommon}}-text-tracks-label-input" name="{{csscommon}}-text-tracks-label-select" onmousedown="{{prevent_un_hover(domEvent)}}"
onmousemove="{{prevent_un_hover(domEvent)}}" onchange="{{selected_label_value(domEvent)}}">
<option disabled="" value="" selected="">
{{string('select-text-track-language')}}
</option>
<option ba-repeat-element="{{locale :: uploadlocales}}" value="{{locale.lang}}">
{{locale.label}}
</option>
</select>
</div>
<div class="{{csscommon}}-form-input {{csscommon}}-button" ba-show="{{chosenoption}}">
<input type="file" data-selector="select-text-tracks-file" title="{{chosenoption ? string('select-text-track-file') : string('info-select-locale-first')}}" onchange="{{upload_text_track(domEvent)}}" class="{{csscommon}}-text-tracks-file"
accept="{{acceptedtracktexts}}">
{{chosenoption ? string('select-text-track-file') : string('info-select-locale-first')}}
</div>
</form>Name: search — GET /search
<form name="search" action="/search" method="GET"><input type="text" placeholder="Search..." class="relative w-[13.5rem] bg-transparent py-1 pl-2 font-pt-serif italic text-time-gray-1 antialiased outline-none lg:w-96" name="q" value=""></form>Text Content
TIME Logo
Sign Up for Our Ideas Newsletter
SubscribeSubscribe
Sections
* Home
* U.S.
* Politics
* World
* Health
* Climate
* Future of Work by Charter
* Business
* Tech
* Entertainment
* Ideas
* Science
* History
* Sports
* Magazine
* TIME 2030
* Next Generation Leaders
* TIME100 Leadership Series
* TIME Studios
* Video
* TIME100 Talks
* TIMEPieces
* The TIME Vault
* TIME for Health
* TIME for Kids
* TIME Edge
* TIME CO2
* Red Border: Branded Content by TIME
* Coupons
* Personal Finance by TIME Stamped
* Shopping by TIME Stamped
Join Us
* Newsletters
* Subscribe
* Give a Gift
* Shop the TIME Store
* TIME Cover Store
Customer Care
* US & Canada
* Global Help Center
Reach Out
* Careers
* Press Room
* Contact the Editors
* Media Kit
* Reprints and Permissions
More
* About Us
* Privacy Policy
* Your California Privacy Rights
* Terms of Use
* Modern Slavery Statement
* Site Map
Connect with Us
*
*
*
*
* Business
* finance
* Cyber Attack Forces World’s Biggest Bank to Trade via USB Stick
CYBER ATTACK FORCES WORLD’S BIGGEST BANK TO TRADE VIA USB STICK
Industrial and Commercial Bank of China logo on a building in Warsaw, Poland, on
August 15, 2023.Jakub Porzycki—NurPhoto/Getty Images
By Katherine Doherty, Liz Capo McCormick and Alexandra Harris / Bloomberg
November 9, 2023 11:30 PM EST
On Thursday, trades handled by the world’s largest bank in the globe’s biggest
market traversed Manhattan on a USB stick.
Industrial & Commercial Bank of China Ltd.’s U.S. unit had been hit by a
cyberattack, rendering it unable to clear swathes of U.S. Treasury trades after
entities responsible for settling the transactions swiftly disconnected from the
stricken systems. That forced ICBC to send the required settlement details to
those parties by a messenger carrying a thumb drive as the state-owned lender
raced to limit the damage.
WATCH MORE FROM TIME
What Happened to the Alternative Currencies That Came Before Crypto
pause
skip_next
volume_off
0:03 / 4:23
{{like_count}}
favorite_border favorite
more_vert
fullscreen fullscreen_exit
More Videos
{{string('more-btn-call-to-action')}}
null
Transcription
{{string('upload-text-tracks')}}
{{string('back')}}
{{string('select-text-track-language')}} {{locale.label}}
{{chosenoption ? string('select-text-track-file') :
string('info-select-locale-first')}}
Player speed
1 arrow_forward_ios
{{setting.value ? setting.trueicon : setting.falseicon}}
Picture-in-Picture
{{setting.value}} arrow_forward_ios
╳
Share now share
4:23
{{string('submit-video')}}
{{string('rerecord')}}
{{string('trim')}}
{{string('skip')}}
Direct link
Embed Code
The workaround — described by market participants — followed the attack by
suspected perpetrator Lockbit, a prolific criminal gang with ties to Russia that
has also been linked to hits on Boeing Co., ION Trading U.K. and the U.K.’s
Royal Mail. The strike caused immediate disruption as market-makers, brokerages
and banks were forced to reroute trades, with many uncertain when access would
resume.
The incident spotlights a danger that bank leaders concede keeps them up at
night — the prospect of a cyber attack that could someday cripple a key piece of
the financial system’s wiring, setting off a cascade of disruptions. Even brief
episodes prompt bank leaders and their government overseers to call for more
vigilance.
Read More: A New Generation of Bank Robbers Infiltrates Global Finance
“This is a true shock to large banks around the world,” said Marcus Murray, the
founder of Swedish cybersecurity firm Truesec. “The ICBC hack will make large
banks around the globe race to improve their defenses, starting today.”
As details of the attack emerged, employees at the bank’s Beijing headquarters
held urgent meetings with the lender’s U.S. division and notified regulators as
they discussed next steps and assessed the impact, according to a person
familiar with the matter. ICBC is considering seeking help from China’s Ministry
of State Security in light of the risks of potential attack on other units, the
person said.
Late Thursday, the bank confirmed it had experienced a ransomware attack a day
earlier that disrupted some systems at its ICBC Financial Services unit. The
company said it isolated the affected systems and that those at the bank’s head
office and other overseas units weren’t impacted, nor was ICBC’s New York
branch.
The extent of the disruption wasn’t immediately clear, though Treasury market
participants reported liquidity was affected. The Securities Industry and
Financial Markets Association, or Sifma, held calls with members about the
matter Thursday.
ICBC FS offers fixed-income clearing, Treasuries repo lending and some equities
securities lending. The unit had $23.5 billion of assets at the end of 2022,
according to its most recent annual filing with U.S. regulators.
The attack is only the latest to snarl parts of the global financial system.
Eight months ago, ION Trading U.K. — a little-known company that serves
derivatives traders worldwide — was hit by a ransomware attack that paralyzed
markets and forced trading shops that clear hundreds of billions of dollars of
transactions a day to process deals manually. That has put financial
institutions on high alert.
ICBC, the world’s largest lender by assets, has been improving its cybersecurity
in recent months, highlighting increased challenges from potential attacks amid
the expansion of online transactions, adoption of new technologies and open
banking.
Read More: How China Became a Global Lender of Last Resort
“The bank actively responded to new challenges of financial cybersecurity,
adhered to the bottom line for production safety and deepened the intelligent
transformation of operation and maintenance,” ICBC said in its interim report in
September.
Ransomware attacks against Chinese firms appear rare in part because China has
banned crypto-related transactions, according to Mattias Wåhlén, a threat
intelligence specialist at Truesec. That makes it harder for victims to pay
ransom, which is often demanded in cryptocurrency because that form of payment
provides more anonymity.
But the latest attack likely exposes weaknesses in ICBC’s defenses, Wåhlén
said.
“It appears ICBC has had a less effective security,” he said, “possibly because
Chinese banks have not been tested as much as their Western counterparts in the
past.”
RECORD LEVELS
Ransomware hackers have become so prolific that attacks may hit record levels
this year.
Blockchain analytics firm Chainalysis had recorded roughly $500 million of
ransomware payments through the end of September, an increase of almost 50% from
the same period a year earlier. Ransomware attacks surged 95% in the first three
quarters of this year, compared with the same period in 2022, according to
Corvus Insurance.
In 2020, the website of the New Zealand Stock Exchange was hit by a cyberattack
that throttled traffic so severely that it couldn’t post critical market
announcements, forcing the entire operation to shut down. It was later revealed
that more than 100 banks, exchanges, insurers and other financial firms
worldwide were targets of the same type of so-called DDoS attacks
simultaneously.
Caesars Entertainment Inc., MGM Resorts International and Clorox Co. are among
companies that have been hit by ransomware hackers in recent months.
Read More: This Company Was Hit With a Devastating Ransomware Attack—But Instead
of Giving In, It Rebuilt Everything
ICBC was struck as the Securities and Exchange Commission works to reduce risks
in the financial system with a raft of proposals that include mandating central
clearing of all U.S. Treasuries. Central clearing platforms are intermediaries
between buyers and sellers that assume responsibility for completing
transactions and therefore prevent a default of one counterparty from causing
widespread problems in the marketplace.
The incident underscores the benefits of central clearing in the $26 trillion
market, said Stanford University finance professor Darrell Duffie.
“I view it as one example of why central clearing in the U.S. Treasuries market
is a very good idea,” he said, “because had a similar problem occurred in a
not-clearing firm, it’s not clear how the default risk that might result would
propagate through the market.”
MORE MUST-READS FROM TIME
* The Struggle to Save Lives Inside Gaza’s Hospitals
* Sheikh Hasina and the Future of Democracy in Bangladesh
* How Barbra Streisand Landed Her Broadway Debut
* What Fuels Max Verstappen’s Formula One Success
* Maggie Smith: I Got Divorced. My Family Is Still Whole
* Should We End Obesity?
* The Best Inventions of 2023
* Want Weekly Recs on What to Watch, Read, and More? Sign Up for Worth Your
Time
Contact us at letters@time.com
Enpal
Solar lohnt sich nur, wenn Ihr Dach...Enpal|
SponsoredSponsored
Undo
Solaranlagen Magazin
Stromkonzerne wütend: Genialer Solar-Trick für HausbesitzerSolaranlagen Magazin|
SponsoredSponsored
Undo
RAID
Das realistischste PC-Spiel des Jahres 2023RAID|
SponsoredSponsored
Undo
Profibohrer™
Revolutionäre Holzspaltungstechnologie!Machen Sie Holzspalten zum mühelosen
Prozess! Entdecken Sie, wie Sie mit geringem Aufwand maximale Ergebnisse
erzielen.Profibohrer™|
SponsoredSponsored
Undo
Velasca
Quality at your feetVelasca|
SponsoredSponsored
Learn More
Undo
TechnoMag
Tauschen Sie Ihren alten Fernseher nicht aus, bevor Sie dies gelesen
habenTechnoMag|
SponsoredSponsored
Undo
YOU MAY ALSO LIKE
PoliticsTrump's Combative Testimony in Fraud Trial Spurs Reprimands From Judge
TechFormer Meta Engineer Testifies Before Congress on Social Media and Teen
Mental Health
WorldHow Ukraine is Pioneering New Ways to Prosecute War Crimes
BusinessWeWork Files for Bankruptcy: What to Know About the Office-Sharing
Company’s Collapse
Edit Post
TIME Logo
* Home
* U.S.
* Politics
* World
* Health
* Business
* Tech
* Personal Finance by TIME Stamped
* Shopping by TIME Stamped
* Future of Work by Charter
* Entertainment
* Ideas
* Science
* History
* Sports
* Magazine
* The TIME Vault
* TIME For Kids
* TIME CO2
* Coupons
* TIME Edge
* Video
* Masthead
* Newsletters
* Subscribe
* Subscriber Benefits
* Give a Gift
* Shop the TIME Store
* Careers
* Modern Slavery Statement
* Press Room
* TIME Studios
* U.S. & Canada Customer Care
* Global Help Center
* Contact the Editors
* Reprints and Permissions
* Site Map
* Media Kit
* Supplied Partner Content
* About Us
© 2023 TIME USA, LLC. All Rights Reserved. Use of this site constitutes
acceptance of our Terms of Service, Privacy Policy (Your California Privacy
Rights) and Do Not Sell or Share My Personal Information.
TIME may receive compensation for some links to products and services on this
website. Offers may be subject to change without notice.
WE CARE ABOUT YOUR PRIVACY
We and our partners store and/or access information on a device, such as unique
IDs in cookies to process personal data. You may accept or manage your choices
by clicking below, including your right to object where legitimate interest is
used, or at any time in the privacy policy page. These choices will be signaled
to our partners and will not affect browsing data.Privacy Policy
WE AND OUR PARTNERS PROCESS DATA TO:
Use precise geolocation data. Actively scan device characteristics for
identification. Store and/or access information on a device. Personalised ads
and content, ad and content measurement, audience insights and product
development. List of Partners (vendors)
I Accept Reject All
Show Purposes
ABOUT YOUR PRIVACY
We process your data to deliver content or advertisements and measure the
delivery of such content or advertisements to extract insights about our
website. We share this information with our partners on the basis of consent and
legitimate interest. You may exercise your right to consent or object to a
legitimate interest, based on a specific purpose below or at a partner level in
the link under each purpose. These choices will be signaled to our vendors
participating in the Transparency and Consent Framework.
More information
Allow All
MANAGE CONSENT PREFERENCES
STRICTLY NECESSARY COOKIES
Always Active
These cookies are necessary for the website to function and cannot be switched
off in our systems. They are usually only set in response to actions made by you
which amount to a request for services, such as setting your privacy
preferences, logging in or filling in forms. You can set your browser to
block or alert you about these cookies, but some parts of the site will not then
work. These cookies do not store any personally identifiable information.
View Vendor Details
PERFORMANCE COOKIES
Performance Cookies
These cookies allow us to count visits and traffic sources so we can measure and
improve the performance of our site. They help us to know which pages are the
most and least popular and see how visitors move around the site. All
information these cookies collect is aggregated and therefore anonymous. If you
do not allow these cookies we will not know when you have visited our site, and
will not be able to monitor its performance.
View Vendor Details
FUNCTIONAL COOKIES
Functional Cookies
These cookies enable the website to provide enhanced functionality and
personalisation. They may be set by us or by third party providers whose
services we have added to our pages. If you do not allow these cookies then
some or all of these services may not function properly.
View Vendor Details
TARGETING COOKIES
Targeting Cookies
Targeting cookies may be set through our site by our advertising partners. They
may be used by those companies to build a profile of your interests and show you
relevant advertising on other sites. They are based on uniquely identifying your
browser and internet device. You can turn off the use of cookies for targeted
advertising here. When the button is green, targeted cookies are on. When the
button is red, targeting cookies have been turned off.
View Vendor Details
SOCIAL MEDIA COOKIES
Social Media Cookies
These cookies are set by a range of social media services that we have added to
the site to enable you to share our content with your friends and networks. They
are capable of tracking your browser across other sites and building up a
profile of your interests. This may impact the content and messages you see on
other websites you visit. If you do not allow these cookies you may not be
able to use or see these sharing tools.
STORE AND/OR ACCESS INFORMATION ON A DEVICE
Store and/or access information on a device
Cookies, device identifiers, or other information can be stored or accessed on
your device for the purposes presented to you.
List of IAB Vendors | View Full Legal Text Opens in a new Tab
PERSONALISED ADS AND CONTENT, AD AND CONTENT MEASUREMENT, AUDIENCE INSIGHTS AND
PRODUCT DEVELOPMENT
Personalised ads and content, ad and content measurement, audience insights and
product development
* SELECT BASIC ADS
Switch Label
Ads can be shown to you based on the content you’re viewing, the app you’re
using, your approximate location, or your device type.
Object to Legitimate Interests Remove Objection
* CREATE A PERSONALISED ADS PROFILE
Switch Label
A profile can be built about you and your interests to show you personalised
ads that are relevant to you.
Object to Legitimate Interests Remove Objection
* SELECT PERSONALISED ADS
Switch Label
Personalised ads can be shown to you based on a profile about you.
Object to Legitimate Interests Remove Objection
* CREATE A PERSONALISED CONTENT PROFILE
Switch Label
A profile can be built about you and your interests to show you personalised
content that is relevant to you.
Object to Legitimate Interests Remove Objection
* SELECT PERSONALISED CONTENT
Switch Label
Personalised content can be shown to you based on a profile about you.
Object to Legitimate Interests Remove Objection
* MEASURE AD PERFORMANCE
Switch Label
The performance and effectiveness of ads that you see or interact with can be
measured.
Object to Legitimate Interests Remove Objection
* MEASURE CONTENT PERFORMANCE
Switch Label
The performance and effectiveness of content that you see or interact with
can be measured.
Object to Legitimate Interests Remove Objection
* APPLY MARKET RESEARCH TO GENERATE AUDIENCE INSIGHTS
Switch Label
Market research can be used to learn more about the audiences who visit
sites/apps and view ads.
Object to Legitimate Interests Remove Objection
* DEVELOP AND IMPROVE PRODUCTS
Switch Label
Your data can be used to improve existing systems and software, and to
develop new products
Object to Legitimate Interests Remove Objection
List of IAB Vendors | View Full Legal Text Opens in a new Tab
USE PRECISE GEOLOCATION DATA
Use precise geolocation data
Your precise geolocation data can be used in support of one or more purposes.
This means your location can be accurate to within several meters.
List of IAB Vendors | View Full Legal Text Opens in a new Tab
ACTIVELY SCAN DEVICE CHARACTERISTICS FOR IDENTIFICATION
Actively scan device characteristics for identification
Your device can be identified based on a scan of your device's unique
combination of characteristics.
List of IAB Vendors | View Full Legal Text Opens in a new Tab
ENSURE SECURITY, PREVENT FRAUD, AND DEBUG
Always Active
Your data can be used to monitor for and prevent fraudulent activity, and ensure
systems and processes work properly and securely.
List of IAB Vendors | View Full Legal Text Opens in a new Tab
TECHNICALLY DELIVER ADS OR CONTENT
Always Active
Your device can receive and send information that allows you to see and interact
with ads and content.
List of IAB Vendors | View Full Legal Text Opens in a new Tab
MATCH AND COMBINE OFFLINE DATA SOURCES
Always Active
Data from offline data sources can be combined with your online activity in
support of one or more purposes
List of IAB Vendors | View Full Legal Text Opens in a new Tab
LINK DIFFERENT DEVICES
Always Active
Different devices can be determined as belonging to you or your household in
support of one or more of purposes.
List of IAB Vendors | View Full Legal Text Opens in a new Tab
RECEIVE AND USE AUTOMATICALLY-SENT DEVICE CHARACTERISTICS FOR IDENTIFICATION
Always Active
Your device might be distinguished from other devices based on information it
automatically sends, such as IP address or browser type.
List of IAB Vendors | View Full Legal Text Opens in a new Tab
Back Button
VENDORS LIST
Search Icon
Filter Icon
Clear
checkbox label label
Apply Cancel
Consent Leg.Interest
checkbox label label
checkbox label label
checkbox label label
Reject All Confirm My Choices
TIME Logo
Sign Up for Our Ideas Newsletter
SubscribeSubscribe
Sections
* Home
* U.S.
* Politics
* World
* Health
* Climate
* Future of Work by Charter
* Business
* Tech
* Entertainment
* Ideas
* Science
* History
* Sports
* Magazine
* TIME 2030
* Next Generation Leaders
* TIME100 Leadership Series
* TIME Studios
* Video
* TIME100 Talks
* TIMEPieces
* The TIME Vault
* TIME for Health
* TIME for Kids
* TIME Edge
* TIME CO2
* Red Border: Branded Content by TIME
* Coupons
* Personal Finance by TIME Stamped
* Shopping by TIME Stamped
Join Us
* Newsletters
* Subscribe
* Give a Gift
* Shop the TIME Store
* TIME Cover Store
Customer Care
* US & Canada
* Global Help Center
Reach Out
* Careers
* Press Room
* Contact the Editors
* Media Kit
* Reprints and Permissions
More
* About Us
* Privacy Policy
* Your California Privacy Rights
* Terms of Use
* Modern Slavery Statement
* Site Map
Connect with Us
*
*
*
*
Keep on reading
Elon Musk Unveils New Artificial Intelligence Bot to Rival ChatGPTDubbed Grok,
it’s the first product of Musk’s xAI company and is now in testing with a
limited group of U.S. users.TIME
Group 3
Undo
Jeff Bezos Leaves Seattle for MiamiAmazon founder Jeff Bezos is moving to be
closer to his parents and his partner, Lauren SánchezTIME
Group 3
Undo
Humane Wants Its New Ai Pin to Liberate You From ScreensHumane has launched a
wearable AI device, the Ai Pin, retailing at $699 plus a $24 per month
subscription fee.TIME
Group 3
Undo
25 Years Ago At MicrosoftGEEKS' REVENGE Just 25 years ago, these folks (in a '78
photo) were undatable. Look what's become of Microsoft's original staff
members--and their estimated worth (EW) BILL GATES (1), co-founder. Now:...TIME
Group 3
Undo
' ' '
' ' '
Gadgets Then and Now - TIMEThen: In 1956, Ray Dolby, Charles Ginsberg, and
Charles Anderson invented a video camera that was the first machine to record
both image and sound. The machines sold for $75,000 a piece and only sold...TIME
Undo
Enpal
Solar lohnt sich nur, wenn Ihr Dach...Enpal|
SponsoredSponsored
Undo
Verbraucher-Ratgeber
Top-Gynäkologen empfehlen diesen Anti-Durchhänger-BH!Verbraucher-Ratgeber|
SponsoredSponsored
Undo
What's Next 2008 - TIMEWant to stop terrorism? Start talking to terrorists who
stop themselvesTIME
Undo
WeWork Files for Bankruptcy: What to Know About the Company’s CollapseThe former
high-flying startup listed nearly $19 billion of debts, a fresh low for the
co-working company that struggled to recover from the pandemic.TIME
Undo
Bumble Founder Whitney Wolfe Herd to Step Down as CEOBumble CEO Whitney Wolfe
Herd will step down from the company she founded nearly 10 years ago in January,
to be replaced by Slack CEO Lidiane JonesTIME
Undo
It Will Take More Than Robots to Manage the RobotsFormer TIME Editor-in-Chief
Nancy Gibbs makes the case for humans in the age of AI.TIME
Undo
OpenAI Users Can Now Build Their Own Custom Version of ChatGPTOpenAI said users
will soon be able to make customized versions of ChatGPT and announced a new,
more powerful and cheaper model of GPT-4.TIME
Undo
Solaranlagen Magazin
Stromkonzerne wütend: Genialer Solar-Trick für HausbesitzerSolaranlagen Magazin|
SponsoredSponsored
Undo
RAID
Das realistischste PC-Spiel des Jahres 2023RAID|
SponsoredSponsored
Undo
Former Meta Engineer Testifies on Teen Mental HealthArturo Béjar, a former Meta
employee, testified before a Senate subcommittee on Tuesday about social media
and the teen mental health crisisTIME
Undo
The Amazing Adventures of Ben Franklin - TIMEFranklin information from all
corners of the InternetTIME
Undo