Banking Blog

Finance Blogs » Banking » ‘Hacktivists’ shut down bank websites

‘Hacktivists’ shut down bank websites

By Claes Bell, CFA · Bankrate.com
Wednesday, September 26, 2012
Posted: 5 pm ET

Having trouble accessing your bank's website or mobile banking tools lately? You're not alone.

Millions of bank customers have been encountering error screens when trying to check their balances, make transfers and do other banking business thanks to a series of cyber attacks on banking giants Bank of America, JPMorgan Chase, Wells Fargo, Citi and now U.S. Bank. As of now, all those sites are back up again, but the series of attacks is probably not over yet.

From E. Scott Reckard at the Los Angeles Times:

A day of disruptions in Wells Fargo & Co.'s electronic banking operations apparently was the latest in a series of cyber attacks that disrupted online operations at Bank of America Corp., Citigroup Inc. and JPMorgan Chase.

A computer security expert blamed massive denial of service attacks, in which perpetrators overwhelm computer servers with communications demands, causing networks to seize up or slow down.

In a posting at Pastebin.com, a group calling itself the Izz al-Din al-Qassam Cyber Fighters claimed responsibility for last week's outages at Bank of America, Citi, and JPMorgan before hitting Wells Fargo. It said it would attack U.S. Bancorp on Wednesday and PNC Financial Services Thursday.

The notes on Pastebin also portray the attacks as a response to the inflammatory video about the Prophet Mohammed that provoked demonstrations throughout the world.

As Reckard notes, if the posts are to be believed, then PNC Customers will likely experience disruptions Thursday. If that's your bank, you might want to get any business with your accounts there done today.

So, you might be thinking to yourself, how do attacks like this manage to bring down the websites of some of the most powerful financial institutions on the planet? The answer, says Tim Rohrbaugh, chief information security officer at Intersections Inc., is that banks are simply outnumbered.

As the Los Angeles Times article notes, the type of attacks being perpetrated here are known as "distributed denial of service," or DDoS, attacks. To carry out a DDoS attack, hackers activate networks of computers all over the world that have been compromised by special malware. Those networks, called botnets, basically flood the target site with "clicks" -- so many clicks that the site's servers, or the connection it uses to carry its site out to consumers, are compromised.

The effect, Rohrbaugh says, is similar to what would happen if you barricaded a brick-and-mortar bank so customers couldn't come in.

The outages caused by DDoS attacks can be extremely disruptive, especially if you have urgent business to transact with a bank or that bank doesn't have brick-and-mortar locations. The good news is they don't, in and of themselves, lead to any data from the site being compromised, just as barricading the front of a bank wouldn't lead to the contents of the safe spilling out into the street.

However, DDoS attacks can be used as a "diversion" to attack other areas of a site, says Rohrbaugh. As of yet, none of the banks have reported anything like that, but Rohrbaugh says there's probably more to this story.

DDoS attacks can be expensive because, oftentimes, botnets used in such attacks are identified and blocked by authorities.

"When you attain those, somebody's paying for that," Rohrbaugh says. "People are actually getting compensated for compromising computers, and so to give those up, just for this attack, usually there has to be some gain from it, and usually just a political statement's not just the only goal."

If you find these types of attacks distasteful, there is something you can do to stop it, Rohrbaugh says: Make sure your own computer is free of viruses and malware. One way to do that, he says, is make sure your virus and malware protection software is up to date.

Doing so has personal benefits as well, he says. Computers compromised by botnets are also usually mined for valuable personal information, and may be blocked by authorities who observe attacks originating from their IP addresses, a computer's "home address" on the Web.

What do you think? Is this really the work of Islamic activists? What do they hope to gain? Have you noticed a disruption in your service?

Follow me on Twitter: @ClaesBell.

«
»
Bankrate wants to hear from you and encourages comments. We ask that you stay on topic, respect other people's opinions, and avoid profanity, offensive statements, and illegal content. Please keep in mind that we reserve the right to (but are not obligated to) edit or delete your comments. Please avoid posting private or confidential information, and also keep in mind that anything you post may be disclosed, published, transmitted or reused.

By submitting a post, you agree to be bound by Bankrate's terms of use. Please refer to Bankrate's privacy policy for more information regarding Bankrate's privacy practices.
3 Comments
Ray
September 27, 2012 at 10:32 am

What you are saying makes me think it might be safer to bank with a smaller bank. Why would a hacker target a smaller bank?