This
article repeats the nonsense that the attacks came from Iran.
Attacks
that have tied up bank websites show U.S. financial institutions'
vulnerability to electronic terrorism
27
September, 2012
A
shadowy but well organized hacker group in the Middle East has
disrupted the electronic banking operations of America's largest
financial institutions in recent days, underscoring U.S.
vulnerability to online terrorism.
A
group identifying itself as Izz ad-Din al-Qassam Cyber Fighters
attacked the websites of Wells Fargo, U.S. Bancorp and Bank of
America. The strikes left customers temporarily unable to access
their checking accounts, mortgages and other services.
The
banks said account and personal information for their tens of
millions of online and mobile customers were not compromised. Still,
experts said the size and ferociousness of the attacks highlight the
broader threat posed by electronic crime and the susceptibility of
financial targets.
Iran
is behind bank cyber attacks, Sen. Joe Lieberman believes
U.S.
Bancorp working with feds ahead of threatened cyber attack
Wells
Fargo is latest victim in cyber attack spree
Of
particular concern, experts said, is that the attackers used the
Internet to warn the institutions ahead of time — but the banks
still couldn't repel the assaults.
"The
banks put a lot of effort into cyber security. But they're so
desirable as a target, even with all that effort they still have
problems," said James Lewis, an expert at the Center for
Strategic and International Studies in Washington. "If you can
pull together enough resources, you can overwhelm any defense
temporarily."
The
attacks on banks began last week on the largest institutions in the
country: JPMorgan Chase, Citigroup and Bank of America. They spread
to Wells Fargo on Tuesday and U.S. Bank on Wednesday. Another attack
has been threatened against PNC Financial Services on Thursday.
The
U.S. government and banks have been working feverishly to learn more
about the attackers. A financial executive not authorized to speak
publicly described a "war room" where bankers were
coordinating efforts with the Department of Homeland Security
Izz
ad-Din al-Qassam is the name of the military wing of Hamas, the
political party that governs the Gaza Strip. Experts say the attacks
appear to have originated from the Middle East, thought it isn't
clear who is behind them or the motivation.
However,
on Tuesday the group posted a manifesto on the Internet saying
attacks would continue until a video insulting the Islamic prophet
Muhammad was removed from the Internet. That video, "Innocence
of Muslims," has caused violent clashes in the Middle East, and
led to the attack of the U.S. embassy in Libya.
Dmitri
Alperovitch, a computer security expert investigating the recent
attacks, said they are the latest in a series of cyber assaults by
the group. The attacks were not only on financial firms, he said,
although he declined to identify other industries. Alperovitch said
Izz ad-Din al-Qassam has demonstrated "advanced capabilities."
He
said it was unlikely that the anti-Islamic video alone had triggered
the attacks. He said his firm, CrowdStrike Inc., has linked the group
to attacks on other targets since January, long before the trailer
for the anti-Islamic film was posted on YouTube.
Wells
Fargo, based in San Francisco, had intermittent service interruptions
all day Tuesday, distressing many of its 21 million online customers.
Similar
problems occurred Wednesday at U.S. Bank. The Minneapolis-based bank
said it was experiencing unusually high Web traffic and that the
coordinated attacks were "very similar" to those at other
major banks. "We are working very closely with federal law
enforcement," spokesman Tom Joyce said.
Pittsburgh-based
PNC, facing the threatened attack on Thursday, was preparing for the
worst. "We've seen the posting" on the Internet, PNC
spokesman Fred Solomon said. "We're taking appropriate
measures."
Security
consultant Alperovitch said the volume of phony demands on bank sites
was two to three times heavier than previous records for denial of
service attacks, and 10 to 20 times higher than the average such
attack. Still, the onslaught so far has had a "very limited
impact," resulting in only brief shutdowns of websites.
"The
attacks, while very, very large and historic in that sense, are not
super sophisticated," he said. Although evidence points to a
group "certainly of Middle Eastern origin," his company
could not tell whether a state or private group was behind the
attacks.
Some
speculation centered on whether Iran might be retaliating for
economic sanctions placed on the country because of its nuclear
program and enforced by U.S. banks.
"I
don't believe these were just hackers," Senate Homeland Security
Committee Chairman Joe Lieberman (I-Conn.) said last week in an
interview on C-SPAN's "Newsmakers" program. "I think
this was done by Iran and the Quds Force," a secretive Iran
military unit blamed for terrorist activity.
Lieberman
was observing Yom Kippur and could not be reached Wednesday. The FBI
and Justice Department declined to comment on the origin of the
attacks.
Two
bankers, who spoke on condition of anonymity, said their banks were
also on the alert for cyber thieves who might use the attacks as a
diversion.
In
a Sept. 17 bulletin, the FBI had warned of "a new trend in which
cyber criminal actors are using spam and phishing emails … to
compromise financial institution networks and obtain employee login
information."
The
bulletin said hackers have used denial of service attacks as
distractions at times when they have logged in to bank systems using
credentials of bank executives and then have transferred funds. This
happened mainly at small banks and credit unions, but also some big
ones, the bulletin said.
Electronic
banking is an important new frontier for banks, which say it saves
them on transaction costs while making it easy for customers to run
their financial lives. So disruptions like these this week can
deliver a huge negative jolt.
Dani
Walter, 21, a media student at Oregon State University, said she was
unable to access U.S. Bank via the Internet from about 8 a.m. until
noon Wednesday.
Walter
said her money was untouched, but she remained worried about how
future attacks could hurt the financial system.
"I
was surprised that [so] many banks are that vulnerable to it,"
she said. "Honestly, if they can do that, it does make me worry
that they could compromise accounts too."
Lieberman
pushes Obama to
issue cybersecurity executive
order
27
September, 2012
Independent
Sen. Joe Lieberman’s cybersecurity bill failed to gain majority
support in the Senate in August, but now he is pushing for President
Obama to issue an executive order to compensate.
Lieberman
was the lead co-sponsor of the failed Cybersecurity Act of 2012, a
controversial bill that sought to give the federal government
regulatory control over the cybersecurity standards of water, power
and utility companies.
Republicans,
who offered their own preferred cybersecurity bills, battled the
Democrats on the issue all the way to the August congressional
recess.
In
a letter to President Barack Obama Monday, Lieberman urged
the
administration to use the president’s “executive authority to the
maximum extent possible to defend the nation from cyber
attack.” (RELATED: White
House nears completion of cybersecurity executive order)
DHS
Secretary Janet Napolitano testified
in
a congressional hearing last week, stating that the order is “close
to completion.”
No comments:
Post a Comment
Note: only a member of this blog may post a comment.