Education
On-demand channels make SHARE’s unparalleled enterprise IT education accessible whenever and wherever our members need it.

SHARE’d Knowledge

About SHARE'd Knowledge

Webcasts

Upcoming Webcasts

Webcast Replays

Sponsor a Webcast

Security and Compliance Webcast Series

Digital Badging

Education

SHARE'd Conversations

Focus Areas

BitBucket Archives
Events
In-person and online events are a hallmark of SHARE, where plentiful learning and networking benefit the entire community.

About SHARE Events

Event Calendar

Partner Opportunities

Past Events

Proceedings

SHARE Washington, D.C.

Registration

Justification Resources

Hotel and Travel

Schedule-at-a-Glance

Exhibit and Sponsor

Speakers

Speaker Resources

Technical Agenda

Keynote
Connect
Online forums, a member directory and volunteer opportunities are but a few of the channels available for SHARE members to connect with peers and industry experts.

Volunteer

About SHARE Volunteers

Volunteer Recognition

SHARE Volunteers

Women in IT

SHARE Focus Areas

Membership

Join SHARE

Membership FAQs

Member Directory

User Profile

Communities

Recognition

Awards

In Memoriam

Advocacy & Requirements System
SHARE'd Intelligence
SHARE’d Intelligence the official publication of SHARE, is a leading source for news and education on enterprise solutions. The publication serves as a valuable resource for compelling, timely, relevant, and engaging content that informs and engages SHARE Members and partners.

Subscribe

Submit a Story

Browse Articles
Partners
SHARE delivers unmatched opportunities to showcase your company’s technology, expertise and brand to a highly informed and influential community of enterprise IT professionals.

Partner Overview

Partner Directory

Partner Opportunities

Year-Round

Event
About
Throughout our rich history (since 1955), SHARE has always considered service to end users and the industry as our primary calling. Learn about our mission, vision, history, strategic goals, leadership and more.

About Us

Mission & Vision

SHARE Today

History

Strategic Goals

Leadership

Board of Directors

Past Presidents

Focus Area Leaders

Committees

Elections

Contact Us

Annual Report

Bylaws and Policies

Industry Participation

Events

How Hackers Breached a Government (and a Bank)

Project and Program: Enterprise Data Center, Security and Compliance

Tags: Proceedings , 2015 , SHARE in Seattle 2015

In early 2012 a group of 3 hackers were caught when a Swedish government mainframe was no longer running as expected. This was the first warning that hackers had penetrated the supposedly unpenetrable IBM mainframe. Using an old emulated operating system (z/OS 1.4), some newly released tools, and dedication, these hackers were able to learn about the weaknesses in the platform and use it to successfully break in, maintain access, and steal some highly confidential information. The hackers then leveraged their newly acquired skills to attack banks, schools, etc.
One such bank, Nordea, decided to go public with the breach, although others didn't. With Nordea the attackers were able to successfully steal $6,400, but were stopped when they tried to steal $1,000,000. These breaches resulted in emergency fixes from IBM, two zero-day exploits (one remote, one local), Sweden declaring it a 'Special Event', the theft of Sweden’s tax processing source code, and multiple databases including those used by the Swedish police for 'protected' individuals, SPAR (SSN equivalent) and their DMV equivalent.
Due to being the only person talking about this topic publicly, Philip Young was able to obtain the detailed investigations to the attacks and some extras that weren't in the report. This talk with walk through the attack, start to finish, giving live demo's of the attacks, the backdoors, and the offline password cracking, to show their effectiveness against z/OS. It will also cover some of the shortcomings from the system operators' perspective, and the outcomes from the breach.-Philip Young-VISA

Back to Proceedings File Library