Major Banks Fend Off Barrage Of DDoS Attacks
Major financial institutions throughout the Western world have been fending off a series of cyber attacks believed to be coming from the Middle East where hacktivists, and potentially governmental entities, are retaliating against developments such as diplomatic pressure against the Iranian nuclear program as well as the anti-Islamic film deemed insulting to Muslims.
A series of DDoS attacks have been launched against a variety of banks, including Bank of America, Citigroup, J.P. Morgan Chase, PNC, U.S. Bank and Wells Fargo. The attacks are believed to be the most extensive use of DDoS ever seen
On Sept. 19, the Financial Services Information Sharing and Analysis Center (FS-ISAC) set its threat level to "High" and issued a statement that said, "Issues of concern include recent credible intelligence regarding the potential for DDoS and other cyber attacks against financial institutions. Members should maintain a heightened level of awareness and apply all appropriate updates, particularly for the Microsoft out-of-band bulletin for Internet Explorer and Cisco security advisory releases. Update AV and IDS/IPS signatures and ensure constant diligence in monitoring and quick response to any malicious events."
[Related: Iran Denies Claim of DoS Attacks Against Banks ]
The attacks began very shortly thereafter. The DDoS attacks flooded the networks of several of the institutions, occasionally causing interruptions in online services. Whether any long-term damage has resulted from this onslaught remains to be seen.
"Years ago hacking was a very specialized skill, but now it has become highly commoditized," said Harry Sverdlove, CTO of Bit9, a Waltham, Mass.-based security vendor. "Moore's law almost applies to cyber attacks, in a way. Every 24 months we see the level of sophistication double because the criminals are sharing techniques. So a denial of service is as simple as downloading a small utility that is highly available on a lot of different websites. So now you can take down a large website with a minimum of capabilities and expertise."
Aside from the technical components, other industry experts say the geopolitical situation has opened up the United States to cyber attacks based on previous actions of the US government.
"Our role in Stuxnet opens up Pandora's box," said Paul Henry, a security and forensic analyst at Lumension. "We've basically said that a cyber attack is equivalent to an act of war and could be met with any military response from the United States. Then people in glass houses probably should not throw rocks like Stuxnet," he said, referring to the Stuxnet worm, a weaponized piece of malware used to attack the Iranian nuclear program, beginning in 2010.
Those attacks are widely believed to have come from either Israel or the U.S. "Any third world country with a grudge against the United States and an Internet connection now believes, by example from the United States, that it is acceptable to promote your political viewpoint by launching a cyber attack," said Henry. "We did it. Why should we expect that they would not?"
NEXT: Who Fired The First Shot?
A Muslim group identified as the "Izz ad-Din al Qassam Cyber Fighters" has claimed responsibility for at least a portion of the recent attacks, as banks scrambled to conduct damage control, and reassure both customers and shareholders.
Iran’s Civil Defense Organization told the Fars News Agency that the Tehran government has had no role in the incidents. However, U.S. Senator Joe Lieberman openly suspects Iran, based on statements made by the senator during an interview on C-SPAN.
Lieberman's cybersecurity bill, which was aimed at developing processes to address threats such as these, failed in the Senate last month in a vote that was cast largely along party lines. Proponents say a comprehensive national response is necessary for the safety of the public and the safety of commerce. But, opponents claim that the outcome would likely place too much restriction on business and potentially bring about privacy issues. President Obama is pondering a cybersecurity executive order expected to institute many of the terms included in the bill, but at this point the exact extent of any such order is unknown.
Meanwhile, the threat is seen as a significant one.
"I think cyber terrorism is a very real and present threat because it only takes one person to do it," added Bit9’s Sverdlove. "One person with a laptop and an ax to grind can do more damage than one single person has been able to do in the past. We can't control them all, and there will always be enemies."
PUBLISHED SEPT. 28, 2012