Banking Blog

Finance Blogs » Banking Blog » Hackers halt attack on bank websites

Hackers halt attack on bank websites

By Claes Bell ·
Thursday, January 31, 2013
Posted: 2 pm ET

Sick and tired of going to your bank's website and finding it down? You may be in luck.

A hacktivist group claiming responsibility for a string of cyberattacks against bank websites has suspended its operations after YouTube took down a controversial movie about the life of the Muslim prophet Mohammed.

The group, which calls itself the Izz ad-Din al-Qassam Cyber Fighters, had targeted the websites of many of the nation's largest banks, including JPMorgan Chase & Co., Bank of America, Wells Fargo, Citibank and Capital One, with "distributed denial of service" attacks beginning in September.

DDoS attacks, as they're known, use a network of remotely controlled virus-infected computers to overwhelm a website with traffic, making it temporarily inaccessible, says Martin Lindner, principal engineer for CERT at Carnegie Mellon University's Software Engineering Institute.

"A DDoS is a traffic jam," Lindner says. "They are denying a legitimate user's ability to get to a service."

That task is made easier by the fact that bank websites are not set up to handle the massive amount of traffic launched in a DDoS attack, Lindner says. Unlike online retailers like Amazon who must stay online to do any type of business, banks may not necessarily want to spend the money required to boost capacity to the point where DDoS attacks are doomed to fail.

But while there's no evidence that customers' accounts were ever compromised, the attacks were costly for banks and customers, Lindner says. Considering the scale of the attacks, it's likely there were many bank customers with pressing business at their bank that ended up feeling the financial pain, he says.

"If you can't get to your bank to do that transaction, there will be ramifications," he says. "I'm sure there are people that were inconvenienced and it was painful."

Bank customers are increasingly dependent on the Web to access their accounts. A 2012 report by Javelin found that 83 percent of Internet-connected U.S. households use online banking.

Izz ad-Din al-Qassam claimed its attacks cost U.S. banks $30,000 for every minute their websites were down, but Lindner is skeptical of that number and most of the rest of the organization's claims.

"In the DDoS world, no one knows who's actually doing it," Linden says. "Anyone can claim they did it."

What do you think? Have you been inconvenienced by not being able to access your bank's website lately? Are you glad the attacks may be over?

Follow me on Twitter: @ClaesBell.

Bankrate wants to hear from you and encourages comments. We ask that you stay on topic, respect other people's opinions, and avoid profanity, offensive statements, and illegal content. Please keep in mind that we reserve the right to (but are not obligated to) edit or delete your comments. Please avoid posting private or confidential information, and also keep in mind that anything you post may be disclosed, published, transmitted or reused.

By submitting a post, you agree to be bound by Bankrate's terms of use. Please refer to Bankrate's privacy policy for more information regarding Bankrate's privacy practices.
February 01, 2013 at 1:17 pm

I was kicked out of the B of A website this morning ~8:15 AM Pacific. I successfully printed out the most recent transactions in one of our bank accounts. When I tried to switch to the other account, the website was not able to complete my request. Subsequently, I tried to log in several times, to no avail, and now attempts to log in give a screen informing me that the website is currently not available. I noted that the transfer of funds I made yesterday, January 31, was correctly posted, so the website worked fine for me yesterday.

January 31, 2013 at 8:53 pm

In late December, Chase emailed me and called me to tell me my Debit Visa card may have been compromised and they cancelled it and sent me a new one. I had that card for more years than I can remember without an issue before. I found it strange and figured I'd hear about someone compromising Chase and other banks. Now this. It doesn't seem like this article says all that happened or Chase and others are not telling all they know.

Christine Hess
January 31, 2013 at 7:50 pm

For over 2 weeks I have been unable to use my PC to manage my financial affairs at JCMorgan Chase because the website times out before I can do anything. I have spent hours on the phone with Chase and they have told me it is because I use Internet Explorer as my web browser. However no one I know who has Internet Explorer has had problems with their online accts at other banks. As of today I was still unable to stay on the website for any amount of time. Hopefully it was a Cyberattack but I am not sure. Basically Chase did not tell me that it was and has been totally unable to resolve my issue. I have read that Chase may be "too big to manage well", and I know that their IT dept can't manage anything well at this point. They tell me it is because they are "upgrading" their website and I think that they ought to check out possible compatability issues before they go live.

January 31, 2013 at 7:16 pm

And the banks have exactly what to do with Youtube or that film? Just more ignorant Islamic extremists.