Seeking Alpha

iTrax's  Instablog

Send Message
EXPERIENCE - KNOWLEDGE - INTEGRITY: 25 years of experience in media production; newspaper, magazines, radio, tv, web-publishing, multimedia and corporate communications . Also experienced in starting new business, management and consulting. Areas of expertice: Economic- and financial journalism,... More
My company:
H5F communications Ltd.
My blog:
My book:
  • US Banks Hit By Largest Cyber Attack Ever (But Won't Admit It) 0 comments
    Mar 28, 2013 3:37 PM

    Last week's cyber attacks against US banks were more widespread than reported. In fact, it may have been the largest attack ever, industry experts say. According to Radware, a security firm that has investigated cyber intrusions on behalf of financial firms, roughly a half-dozen institutions endured digital assaults at around the same time, Tuesday. But only JPMorgan Chase (JPM) and BB&T (NYSE:BBT) have so far confirmed the incident.

    "If you have a leak in a boat, you can build a bigger boat so the leaks won't mathematically sink your boat. That's been fundamentally the process many folks have been taking."

    Carl Herberger

    (click to enlarge)

    The attacks followed a threat earlier Tuesday by the al-Qassam Cyber Fighters, a group that has claimed responsibility for a series of incursions since September that have bogged down websites at some of the nation's biggest banks and prevented customers from accessing their accounts. Tuesday's attacks "were the largest attacks we've seen to date in scale," says Carl Herberger, vice president of security solutions at Radware.

    The group, which has vowed to continue its campaign until YouTube takes down a trailer for an anti-Muslim film, said it would target JPMorgan Chase, Bank of America (NYSE:BAC), Citibank (NYSE:C), PNC Financial (NYSE:PNC), Fifth Third Bancorp (FITB), Union Bank, BB&T (BBT) and Capital One (COF) for another round of assaults, reports.

    "The one that was advertised to the world was Chase, but I can tell you that almost on an hourly basis banks were being attacked, which is a very substantial campaign."

    "If you actually measure the response time of some of these banks that are being attacked, you can see that they are under duress," Herberger says. Adding: "Most of them labored for hours on end with little or no response."

    Herberger declined to say which banks beside Chase weathered attacks on Tuesday, citing confidentiality agreements between Radware and its clients.

    BB&T spokeswoman Merrie Tolbert said in an email that the Winston-Salem, N.C., bank "experienced intermittent outages yesterday" but said the bank was able to restore service quickly. Daniel Weidman, a spokesman for Union Bank, said in an email the bank's website also "experienced intermittent outages" on Tuesday before resuming regular operation.

    Citigroup, Fifth Third and Capital One spokespeople said their companies' websites functioned normally on Tuesday. Bank of America's websites also continued to operate without incident, according to a source close to the company.

    "If you have a leak in a boat, you can build a bigger boat so the leaks won't mathematically sink your boat. That's been fundamentally the process many folks have been taking. We see few instances of fixing the leak, "Herberger says.

    While banks continue to take steps to strengthen security, hackers continue to hone their capabilities and can outmatch banks' best efforts to deter them, experts say.

    (click to enlarge)

    Can Be A Diversion

    IT employees at banks are dealing with malicious coders at all ends.

    Depositories are being targeted by both denial of service attacks, in which botnets bombard a financial services company's website in order to shut it down and disrupt services to customer; and invasive malware that infects customers' sometimes insecure devices and compromises their accounts.

    Often denial of service attacks "can be a diversion," says Dave Ostertag, a computer security expert and a global investigation manager with Verizon. At the same time, criminals might be trying to extract financial information from a bank using a variety of different techniques, he says.

    There are, of course, prescriptions banks can follow in order to block some fraudulent money transfers.

    Sergio Fidalgo, BBVA Compass' chief information officer, says his bank hedges against instances of high-tech theft by inserting people and processes into transactions. "There is not a single point of failure in which we rely on from a security perspective," he says. "It's not just about detecting, preventing and fighting the attacks... we have procedures that have to be strictly met when we talk about money leaving the bank."

    Human beings, however, can only catch so much, says Barak Eilam, president of Israeli tech vendor NICE Systems for the Americas.

    Eilam stresses that though computers can only do so much, they certainly pare down what could be indomitable threats to banks by flagging suspicious activity. "Because of banks' scale, complexity, and sophistication … this is where technology comes in place," Eilam says. "Technology helps."

    Even then, people will always be susceptible to social engineering attacks in which hackers pick up just enough information about a person to fool a bank employee into moving a victim's money, or worse.

    Still, as Herberger sees it, banks continue to play catch-up:

    "How is it we've gotten to the point where we've had the largest financial institutions, the most handsome security departments and all of the regulators, where there was a risk to begin with and numerous vulnerabilities that are exploitable, and yet we haven't been able to resolve it?"

    Good question.


    Related by econoTwist's:

Back To iTrax's Instablog HomePage »

Instablogs are blogs which are instantly set up and networked within the Seeking Alpha community. Instablog posts are not selected, edited or screened by Seeking Alpha editors, in contrast to contributors' articles.

Comments (0)
Track new comments
Be the first to comment
Full index of posts »
Latest Followers


More »

Latest Comments

Posts by Themes
Instablogs are Seeking Alpha's free blogging platform customized for finance, with instant set up and exposure to millions of readers interested in the financial markets. Publish your own instablog in minutes.