DDoS attacks against major U.S. banking websites are continuing this
week, with Wells Fargo, PNC Bank, U.S. Bankcorp all falling victim,
according to reports.
The source of the attacks, which are flooding the websites with so
much traffic that they become unavailable, are still not known, though a
hacktivist group calling itself the "Mrt. Izz ad-Din al-Qassam Cyber
Fighters" reportedly took credit in a Pastebin post, which since has
been removed. It said it launched the attacks out of protest to the
anti-Muslim film "Innocence of Muslims," which has helped spark outrage
in the Middle East against the United States.
That's the same collective that took responsibility for a string of DDoS attacks last week against Bank of America.
Mike Smith, security evangelist at web services provider Akamai, said
DDoS attacks that knock out access to popular commercial websites are
not uncommon.
"This kind of stuff happens all the time," he told SCMagazine.com on
Thursday "Usually people don't talk about them. Over the past couple of
years, people have talked about them because the attackers' intent is to
get publicity. That's where hacktivists come along. For them, it's free public relations."
Smith said it's also possible the latest DDoS attacks are the work of
an organized crime group, or are being launched merely as a distraction
and a way to slow the bank's response to actual fraud taking place. But
this doesn't appear to be the case.
Either way, according to those who have studied this latest round of attacks, they are powerful.
"From what I've been told (I'm not a network security specialist) the
leading DDoS prevention software more or less stops working when the
attacks get larger than 60-70 gigabytes and simply can't handle the
bandwidth of these 100-plus gigabyte attacks," Avivah Litan, vice
president and distinguished analyst of Gartner, wrote in a blog post
on Thursday. "The major ISPs only have a few hundred gigabytes
bandwidth for all their customers, and even if they added more on to
that, the hacktivists could quickly and easily eat the additional
bandwidth up.
As of this writing, one of the attacks appears to be ongoing: The website for PNC Bank is not reachable.
"Our systems are performing well today," Nicole Garrison-Sprenger, a
U.S. Bancorp spokeswoman, told SCMagazine.com. "The attacks yesterday
caused intermittent delays for some consumers visiting our website, but
we can assure customers that their data and funds are secure. These
issues are related to unusual and coordinated high traffic volume
designed to slow down the system -- similar to what other banks have
experienced in the past week.
A spokeswoman for Wells Fargo said its site is back functioning normally.
"We appreciate our customers' patience and apologize for any inconvenience," she said.
No comments:
Post a Comment