Why your bank’s website might go down soon, and why hackers seem unstoppable

Have some critical online banking transactions to do? You might want to plan them for a Monday or Friday. A group of malicious hackers is having its way with online banks lately, seemingly knocking sites offline at will. The latest victims are HSBC and Ally Bank, but virtually every major bank has been targeted by the group since the attacks began five weeks ago.

The attacks seem straight out of a movie plot: An anonymous note is posted online — usually on a Monday or early Tuesday — declaring that week’s victims. The targets then are besieged at some point during that Tuesday through Thursday stretch. On Friday, the group seems to rest.

“Do you want attacks to be stopped? Stop the insults,” the group declared in last week’s warning message. “Insults” refers to the now infamous “Innocence of Muslims” online video that was initially blamed for last month’s mob attack on the U.S. mission in Benghazi, Libya. (This week’s attack targets, if there are any, have not yet been published).

The bank attacks are remarkable because they seem unstoppable, even with advance warning. Just how bad are banks suffering at the hands of attackers? Rodney Joffe, senior technologist at Internet infrastructure provider Neustar, said the best some banks can do to prepare is to have a sincere-sounding apology at the ready, backed up with a plan B that points customers to an alternative method of communication such as a call center.

“There is in fact no way to defend against it properly,” said Joffe, who has helped banks try to recover from the attacks.  “We can mitigate the attacks to some extent, but it is very difficult to keep systems up…This is one of our worst nightmares.”

The criminals identify themselves in their warnings as the “al-Qassam Cyber Fighters,” purportedly part of Hamas’ al Qassam military wing. The basic attack is nothing new:  It’s a denial of service attack designed to make the banking websites unavailable. Bank sites are flooded with bogus Internet traffic so they are overwhelmed, and can only give the equivalent of a busy signal to customers.  But these attacks are very different, experts say, because of the sheer amount of bogus traffic that’s generated.

 

NBC News has the full article

You may also like...