UKC

If a bank is seriously hacked, what happens in the worst case. Can my money (or records of it) vanish?

It will depend on the backups. If you want secure date then you need to regularly write to one time only backups (mix of servers and tapes which you eject and only reuse every x months/years).

However you then need to regularly test those backups on a completely isolated system since otherwise what could happen is the attacker takes out the backups first for x period before taking down the live system and so when you try to restore you find corrupted info.

For a regulated bank I believe they have regular checks (having chatted with some devs there about all the process management I have zero interest in working for one so knowledge is limited) so it depends on how much you trust that.

There would be quite a lot of data which could be retrievable from other sources but it would take time and depend on it being a different bank interacting eg my paychecks could be retrieved since its a different bank but some other stuff would get messier.

So it depends.

I would recommend having a mix of accounts and possibly making sure you have a paper record available.

All sounds reasonable. 

What happens if I claim to have deposited £1m between the last back up and the attack though? (or generally to  all un-backed up transactions? Surely  any significant loss screws the whole system? Or.is there somehow a sychronus backup?

To use technical terminology I have no idea. Synchronous backups are in theory a possibility or rather write only transaction logs which you can then rebuild from but protecting them from overwrites has its own level of complexity. Given that from what I know of banking systems many are ancient systems with various bodges on top to keep them running I am not sure they would have been designed with aggressive resilience in mind. Even a brand new system would likely have difficulty getting the sign off for the cost.

I guess it would come down could you prove it to a reasonable degree. So I would suggest getting a receipt when you deposit the cash just before unleashing your virus.

Oh and warning me so I can fake a receipt.

I'll give you 12hrs heads-up

This isn’t true, pretty much any financial transactional system will have resilience built in with synchronous writes to disaster recovery site. No transaction will be committed until it’s been acknowledged by the secondary site. You are correct in saying this would not necessarily save you because if the issue was a hack and not the loss of the primary system then any changes hackers made to the data would be replicated. You’d hope there’d be a lagged copy as well but that’s pretty rare and still no help if you’ve just deposited your massive lottery cheque between the lag and the hack. 
In short, MG, there are circumstances in which we could all be screwed, better spread your money around (or use crypto which, in certain scenarios, is more secure). 

cheers. I guess the one vaguely reassuring thing (or not given the promise of the heads up) is I am not sure anyone outside of a cyberwar who wasnt concerned about a proper war (so North Korea given the level of hacking for cash they are reckoned to do) would go for taking out a major bank to a degree it couldnt be recovered.

Since I would guess at that point you would end up with the NSA/GCHQ etc taking a very keen interest in you shortly before Delta/Seals/SAS pop round for a quiet chat.

There would be certain levels of disruption that I dont think the people causing it would be likely to survive unless they are backed by their own serious nation state.

I would imagine there would be a transaction journal* and that it would in itself be backed up too. Of course, if someone was truly intent on f***ing things up they could potentially remain under the radar and corrupt the journal for a period of time before the final outage. 

* in a DB sense.

Yes but not resilience in the face of an attacker as per the question.

Where I work we have failover servers plus DR servers and so the chances of losing anything under normal circumstances is pretty much zero but worse case if a nation state or someone similar in capability came after us I would assume those would be destroyed and then we would have to go to our offline backups (which are frequent and are tested) but even then I wouldnt put money on it.

Very specific scenarios. NK by all accounts is making quite a lot of money whilst cryptocurrency fans are learning all the reasons why the mainstream financial system has the rules and controls it does.

I was maybe being pedantic, I’ve just come off a DR project where I had to spend a lot of time explaining to people that resilience and DR are not the same thing. 

Unless I am being paid I can be somewhat lazy with terminology especially since I tend to leave most of that to our devops/sysops and just stick to writing bad code to ensure what they do is meaningless.

Actually whilst I think of it one more bit of advice for MG.

Make sure the amount held in a bank is beneath the financial services compensation scheme limits. Not sure it would help here although it might so long as you can show the paying into it but its a good idea on principle.

Interesting discussion.  I was assuming Russia,  given events.

Repeating what's been said. It would be incredibly difficult to completely destroy financial records. Maybe a small startup bank that cuts corners? But at any of the big boys that I've worked at, you'd have a hell of a job. It's all heavily regulated....and financial records are the crown jewels of a very wealthy and powerful industry....they aren't treated lightly.

Long ago some bank people told me their backups were 15km away from their system at HQ. They joked they'd been located so the backups and system at HQ wouldn't both be destroyed by the same nuclear blast.

I think Google used to promise cloud storage in 3 different data centres on 2 different continents, and that was just the free account I was using. Handily it brings everything under the remit of the NSA and UK interception at borders.

There are some interesting suggestions on this thread ... 

Q - Is it technically possible that a bank could be hacked and loose everything?

A - Anything is possible.  But technology companies (of which most financial institutions are now becoming) go to exceptional lengths to stop this happening.  

Q - Has a UK bank ever been hacked and lost everything?

A - Not that I can recall or find reference to.  It is exceptionally low probability event.

Q - Should you diversify your money across UK banks to reduce the risk of this event?

A - Go nuts.  But you do not need to do this.  No western government or western financial institution recommends this.  The first £85k you have in any regulated financial institution is protected by the FSCS.  It is conceivable that in the event said financial institution was hacked and all records lost that it would also go bust.  It is not unreasonable that if you have more than £85k that you might want to spread it around .. but few are lucky enough to be in that position.

Q - Should you invest in crypto to mitigate the risk of a bank being hacked and you loosing everything?

A - I categorically would not recommend this.  The average person it 100x fold more likely to have their crypto wallet stolen than have their UK bank hacked and all records lost.  Any investments you make in Crypto should be with money are you prepared to lose.  Worth also noting that a transaction completed on the blockchain is uni-directional.  i.e. once it has been completed - it cannot be undone.  This comes into play if you have been scammed and someone has taken money from your traditional bank account ... in my circumstances you will find that the bank compensates you for your loss .. even though it has no requirement to do so.  The same does not take place on the blockchain ... once its gone - its gone.

I agree with @Alkis - if you really wanted to create mayhem ... then I wouldn't destroy the data.  Instead I would make a mess of it.  What would be worse than having a valid ledger .. but a complete loss of integrity on the balances.  You know it is wrong .. but you don't know what is right.  Those who had gained would refuse to give up their wins.  Those who had lost would scream about it.  This would be more disruptive to fix than simply loosing the lot.  Very much in the realms of Russians "post truth" ideas ... you don't want suppress news ... you just want to create so many alternative narratives that no one trusts any of the narratives anymore.  All news becomes untrusted news .. no matter who is reporting it.

I've been in a bank datacentre with missile proof walls and that you enter through a kind of turnstile and tunnel system.  That was 30 years ago and it was located some miles out of town.  The physical security was greater than that of some defence sites I've worked in.

Personally I would recommend it at least at a limited level. Having a couple of debit cards with different banks and also making sure one is with visa and one with mastercard does give a fallback option in case of network outages which whilst rare isnt unknown. Especially given fewer and fewer people carry cash.

In theory yes but in practice there have been a few occasions where people with enough power and reverted it

true and it would give you the chance to syphon off a load to support your next set of raids/ballistic missiles.

Similarly, years ago had a friend who then worked for a major uk bank. He said their systems in place were on a need to know basis and even he with many many years of working for them didn’t know the full extent. However, he mentioned knowing about multiple remote backup sites, time delays in between systems data transfers, multiple duplications of live data, etc.

However, additionally, at his bank they even had a complete duplicate IT system at an unknown remote location run by separate staff. This duplicate system, in theory, was sufficiently distanced in all aspects from the live system that there was only a possible loss of up to a few hours data should the live system and backups completely be lost. It was run 24/7 and was capable of taking full operation of their banking anytime very quickly if it was a necessity.

No idea if hacking could cause both complete systems to have been compromised. Sure, how it was then done will be different now a days; hopefully for the better!

yeah .. can't disagree with you there.  I do that.  

lol .. very true.  The Ethereum hard fork, for purposes of rolling back unwanted transactions, was, IMO, truly a 1 time event .. it should never be allowed to happen again.  There will be forks again in the future - but I hope never again to see the ledger rolled back simply because there was majority consensus to do so.  

[1] https://qz.com/730004/everything-you-need-to-know-about-the-ethereum-hard-f...

Do they not insure themselves against this possibility though? i.e. so there is money available to pay people that can prove the money was there.

There may not be an insurer big enough and willing enough to cover that size of loss.

Give up!  next you will have to explain that availability and DR are not the same

Them:  "We don't need backups and DR any more, the data can't be lost in cloud, look at the zillion nines on the availability and immutability - the data is always available and we can just spin up more services automatically"

You:  "Yes but you have immutability never corrupted on x zillion nines % writes and availability of Y billion nines % time, but what if your data is accidentally or intentionally corrupted, you then have perfect availability of s**t corrupted data"

Them: "But we can use versions and lock them"

You: "But any malicious person is going to drop the lock and versions just before they trash the data"

Them: "No this is cloud, the data is always available, and we can spin up more servers/services automatically we don't need backups and DR"

You: Bang your head against wall until you remember you're not a shareholder, smile politely nod when they say that the cloud is run by happy dancing unicorns and DR is no longer needed, and quietly walk away....

Not strictly a bank but Travelex (Forex) got hacked and it took weeks and weeks to recover.

True ... but agree - not quite the same thing as a bank.

If I'm not mistaken (and tell me if I'm wrong), Travelex shut shop for only a day or two before reopening but removing the ability for people to make click-and-collect web orders.  i.e. Travelex had to go purchase their forex as a guess .. take it to the airports .. and see who turned up to purchase it each day ... I guess a bit like the old days. 

Ermmm  ermmm  not lost *everything* but dare we discuss Tesco Bank, Metro Bank being fairly public knowledge, but other stuff I will just say " "