Emails leaked by the hacking group Anonymous show that Morgan Stanley was one of the institutions attacked in the mass network intrusion dubbed Operation Aurora.
One email from Phil Wallisch, a senior security engineer at HB Gary Federal, said that Morgan Stanley had admitted an attack and other emails refer to internal company documents reporting on the case. A Morgan Stanley spokewoman confirmed to V3.co.uk that intrusions took place but stressed they were limited in scope.
"At the time of the incident over a year ago, Morgan Stanley notified the handful of retail clients who may have been potentially affected by the security breach, as well as its regulators and law enforcement agencies,” the company said in a statement
“Morgan Stanley invests significantly in IT security and manages a robust program to deal with malware and attempted computer compromises. Like any other company in our industry, we deal with these matters in the normal course of conducting business."
Operation Aurora was a series of hacking attacks performed in the second half of 2009 that originated from the Chinese mainland and focused on Western businesses and governments. Google cited the attacks as a strong driver in its decision to withdraw cooperation with the Chinese government.
According to leaked cables from WikiLeaks the attacks were believed by the US State Department to have been ordered by a member of the Chinese politburo. Other reports suggest the attacks might have been more amateurish, but the fact remains they succeeded.
“In all attacks with both Aurora and Night Dragon the goal is espionage,” Dmitri Alperovitch, McAfee’s vice president of threat research, told V3.co.uk.
“Both attacks used custom made toolkits and we haven’t seen them used in any other attacks, or for sale online.”
The Aurora attacks took place a long time ago he stressed, but said that companies are just as vulnerable today to such tactics. The attackers in both cases had specific goals in mind and were persistent enough to be effectively unstoppable.
“They are like a dog with a bone, they keep on trying new tactics to wear down defences,” he said.
“It’s now a question how long it takes them to get in and how quickly you can detect an intrusion once they do.”
Mobile payment app makes users' details public by default
2,400 signatures gathered against the development and production of lethal robots
New Aston Martin flying car could take the wealthy from London to Birmingham in half an hour
With £6.7m in initial funding, Mosa Meat could be the first company to offer lab-grown meat to the public