Cyber Attacks on Banks Expected to Continue

Print
Email
Reprints
Comment
Twitter
LinkedIn
Facebook
Google+

The organization taking responsibility for the distributed denial of service attacks on banks over the past several weeks, Izz ad-Din al-Qassam Cyber Fighters Group, is apparently taking a week off, ostensibly to celebrate the Muslim holiday Eid al-Adha. But new information has emerged about the group's motives and mode of operation that suggest this truly is a cyber war that is just beginning.

The group's true reason for stopping its attacks, according to industry experts, is not religion but fear of being caught. Investigators have found some of the machines being used to mastermind these attacks and were trying to locate the people involved. The perpetrators conducting the attacks, many of them English-speaking subcontractors (according to intercepted emails), shut their activities down to avoid being found and arrested.

Investigators have linked the recent attacks on ten banks (including Bank of America, Wells Fargo and PNC) with similar distributed denial of service incidents against the Israeli stock exchange and El Al Airline in January; the same code was used in both attacks. This suggests that the group is not motivated by outrage against the YouTube video "Innocence of Muslims" that was posted to YouTube in September, as they have claimed on their Pastebin blog all along. Their motive for the ongoing crimes that started almost a year ago may be retaliation for U.S. malware attacks against Iranian nuclear facilities in 2010.

"In January, we went from cybercrime to real cyberwar," says Avivah Litan, vice president and distinguished analyst at Gartner.

Another chilling fact investigators have uncovered is around the powerful nature of these attacks.

In a typical distributed denial of service attack, malware is used to engage innocent users' computers in a botnet that launches a stream of repeated requests to a web server (such as one hosting an online banking site) that cripples the targeted server. The user never knows his computer is taking part in an attack. Some estimates suggest that 15% of all PCs are unwitting participants in botnets.

In the current round of DDOS attacks, the perpetrators are harnessing high-test corporate servers with high-speed connectivity - 3,000 of them. This botnet farm is capable of aiming 100 gigabytes per second of malicious traffic at its targets. This volume is too much for a typical network to handle. These servers can't all be shut down at once for logistical reasons. Some of the servers are mission-critical to their businesses and shutting them down would be disruptive. So in addition to defending their networks and web servers from DDOS traffic, banks have to make sure servers throughout their organizations don't get entrapped in the botnets themselves.

"The banks are in a state of panic, they're on hyper-alert," Litan says. "Especially the big ones that haven't gotten attacked yet. They're just waiting for the shoe to drop."

Most banks are constantly looking at intrusion prevention systems, DDOS mitigation software and threat intelligence software and services. Banks are also working with their internet service providers on ways to identify and thwart the attacks. One bank that survived an attack relatively well used distributed web servers, so that the attack was also distributed and had less impact.

Experts say it's likely the attacks on banks will resume next week. "I don't think they're going to stop until they get caught," Litan says.

Some theorize that the DDOS attacks will escalate into financial fraud and data theft, which the Izz ad-Din al-Qassam Cyber Fighters Group has insisted it has not conducted so far.

"I have heard a couple of anecdotes about wire transfer fraud at call centers," Litan says. When corporations can't move their money because the bank's website is down, they tend to flood the call centers with calls about their wire transfers. "In the call center, they're not all savvy about social engineering," Litan says. Banks need to start training their call center agents to identify and handle fraudulent calls.

"We all know that these people know how to take over accounts and get into banking systems," Litan notes. "I'm sure if they wanted to, they could take money, too."

JOIN THE DISCUSSION

SEE MORE IN

'The Law Penalizes the Consumers It Set Out to Protect': Comments of the Week

American Banker readers share their views on the most pressing banking topics of the week. As excerpted from the Comments sections of AmericanBanker.com articles.

(Image: Fotolia)

Comments (0)

Be the first to comment on this post using the section below.

Add Your Comments:
Not Registered?
You must be registered to post a comment. Click here to register.
Already registered? Log in here
Please note you must now log in with your email address and password.

The FinTech 100

FIS and Tata once again top the annual FinTech 100 list of vendors, ranked by revenue; IBM and Hewlett-Packard lead the pack of tech companies serving multiple industries; and Bionym and Silver Tail are among the 10 Tech Companies to Watch.
DAILY ENEWSLETTER UPDATE

A Newsletter featuring Bank Technology News' top stories plus special reports and data

This feature displays payments industry news and analysis from American Banker sibling brand PaymentsSource. Registration is required; for more information contact customer service.

TWITTER
FACEBOOK
LINKEDIN
Already a subscriber? Log in here
Please note you must now log in with your email address and password.