It's not as though attackers are going after the little guys. Banks hit so far include Bank of America, Citigroup, Wells Fargo, U.S. Bancorp, PNC Financial, Capital One, JPMorgan Chase, SunTrust Banks, Fifth Third Bank, BB&T and HSBC.
So far, none of the banks have lost customer data or had accounts compromised, but they have suffered downtime during which customers were denied online access and other disruptions of online operations.
As Infoworld has reported, banks have been attacked since last September. The denial of service attacks are coming from a self-proclaimed hactivist group called Izz ad-Din al-Qassam Cyber Fighters, which I have no prayer of saying three times fast. Iran denies all connection to the group and no one believes the denials. What else is new?
What is new is the relative sophistication of the attacks, which are coming not from botnets of compromised computers but from hijacked Web servers in data centers. They generate as much as 70 gigabits per second of traffic, enough to topple the sites of our largest banks. Traditional security technology, including firewalls, intrusion prevention systems and anti-malware software are useless against these attacks.
Understandably, the banks have gone to the National Security Agency (NSA) for help - which in turn has raised the hackles of privacy advocates who dislike the prying eyes of the G-men inside financial institutions, even for a good cause.
E-mail: [email protected] Phone: 703-359-0700