Curious to know if Monzo has had any contact from the National Cyber Security Centre with regards to the threat of hostile action by the Russian State.
I can’t help but wonder whether this is control by fear or a genuine threat we should be concerned about.
regards to the alleged thread
While it suits the Cold War agenda of the UK and their American allies to point the blame at Moscow, the possible sources of Novichok agents includes the Czech Republic, Slovakia, UK and Sweden.
Evidence may indeed prove a connection with current or former Russian agents or authorities, however at the moment it seems assumption, rhetoric and expedient political spin.
Can I suggest we leave opinion as to the recent news out of this thread? We should be able to discuss the first paragraph of @tomsr’s post without getting drawn into geo-political debate. (That has a place and time, although I’d suggest not here).
I’m more interested in:
Generic advice is available on NCSC’s website (https://www.ncsc.gov.uk), although it might be that if Monzo has received specific threat information then they would be unable to share it with us.
I really don’t think Monzo should be concerned - their systems are modern and designed with security in mind. I’m not saying they are bulletproof, but for a “virtual strike” there are plenty more options that would do more damage than taking out a challenger bank - mobile networks are Swiss cheese when it comes to security and can be taken out with a single packet on the SS7 network.
My full analysis goes into some length on the smuggling of Novichok research out of the Russian Federation at the dissolution of the Soviet Union and the research done in the West on further developing Novichok agents. However, I did not want to get into a political discussion that would take a thread off topic.
However, now it has been reclassified, I would like to add: Fingerprinting the actual agent used to tie it with a particular lab or batch requires certain expertise and labs having access to a range of comparitor samples on their site. If the UK or their comrades have managed to fingerprint the samples, (a) it could confirm any Russian involvement, (b) it would confirm that they (UK, US, Czech etc) themselves held historic Novichok agents or were developing enhanced variants.
In the event of Russian involvement there are various possibilities:
• sleeper agents of the previous Soviet authorities acting on historic instructions without sanction from the new Russian authorities
• active agents of the current Russian Federation authorities acting on current instructions with sanction from the new Russian authorities
• independent freelance operatives operating on instruction from an official authority with sanction from that authority
• independent freelance operatives operating on instruction from an officer in an official authority without official sanction
• independent freelance operatives operating on instruction from criminal organizations such as the Russian mafia
The dissolution of the fraternal brotherhood of the Soviet Union resulted in Russian state owned assets, monetary and physical, being stolen and removed from Russia to former Soviet states and further afield to UK and other western states. Some of these stolen assets were military hardware and weapons, others were corporate funds, money and share ownership.
Even without official Government authorization, there are many criminal gangs from Russia and neighbouring states like The Ukraine who could be involved in the attempted murder of these people, but whoever was involved must have either been skilled to avoid exposure to the agent or they themselves would have been exposed when trying to deliver the agent to their target(s).
Criminal proceedings is possible for Grenfell and as such any investigation takes time as due process has to be followed to ensure any conviction sticks.
For this incident there’s no chance of doing anything with Russia apart from point fingers.
And we did get similar levels of information from Greenfell within a similar timescale anyway.
Cause of the fire, who was responsible for the tower refurb, who put the panels up, who manufactured the panels, whether or not they were in fact flammable…
As far as the answer to the first question goes any bank will have to have pretty strict security. Threats of ‘cyber warfare’ are just stuff put out by clueless journos - any network, bank or otherwise, should be as secure as you can get it. Russia doesn’t have a magic wand that can make that security ineffective.
What they can do, and do very well, is social engineering… buy someone off to get high up in the civil service, or even Monzo… but they’ve been doing that stuff since the USSR days and it’s just business as usual (hence not sexy and won’t make headlines).
I absolutely believe that the government wouldn’t hesitate to fake an attack if they thought they could get away with it, for all the reasons listed.
However you have to think about who has most to gain by finding out they made it up… russia. And they also have the resources to find that out. If there’s any paper trail suggesting someone in the UK government orchestrated it they’re highly motivated to find it and cause a huge international incident at the UK’s expense.
Given that i doubt even our present government is that stupid, I’m going with the consensus that it was Russia.
We will of course use it to our own ends. I’m surprised there isn’t a paper already suggesting more internet restrictions… doesn’t usually take much.
They may, however, have a number of undisclosed zero-day exploits which could do just that.
Russia (and us, and the USA, and no doubt others) have well funded departments looking for these things, and keeping them tucked away for a rainy day…
I dont particularly view a bank or banks as being at risk of cyber warfare. l think the risk is more to infrastructure; the payments system, electricity distribution etc etc.
I think Putin is a person who looks very much at risk/return. For him l think the gamble of assination (or attempted) is worth it. At most they’ll be economic sanctions, diplomats expelled etc.
There are l think two types of cyber attack; the irritants the denial of access, slow Internet etc which l think for the most part the victim will ride with.
What would be worse is a disabling attack on infrastructure at that point l think the risk of a physical response engages. It is one thing to slow down Netflix. It’s very much different to take out the payments system, runs on banks ensue - economies tank. Populations demand action…
It is worth noting that as part of the US nuclear posture assessment they are (or have) considering a sustained cyber attack being reason to launch a first nuclear strike.
I think if anything like this does happen,
Monzo would currently not even be included in any of it.
All good.
