If you have a checking account or a credit card with a major bank, chances are good that you’ve experienced some trouble accessing your online accounts in the past month. A host of major banks, including the three largest in America, have been the victims of cyber attacks that fully or partially shut down sites in recent weeks.
While there’s no evidence so far that any of the attacks have resulted in financial fraud or stolen identities, they are a worrisome reminder that even the largest and most security-conscious businesses may be vulnerable to computer-based attacks.
“It was annoying, frustrating, and a little bit scary,” says Gerri Detweiler, Credit.com’s Director of Consumer Education, who had lost access to two of her accounts when her bank’s website was shut down. “I couldn’t see what was happening in my accounts. So if someone had been trying to drain my accounts, I wouldn’t have known about it very quickly.”
The latest round of attacks struck Capital One Financial Corp., BB&T Corp. and HSBC Bank USA. In each case, the companies’ websites were taken down by denial-of-service attacks, in which hackers targeted the sites with such high volumes of traffic that the networks crashed under the load, according to the Defense Department.
The attacks drew a rebuke from Defense Secretary Leon Panetta, who warned that this kind of activity poses a serious threat to U.S. national security. The wave of website attacks is especially concerning due to the unprecedented “scale and speed” with which the denial-of service attacks have been carried out.
“Such a destructive cyber terrorist attack could paralyze the nation,” Panetta said in a recent speech in New York. “Potential aggressors should be aware that the United States has the capacity to locate them and hold them accountable for actions that harm America or its interests.”
In posts to the website pastebin.com, a group calling itself Izz ad-Din al-Qassam Cyber Fighters has taken responsibility for the attacks, which the group has labeled “Operation Abigail.” According to the group’s statements, the effort is in retribution for the film “Innocence of Muslims,” which sparked violent protests across the Muslim world for its depiction of the Prophet Muhammad as a womanizer, a homosexual and a buffoon. In posts, the group has demanded that the film be removed from the internet
“Attacks will continue until insults last,” according to one post. “Do you want attacks to be stopped? Stop the insults and eliminate their traces!”
The first wave of attacks began in September, when the websites belonging to Bank of America, JPMorgan Chase, Wells Fargo, U.S. Bank and PNC Bank were disrupted and taken down. The attacks had little direct impact on consumers, except the temporary frustration they caused. In most cases, service was restored within hours or days.
“We get so used to this technology that when it doesn’t work, you feel kind of lost,” Detweiler says.
To stop such attacks in the future, or at least limit their reach, the Defense Department has increased its ability to chase such actions back to their source, Panetta said, and widened its investigative scope beyond the department itself to combat threats against the private sector. Part of the problem is that traditional methods of repelling such attacks don’t seem to be working anymore, according to the Financial Services Information Sharing and Analysis Center, a trade group in the financial services industry that helps companies improve their physical and cyber security systems.
“Current perimeter defense approaches are increasingly ineffective against these advanced threats, yielding little real risk reduction,” according to a recent statement by the group, which is planning a conference at the end of the month to help banks and credit card companies share their best security practices.
Image: Casa Fora do Eixo Minas, via Flickr