Skip Links

Theories mount on bank attacks, but experts stress defense

Defense and response key to BofA and JPMorgan attacks, say security experts, one noting: 'It's probably going to get worse before it gets better'

By Taylor Armerding, CSO
September 25, 2012 08:15 AM ET

CSO - The unexplained outages last week on the public websites of Bank of America and JPMorgan Chase have led to as many as five theories about the source.

15 of the worst data breaches

However, security experts say the most important thing for financial institutions is not so much the source of attacks, but an effective defense against them, along with an incident response and recovery plan.

"We will always have to deal with hacking, breaches, new malware variants and new attack technique -- they are facts of life as we know it today," said Rob Kraus, director of research for managed security service provider Solutionary's Security Engineering Research Team (SERT).

The attacks were not catastrophic -- the problems at both Bank of America and JPMorgan Chase were relatively brief and intermittent. But Bill Pennington, chief strategy officer at WhiteHat Security, told InformationWeek that last week's attacks may be only the beginning. "It's probably going to get worse before it gets better," he said.

Still, much of the buzz was about trying to figure out where they came from. Sen. Joseph Lieberman (I-Conn), chairman of the Senate Homeland Security Committee, offered Theory One last week in an interview on C-SPAN's Newsmakers, saying he believes a unit of Iran's Revolutionary Guard Corps was behind the disruptions.

Lieberman gave no evidence to support the claim, and Iran denied it, claiming the U.S. was trying to "demonize" Iran, but there is certainly motive. As Bloomberg and other outlets reported, the U.S. has been leading the imposition of economic sanctions on Iran, trying to slow or stop its capability to build a nuclear weapon.

There is also the admission by U.S. officials several months ago that the U.S. was involved with Israel in efforts to sabotage Iran's nuclear program with a computer worm labeled Stuxnet. The malware temporarily took out nearly 1,000 of the 5,000 centrifuges Iran had spinning at the time to purify uranium.

[See also: Cybercriminals build massive banking fraud system in the cloud]

The Washington Post, citing unnamed U.S. intelligence and industry officials, reported last month, "Iranian cyberforces attempted to disrupt the Web sites of oil companies in the Middle East by routing their efforts through major U.S. telecommunications companies, including AT&T and Level 3."

"The effort did not cause serious disruptions, but it was the largest attempted denial-of-service attack against AT&T 'by an order of magnitude,' said one of the industry officials," the Post reported.

The second theory comes from a message on Pastebin claiming to be from "cyber fighters of Izz ad-din Al qassam" -- the military wing of Hamas, the Islamic party that governs the Gaza Strip --  declaring that it would attack Bank of America and the New York Stock Exchange (NYSE) as a first step in a campaign against "American-Zionist Capitalists," and that the "attack will continue until the Erasing of that nasty movie" -- a reference to a trailer of the independent film "Innocence of Muslims," which Muslims say insults the prophet Mohammed.

Our Commenting Policies
Latest News
rssRss Feed
View more Latest News