back to article Bank of England seeks 'HACKERS' to defend vaults against e-thieves

The Bank of England is planning to hire ethical hackers to conduct penetration tests on 20 "major" banks and other financial institutions, it has been reported. The move appears to be a response to lessons learned during the Waking Shark II security response exercise last November. The exercise put merchant banks and other …

COMMENTS

This topic is closed for new posts.
  1. Anonymous Coward
    Coat

    Why don't they just open up a special bank-account...

    And dump 10 or 20.000 pounds or euro's in it and make it a

    PWN2OWN contest...

    (The winner can keep the money and gets the job !)

    1. Anonymous Coward
      Anonymous Coward

      Re: Why don't they just open up a special bank-account...

      Not a bad idea, but has a bit of a downside: whoever manages to own that account may have the temptation to do the same with the rest of the bank deposits and flee away to Barbados.

      Not every ethical hacker keeps being ethical in the face of the chance of stealing a few millions.

      1. Anonymous Coward
        Anonymous Coward

        Re: Why don't they just open up a special bank-account...

        "Not every ethical hacker keeps being ethical in the face of the chance of stealing a few millions."

        Judging by your words, I think it's reasonable to think that no one would ever should trust you for anything sensitive.

        1. Anonymous Coward
          Anonymous Coward

          Re: Why don't they just open up a special bank-account...

          Good question. If you want to trust me, or anyone else for that matter, with something sensitive, you better make sure that the reward for keeping it confidential has a higher value than the reward for not doing it.

          Of course we have to include in that concept of value not only cold hard cash, but also everything else one may appreciate (and that maybe can't be purchased with money) in life. For example, perhaps being physically closer to friends and family for someone is more valuable than living in some remote country even if drowning in money.

          1. Anonymous Coward
            Anonymous Coward

            Re: Why don't they just open up a special bank-account...

            "Good question. If you want to trust me, or anyone else for that matter, with something sensitive, you better make sure that the reward for keeping it confidential has a higher value than the reward for not doing it."

            If you have no high ethical values, then you will be spotted no matter what. So, it's not that people need to trust you, its *you* who need that people trust you instead. Otherwise, good luck finding a well paid job.

  2. Pete 2 Silver badge

    I hope they're not *too* good

    > the Bank of England's “ethical hackers” will attack 20 major banks and other financial institutions

    One of the things that old consultants tell young consultants is:

    Teach them everything they know, but not everything you know.

    So one should not be surprised if the "ethical hackers" don't hold back one or two of the juicier holes as a sort of pension plan. Maybe the plan needs some extra-ethical hackers (one's who've already made their pile) to watch over the merely "ordinarily" ethical hackers?

    Oh, and don't have the penetration testers stationed too close to any international airports.

  3. patrick_bateman

    So basically they are saying after the test a month or so ago

    they have 20 banks that failed it

    1. Anonymous Coward
      Anonymous Coward

      Uh, no. The previous run was against merchant banks. This one will be against retail banks.

      And even if they had 20 failures, that's still a good thing to know. Once you know a thing is broken, you can set about fixing it.

  4. sysconfig

    Great initiative!

    Participation shouldn't be optional, though. All financial institutions, insurances, health care etc should be tested without warning, repeatedly. And they should always be aware that they can be pen-tested.

    Nontheless, a step in the right direction!

  5. Anonymous Coward
    Anonymous Coward

    Right...

    "It’s important to recognise that threats can often stem from insider hacktivists or a weak security culture in the back office [that] leaves sensitive data and apps open to abuse or theft."

    If *ANY* organisation don't want to have insider hacktivists, the best thing they need to do is *BEHAVING* accordingly the word of law and ethos.

  6. This post has been deleted by its author

This topic is closed for new posts.

Other stories you might like