Economy

Cyber Attacks on U.S. Banks Expose Computer Vulnerability

http://www.bloomberg.com/news/2012-09-28/cyber-attacks-on-u-s-banks-expose-computer-vulnerability.html

Cyber attacks on the biggest U.S. banks, including JPMorgan Chase & Co. (JPM) and Wells Fargo (WFC) & Co., have breached some of the nation’s most advanced computer defenses and exposed the vulnerability of its infrastructure, said cybersecurity specialists tracking the assaults. The attack, which a U.S. official yesterday said was waged by a still-unidentified group outside the country, flooded bank websites with traffic, rendering them unavailable to consumers and disrupting transactions for hours at a time...The group started almost two weeks ago with test attacks that triggered multiple alerts. The assault on financial firms began last week, starting with JPMorgan, Citigroup Inc. (C) and Charlotte, North Carolina-based Bank of America Corp., moving successively this week to Wells Fargo, U.S. Bancorp (USB) and yesterday, PNC Financial Services Group Inc. (PNC)...

Such a sustained network attack ranks among the worst-case scenarios envisioned by the National Security Agency, according to the U.S. official, who asked not to be identified because he isn’t authorized to speak publicly. The extent of the damage may not be known for weeks or months, said the official, who has access to classified information...“The nature of this attack is sophisticated enough or large enough that even the largest of the financial institutions would find it difficult to defend against,” Rodney Joffe, senior vice president at Sterling, Virginia-based security firm Neustar Inc. (NSR), said in a phone interview. While the group is using a method known as distributed denial-of-service, or DDoS, to overwhelm financial-industry websites with traffic from hijacked computers, the attacks have taken control of commercial servers that have much more power, according to the specialists...

...The assault, which escalated this week, was the subject of closed-door White House meetings in the past few days, according to a private-security specialist who asked not to be identified because he’s helping to trace the attacks. President Barack Obama’s administration is circulating a draft executive order that would create a program to shield vital computer networks from cyber attacks, two former U.S. officials with knowledge of the effort said earlier this month. The U.S. Senate last month failed to advance comprehensive cybersecurity legislation and the administration is contemplating using the executive order because it’s not certain that Congress can pass a cybersecurity bill, the officials said...

A group calling itself Izz ad-Din al-Quassam Cyber Fighters claimed responsibility for the assault in a statement posted to the website pastebin.com, saying it was in response to a video uploaded to Google Inc.’s YouTube, depicting the Prophet Muhammad in ways that offended some Muslims. The initial planning for the assault pre-dated the video controversy, making it less likely that it inspired the attacks, according to Alperovitch and Joffe, both of whom have been tracking the incidents. A significant amount of planning and preparation went into the attacks, they said. “The ground work was done to infect systems and produce an infrastructure capable of launching an attack when it was needed,” Joffe said.

MORE

Hackers May Have Had Help With Attacks on U.S. Banks, Researchers Say

http://bits.blogs.nytimes.com/2012/09/27/hackers-may-have-had-help-with-attacks-on-u-s-banks-researchers-say/

The hackers claiming responsibility for cyberattacks on American banks over the past week must have had substantial help to disrupt and take down major banking sites, security researchers say...A hacker group, which calls itself the Izz ad-Din al-Qassam Cyber Fighters, took credit for the attacks in online posts. They enlisted volunteers for the attacks with messages on various sites. On one blog, they called on volunteers to visit two Web addresses that would cause their computers to instantly start flooding targets — including the New York Stock Exchange, Nasdaq and Bank of America — with hundreds of data requests each second. This week, hackers asked volunteers to attack banks according to a defined timetable: Wells Fargo on Tuesday, U.S. Bancorp on Wednesday and PNC on Thursday...Security researchers say the attack methods being peddled by hackers — the custom-built Web sites — were too basic to have generated the disruptions.

“The number of users you need to break those targets is very high,” said Jaime Blasco, a security researcher at AlienVault who has been investigating the attacks. “They must have had help from other sources.”

Those additional sources, Mr. Blasco said, would have to be a well-resourced group, like a nation state, or botnets — networks of infected zombie computers that do the bidding of cybercriminals. Botnets can be rented via black market schemes that are common in the Internet underground, or loaned out by cybercriminals or governments....

GOOD OLD LIEBERMAN (I-AIPAC) BLAMES IRAN, OF COURSE...