Morgan Stanley was an undisclosed victim of the infamous Chinese ‘Aurora’ hacks of 2009, new emails leaked recently from security company HBGary have said.
“They (Morgan Stanley] were hit hard by the real Aurora attacks (not the crap in the news),” HBGary security expert Phil Wallisch wrote in a private email in May 2010 that was itself only released in the aftermath of an attack on the consultant by the Anonymous hacktivist group this February.
"They have given me access to a very sensitive report on their Aurora experience. I will honor their wishes about not sharing the info with anyone, but the good news is that I have some great ideas for our final reports," he continued.
The success of the attack and what was being targeted is still a mystery. Morgan Stanley has declined to comment on the emails.
It now looks as if the scale of attacks might never have been made public at all had Google not made a public pronouncement on the topic on 12 January 2010 in a blog that claimed many other companies had been affected.
Morgan Stanley's policy of non-disclosure chimes with a separate and recent set of alleged Chinese attacks on US and UK energy companies, which also only came to light as a result the same HBGary leaks.
Whatever their true scale, the Aurora attacks are considered a turning point in the way the the US Government treats such events. Within hours of the attacks being made public in January 2010, US Secretary of State Hillary Clinton publically upbraided China for its alleged involvement.