No U.S. Bank Is Safe
If the picture doesn’t send the message, let me spell it out for you. All of the banks in that picture have reported Distributed Denial of Service (DDoS) attacks from the hacktivist group Izz ad-Din al-Qassam Cyber Fighters. The group claims that its second phase of distributed-denial-of-service attacks has affected nine banks since Dec. 11, and it warns that more attacks are on the way. The group will continue to target U.S. institutions until a YouTube movie trailer believed by the group to be anti-Islamic is removed from the Internet.
Normally, this sounds to me like another half baked conspiracy theory, but the number of stories are starting to add up, and this story is gaining more and more steam.
While Iran has made multiple statements that they are not responsible, the attacks continue. On Dec. 21, the Office of the Comptroller of the Currency became the first regulatory agency to issue an alert to financial institutions on the recent wave of DDoS strikes. My bank just alerted me via email that I may experience issues in mobile banking availability. I haven’t experienced an outage yet, but I am concerned that a DDoS attack is just a red herring for a significant breach of security leaking banking or identity information.
If you are a customer of these institutions, like myself, do not panic. So far, none of the banks have reported breaches, and there have been very few reports of outages. So far, anti-DDoS strategies, such as on-Demand cloud servers to handle unexpected DNS load, have been holding their own. Just be wary– pay attention to your bank statements and report any fraud immediately. The best source of information on this in my opinion is BankInfoSecurity.com:
BankInfoSecurity is a multi-media website published by Information Security Media Group, Corp. (ISMG), a company specializing in coverage of information security, risk management, privacy and fraud. Headquartered in Princeton, New Jersey, USA, ISMG provides news, opinions, education and other related content to assist senior executives and information security professionals as they navigate the increasingly challenging world of information security.
Keep some money under your bed!
- September 26, 2012: phase one of the attacks begin.
- October 23, 2012: HSBC Holdings, Capital One, and BB&T Corp are hit with DDoS attacks
- December 14, 2012: NetworkWorld acknowledges that attacks are continuing, but Banks are responding to the pressure with little to no damage.
- December 21, 2012: Office of the Comptroller of the Currency became the first regulatory agency to issue an alert to financial institutions on the recent wave of DDoS strikes.
- January 2, 2012: Hackers claim on Pastebin responsibility and state that attacks will continue. Banks have reported intermittent outages of web services.