British banking executives and security experts are growing frustrated at the dearth of information available more than three months after £2.5 million pounds (US$3.12 million) was stolen from Tesco Bank in the UK’s biggest financial cyberheist.
Security officers normally share information on an informal basis immediately after a major cyberincident so that the other banks can check their systems, sources at four of Britain’s biggest lenders said.
However, in the case of Tesco Bank, a small lender with annual profits of £162 million, details about exactly how criminals stole the money and what vulnerabilities were exposed have yet to be provided.
The case has exposed the lack of proper procedures to share information as well as confusion over which government agency has ultimate responsibility for the issue, lawmakers and executives said.
“It is very frustrating,” a senior executive at one of Britain’s largest banks told reporters. “The gentlemen’s code has been broken.”
A risk officer at another of Britain’s biggest lenders said a formal regulatory system was essential in a financial center such as London where hundreds of banks of all sizes operate.
“I am not going to criticize them, the problem is the structure,” he said.
The attack, on Nov. 5 and Nov. 6 last year, affected 9,000 Tesco Bank customers. It is the first major case to be investigated by Britain’s new National Cyber Security Centre (NCSC), working with the National Crime Agency (NCA).
The NCSC brings together and replaces a host of UK bodies including the Communications-Electronics Security Group — the information security arm of Government Communications Headquarters — the Centre for Cyber Assessment, the Computer Emergency Response Team UK and the cyberrelated responsibilities of the Centre for the Protection of National Infrastructure.
As regulatory authorities for the banking system, the Bank of England’s Prudential Regulation Authority and the Financial Conduct Authority would also be involved in any regulations governing financial cybercrime.
The NCSC did not respond to requests for comment on the Tesco case.
“The investigation is ongoing therefore it would be inappropriate to comment further,” an NCA spokesman said.
The new body is coming under pressure from the financial industry and lawmakers to act quickly.
“It is up to the NCSC to institutionalize the sharing of information and give some kind of obligation or requirement for feedback after an attack like Tesco Bank,” Barclays PLC chief information security officer Troels Oerting said.
A team of academics from the University of Newcastle in December last year said that a relatively unsophisticated method known as “distributed guessing” could have been used to generate usable card payment details in the November attack.
A spokesman for the bank, which is owned by leading supermarket chain Tesco PLC, declined to discuss the specifics of the case.
“We continue to work closely with the authorities and regulators in their investigation of the criminal incident that took place last year. Our priority throughout has been to look after our customers,” the spokesman said on Monday.
Bank executives and cybersecurity experts told reporters in October last year that they feared Britain’s banks are not reporting the full extent of cyberattacks to regulators for fear of punishment or bad publicity.
DECOUPLING? In a sign of deeper US-China technology decoupling, Apple has held initial talks about using Baidu’s generative AI technology in its iPhones, the Wall Street Journal said China has introduced guidelines to phase out US microprocessors from Intel Corp and Advanced Micro Devices Inc (AMD) from government PCs and servers, the Financial Times reported yesterday. The procurement guidance also seeks to sideline Microsoft Corp’s Windows operating system and foreign-made database software in favor of domestic options, the report said. Chinese officials have begun following the guidelines, which were unveiled in December last year, the report said. They order government agencies above the township level to include criteria requiring “safe and reliable” processors and operating systems when making purchases, the newspaper said. The US has been aiming to boost domestic semiconductor
Nvidia Corp earned its US$2.2 trillion market cap by producing artificial intelligence (AI) chips that have become the lifeblood powering the new era of generative AI developers from start-ups to Microsoft Corp, OpenAI and Google parent Alphabet Inc. Almost as important to its hardware is the company’s nearly 20 years’ worth of computer code, which helps make competition with the company nearly impossible. More than 4 million global developers rely on Nvidia’s CUDA software platform to build AI and other apps. Now a coalition of tech companies that includes Qualcomm Inc, Google and Intel Corp plans to loosen Nvidia’s chokehold by going
ENERGY IMPACT: The electricity rate hike is expected to add about NT$4 billion to TSMC’s electricity bill a year and cut its annual earnings per share by about NT$0.154 Taiwan Semiconductor Manufacturing Co (TSMC, 台積電) has left its long-term gross margin target unchanged despite the government deciding on Friday to raise electricity rates. One of the heaviest power consuming manufacturers in Taiwan, TSMC said it always respects the government’s energy policy and would continue to operate its fabs by making efforts in energy conservation. The chipmaker said it has left a long-term goal of more than 53 percent in gross margin unchanged. The Ministry of Economic Affairs concluded a power rate evaluation meeting on Friday, announcing electricity tariffs would go up by 11 percent on average to about NT$3.4518 per kilowatt-hour (kWh)
OPENING ADDRESS: The CEO is to give a speech on the future of high-performance computing and artificial intelligence at the trade show’s opening on June 3, TAITRA said Advanced Micro Devices Inc (AMD) chairperson and chief executive officer Lisa Su (蘇姿丰) is to deliver the opening keynote speech at Computex Taipei this year, the event’s organizer said in a statement yesterday. Su is to give a speech on the future of high-performance computing (HPC) in the artificial intelligence (AI) era to open Computex, one of the world’s largest computer and technology trade events, at 9:30am on June 3, the Taiwan External Trade Development Council (TAITRA) said. Su is to explore how AMD and the company’s strategic technology partners are pushing the limits of AI and HPC, from data centers to