Bank (in)security: Will hack attacks continue?

Security experts are calling the cyberattacks that hit major U.S. banks over the past couple of weeks among the biggest attacks they have ever seen, according to CNN.

However, there have been no reports of data breaches as a result of the attacks, which as  DDOS (dedicated denial of service) attacks were meant to block customer access to the banks’ sites.

The websites of Bank of America, JPMorgan Chase, Wells Fargo, U.S. Bank and PNC Bank were targeted and inaccessible, each for about a day, to the public during the attacks.

A hacker group that calls itself the Izz ad-Din al-Qassam Cyber Fighters claimed responsibility for the disruptions. As the Merc’s Peter Delevett noted this week, the group said online it was carrying out the attacks because of the anti-Muslim video posted on YouTube that has sparked violent and deadly protests. (See Google, free speech and the anti-Islam video.) The group said the attacks would continue “until the removal of that sacrilegious movie from the Internet.”

Security researchers say the scale of the attacks likely means the group had help from a “well-resourced” entity, according to the New York Times.

Sen. Joe Lieberman, I-Conn., said earlier this week he believed Iran was behind the attacks in retaliation for economic sanctions imposed on it by the United States and Europe. A security researcher told the NYT that the attacks were possibly backed by a nation-state or an advanced botnet — a network of infected computers that cybercriminals can command to do their bidding.

The hacker group said in its online missive that it will spend the weekend planning next week’s attacks. The group’s attacks were unusual not only in their scale and scope but also because they were broadcast in advance. The hackers said Wells Fargo would be attacked Tuesday, U.S. Bank would be attacked Wednesday, and so on.

Because the hackers gave notice, theoretically the “banks can get ready ahead of time” for such attacks, Al Pascual, security analyst for Bay Area-based Javelin Strategy & Research, told GMSV in a phone interview. “It becomes like the way a storm works. Financial institutions can warn customers” about potential problems, he said.

Yet Pascual called the recent attacks a unique case, a “heavy-duty DOS attack.” The Los Angeles Times points out the nation’s biggest banks failed to defend the attacks despite the advance warning.


Tags: , , , , , ,


Share this Post

  • rgrace

    Pathetic on so many levels. First, a lavishly-named “hacker” group (seriously – “Izz ad-Din al-Qassam Cyber Fighters?” Stop watching Pokemon cartoons already!) coordinates attacks using ancient DDOS techniques that went out before CPUs went 64-bit. Even more pathetic: that these big banks couldn’t handle such a moronic ‘attack.’ Glad I went to a credit union decades ago.

  • RedRat

    I see this as similar to the Old West, when Mr. Colt’s gun made everyone equal. Back then a simple and relatively inexpensive gun could equalize any confrontation and continues to this day. In a similar manner, give some guys a cheap computer and Internet connection and away they go hacking into the biggest of banks. It makes no difference if you are a powerful bank in the richest country on Earth, you are just as vulnerable to some kid with a $1000 computer as in the Old West.

    Cheap computers and the internet have provided an enormous training ground for both programmers and hackers.