back to article Blighty's banks prep for repeated kicks to cyber-'nads in Operation Waking Shark II

Financial firms and banks across London will be hit with a cyber war game scenario tomorrow to test how well they could hold up under a major IT attack. Sources whispered to Reuters that the cyber stress test already known to be taking place sometime this month would actually hit the finance sector on 12 November. "Waking …


This topic is closed for new posts.
  1. AdamT

    No matter how many times I read the headline, it seems that the use of "-'nads" (*) conditions my brain to mis-read "waking" and makes me think "hmm, didn't know sharks were in to that sort of thing. Thought that was dolphins".

    Naughty headline writers forcing our innocent reader's brains to think of such things...

    (*) Could also be "Banks", I suppose.

    1. Anonymous Coward
      Anonymous Coward

      It wasn't just you ...

      I'm reminded that the collective noun for Bankers is a 'Wunch'

      1. Chris G Silver badge

        Me too!

        In mitigation, Iv'e had a long day!

    2. Anonymous Coward
      Anonymous Coward

      The fools, don't they realise they are risking death to us all by triggering a Sharknado !

  2. Crisp

    How is this a fair test?

    In the real world, you wouldn't necessarily know an attack is coming, or where it would be directed.

    I doubt this "attack" will employ any techniques that the defending staff haven't specifically been told to prepare for.

  3. Primus Secundus Tertius

    I was in Sainsbury once when all the lights went out. And the tills. But the tills were back about five minutes after the lights came back. As a computer person, I was impressed: I have known some networks that needed an hour or two of tinkering before re-use.

    I shall be in Sainsbury again tomorrow. For how long, we shall see.

    Then there was my neighbour who, a year or two ago, took a day off work to do Xmas shopping. But the power was out in the High Street, and they could take even cash. Wasted day!

    So the big threat is mains failure.

  4. Eradicate all BB entrants

    Instead of this test .....

    ...... why not make them run intrusion testing across websites, branches and head offices and publish the reports? After all, if there is nothing to hide........

  5. frank ly

    ...tests against physical security,...

    How many 'key staff' do you need to gather into a disused warehouse and 'persuade', in order to have access to serious amounts of money. Just wondering.

  6. Cleary1981

    Let's join in!!

    To me this seems quite a stupid announcement. Tell the world about a day that all IT bods will be busy analyzing fake scenarios.

    Wednesday might have been a better day to make this announcement. I shall be making a withdrawal this evening

    1. Don Jefe

      Re: Let's join in!!

      Tests of serious things, from computer systems to armadas and nuclear weapons have always been really difficult to manage things. The results won't really reflect those of a true attack as there is forewarning, but if you don't announce it there could be serious repercussions. Panicking the panicky bastards in the finance world with an unannounced test could cause billions in losses and panicking the Captain of a destroyer could start a war.

      There are papers out there regarding testing and attack simulations, they get way into game theory and measuring secondary effects to extrapolate possible primary effects. They're boring as shit. At the end of the day there's general agreement that gathering some data is better than no data or causing a panic. It might very well be that a problem in an assumed effective process is identified and can be fixed.

    2. Anonymous Coward
      Anonymous Coward

      Re: Let's join in!!

      You do have a point from a different angle: that day seems perfect to mount a real attack, because everyone will assume it's benign and part of the test.

    3. Anonymous Coward
      Anonymous Coward

      Re: Let's join in!!

      I'm at the Waking Shark exercise now. Not really many people here who look like 'IT bods'. Mostly just a bunch of bigwigs who wouldn't have to do any of the legwork should any kind of attack happen.

      Seems to be mostly a decision making exercise.

  7. plrndl

    according to Professor Stupples. "They are stress testing systems against known threats,"

    I should be most interested to know how the professor would test for unknown threats.

    1. Tom 13

      known knowns, known unknowns, etc.

      Perhaps "published" threats would have been a more precise phrase but we know what he meant. Basically the sorts of incompetence we gripe about all the time here: failure to install the Adobe/Oracle/MS/*nix repository patches that have been published for at least 6 months, plus a raft of 101 stuff that is a bit beyond basic patching. (Not that basic patching is necessarily an easily accomplished task in a complex environment.)

  8. John Smith 19 Gold badge

    So kids sounds like perfect cover for anyone planning some mischief.

    Not of course that I would advocate such behaviour, which would be illegal under assorted UK laws.

  9. Soap Distant

    "Barry Shteiman"

    That's a name I'd take care when typing.


  10. codeusirae

    Attack of the cyber stress test ..

    Would this 'cyber stress test' consist of simulating a massive DDOS attack from a vast army of compromised Windows Desktop computers?

  11. Bod


    Just better be sure the similation computer isn't connected to the phone line.

    1. Tom 13

      Re: WOPR

      It'll be ok. They deleted all the backdoor passwords.

This topic is closed for new posts.

Biting the hand that feeds IT © 1998–2020