11/11/23, 6:07 PM World’s Biggest Bank Forced to Trade via USB Stick After Hack | TIME

S UBS CRIBE

BUSINESS FINANCE

Cyber Attack Forces World’s Biggest Bank to

Trade via USB Stick

Industrial and Commercial Bank of China logo on a building in Warsaw, Poland, on August 15,
2023. Jakub Porzycki—NurPhoto/Getty Images

BY KATHERINE DOHERTY, LIZ CAPO MCCORMICK AND ALEXANDRA HARRIS / BLOOMBERG

NOVEMBER 9, 2023 11:30 PM EST

O n Thursday, trades handled by the world’s largest bank in the

globe’s biggest market traversed Manhattan on a USB stick.

https://time.com/6333716/china-icbc-bank-hack-usb-stick-trading/ 1/7
11/11/23, 6:07 PM World’s Biggest Bank Forced to Trade via USB Stick After Hack | TIME

Industrial & Commercial Bank of China Ltd.’s U.S. unit had been hit by a
S UBS CRIBE
cyberattack, rendering it unable to clear swathes of U.S. Treasury trades
after entities responsible for settling the transactions swiftly
disconnected from the stricken systems. That forced ICBC to send the
required settlement details to those parties by a messenger carrying a
thumb drive as the state-owned lender raced to limit the damage.

The workaround — described by market participants — followed the

attack by suspected perpetrator Lockbit, a prolific criminal gang with ties
to Russia that has also been linked to hits on Boeing Co., ION Trading
U.K. and the U.K.’s Royal Mail. The strike caused immediate disruption as
market-makers, brokerages and banks were forced to reroute trades, with
many uncertain when access would resume.

The incident spotlights a danger that bank leaders concede keeps them
up at night — the prospect of a cyber attack that could someday cripple a
key piece of the financial system’s wiring, setting off a cascade of
disruptions. Even brief episodes prompt bank leaders and their
government overseers to call for more vigilance.

Read More: A New Generation of Bank Robbers Infiltrates Global

Finance

“This is a true shock to large banks around the world,” said Marcus
Murray, the founder of Swedish cybersecurity firm Truesec. “The ICBC
hack will make large banks around the globe race to improve their
defenses, starting today.”

As details of the attack emerged, employees at the bank’s Beijing

headquarters held urgent meetings with the lender’s U.S. division and

https://time.com/6333716/china-icbc-bank-hack-usb-stick-trading/ 2/7
11/11/23, 6:07 PM World’s Biggest Bank Forced to Trade via USB Stick After Hack | TIME

notified regulators as they discussed next steps and assessed the impact,
S UBS CRIBE
according to a person familiar with the matter. ICBC is considering
seeking help from China’s Ministry of State Security in light of the risks
of potential attack on other units, the person said.

Late Thursday, the bank confirmed it had experienced a ransomware

attack a day earlier that disrupted some systems at its ICBC Financial
Services unit. The company said it isolated the affected systems and that
those at the bank’s head office and other overseas units weren’t
impacted, nor was ICBC’s New York branch.

The extent of the disruption wasn’t immediately clear, though Treasury

market participants reported liquidity was affected. The Securities
Industry and Financial Markets Association, or Sifma, held calls with
members about the matter Thursday.

ICBC FS offers fixed-income clearing, Treasuries repo lending and some

equities securities lending. The unit had $23.5 billion of assets at the end
of 2022, according to its most recent annual filing with U.S. regulators.

The attack is only the latest to snarl parts of the global financial system.
Eight months ago, ION Trading U.K. — a little-known company that
serves derivatives traders worldwide — was hit by a ransomware attack
that paralyzed markets and forced trading shops that clear hundreds of
billions of dollars of transactions a day to process deals manually. That
has put financial institutions on high alert.

ICBC, the world’s largest lender by assets, has been improving its
cybersecurity in recent months, highlighting increased challenges from

https://time.com/6333716/china-icbc-bank-hack-usb-stick-trading/ 3/7
11/11/23, 6:07 PM World’s Biggest Bank Forced to Trade via USB Stick After Hack | TIME

potential attacks amid the expansion of online transactions, adoption of

S UBS CRIBE
new technologies and open banking.

Read More: How China Became a Global Lender of Last Resort

“The bank actively responded to new challenges of financial

cybersecurity, adhered to the bottom line for production safety and
deepened the intelligent transformation of operation and maintenance,”
ICBC said in its interim report in September.

Ransomware attacks against Chinese firms appear rare in part because

China has banned crypto-related transactions, according to Mattias
Wåhlén, a threat intelligence specialist at Truesec. That makes it harder
for victims to pay ransom, which is often demanded in cryptocurrency
because that form of payment provides more anonymity.

But the latest attack likely exposes weaknesses in ICBC’s defenses,

Wåhlén said.

“It appears ICBC has had a less effective security,” he said, “possibly
because Chinese banks have not been tested as much as their Western
counterparts in the past.”

Record levels

Ransomware hackers have become so prolific that attacks may hit record
levels this year.

Blockchain analytics firm Chainalysis had recorded roughly $500 million

of ransomware payments through the end of September, an increase of

https://time.com/6333716/china-icbc-bank-hack-usb-stick-trading/ 4/7
11/11/23, 6:07 PM World’s Biggest Bank Forced to Trade via USB Stick After Hack | TIME

almost 50% from the same period a year earlier. Ransomware attacks
S UBS CRIBE
surged 95% in the first three quarters of this year, compared with the
same period in 2022, according to Corvus Insurance.

In 2020, the website of the New Zealand Stock Exchange was hit by a
cyberattack that throttled traffic so severely that it couldn’t post critical
market announcements, forcing the entire operation to shut down. It was
later revealed that more than 100 banks, exchanges, insurers and other
financial firms worldwide were targets of the same type of so-called
DDoS attacks simultaneously.

Caesars Entertainment Inc., MGM Resorts International and Clorox Co.

are among companies that have been hit by ransomware hackers in
recent months.

Read More: This Company Was Hit With a Devastating Ransomware

Attack—But Instead of Giving In, It Rebuilt Everything

ICBC was struck as the Securities and Exchange Commission works to

reduce risks in the financial system with a raft of proposals that include
mandating central clearing of all U.S. Treasuries. Central clearing
platforms are intermediaries between buyers and sellers that assume
responsibility for completing transactions and therefore prevent a
default of one counterparty from causing widespread problems in the
marketplace.

The incident underscores the benefits of central clearing in the $26

trillion market, said Stanford University finance professor Darrell Duffie.

https://time.com/6333716/china-icbc-bank-hack-usb-stick-trading/ 5/7
11/11/23, 6:07 PM World’s Biggest Bank Forced to Trade via USB Stick After Hack | TIME

“I view it as one example of why central clearing in the U.S. Treasuries

S UBS CRIBE
market is a very good idea,” he said, “because had a similar problem
occurred in a not-clearing firm, it’s not clear how the default risk that
might result would propagate through the market.”

MORE MUST-READS FROM TIME

The Struggle to Save Lives Inside Gaza’s Hospitals

Sheikh Hasina and the Future of Democracy in Bangladesh
How Barbra Streisand Landed Her Broadway Debut
What Fuels Max Verstappen’s Formula One Success
Maggie Smith: I Got Divorced. My Family Is Still Whole
Should We End Obesity?
The Best Inventions of 2023
Want Weekly Recs on What to Watch, Read, and More? Sign Up for
Worth Your Time

CONTACT US AT LETTERS@TIME.COM

Hom e Entertainm ent

U.S. Ideas

Politics Science

World His tory

https://time.com/6333716/china-icbc-bank-hack-usb-stick-trading/ 6/7
11/11/23, 6:07 PM World’s Biggest Bank Forced to Trade via USB Stick After Hack | TIME

Health Sports
S UBS CRIBE
Bus ines s Magazine

Tech The TIME Vault

Pers onal Finance by TIME Stam ped TIME For Kids

Shopping by TIME Stam ped TIME CO2

Future of Work by Charter Coupons

TIME Edge Pres s Room

Video TIME Studios

Mas thead U.S. & Canada Cus tom er Care

News letters Global Help Center

Subs cribe Contact the Editors

Subs criber Benefits Reprints and Perm is s ions

Give a Gift Site Map

Shop the TIME Store Media Kit

Careers Supplied Partner Content

Modern Slavery Statem ent About Us

© 2023 TIME USA, LLC. All Rights Reserved. Use of this site constitutes acceptance of our Terms of Service,

Privacy Policy (Your California Privacy Rights) and Do Not Sell or Share My Personal Information.
TIME may receive compensation for some links to products and services on this website. Offers may be subject to
change without notice.

https://time.com/6333716/china-icbc-bank-hack-usb-stick-trading/ 7/7