ATTACKS ON 6 BANKS FRUSTRATE CUSTOMERS
[[A los banqueros les gusta jugar con fuego
pero temen quemarse en él. Hugo]]
Published:
NYT September 30, 2012
http://www.nytimes.com/2012/10/01/business/cyberattacks-on-6-american-banks-frustrate-customers.html?_r=0
Six major American banks were hit in
a wave of computer attacks last week, by a group claiming Middle Eastern ties,
that caused Internet blackouts and delays in online banking.
---------------
[[ Here the version from well-known Iranofobics, servants of
Mossad and the neocons of Israel in the US: “The targets of last week’s
computer attacks included Wells Fargo, JPMorgan Chase and Citibank. Some,
including Senator Joseph I. Lieberman, have pointed accusations at Iran in the
attacks, and one expert said Iran must at least have been aware of them.”]]
-----------------
Frustrated customers of Bank of America, JPMorgan Chase, Citigroup, U.S.
Bank, Wells Fargo and PNC, who could not get access to their accounts or pay
bills online, were upset because the banks had not explained clearly what was
going on.
“It was probably the least impressive corporate
presentation of bad news I’ve ever seen,” said Paul Downs, a small-business
owner in Bridgeport, Pa. “This is extremely disconcerting.”
The banks suffered denial of service attacks, in which hackers barrage a Web
site with traffic until it is overwhelmed and shuts down. Such attacks, while a
nuisance, are not technically sophisticated and do not affect a company’s
computer network — or, in this case, funds or customer bank accounts. But they
are enough to upset customers.
A hacker group calling itself Izz ad-Din al-Qassam Cyber Fighters — a
reference to Izz ad-Din al-Qassam, a Muslim holy man who fought against
European forces and Jewish settlers in the Middle East in the 1920s and 1930s —
took credit for the attacks in online posts.
The group said it had attacked the banks in retaliation for
an anti-Islam video that mocks the
Prophet Muhammad. It also pledged to continue to attack American credit and
financial institutions daily, and possibly institutions in France, Israel and
Britain, until the video is taken offline. The New York Stock Exchange and
Nasdaq were also targeted.
On Friday, PNC became the latest bank to experience delays and fall offline.
Customers said they had been unable to get access to PNC’s online banking site,
and those that visited the bank’s physical locations were told it was because
PNC, and many others, had been hacked.
Fred Solomon, a PNC spokesman, said Friday afternoon that the bank’s Web
site was back online, but that it was still working to restore online bill
payment. Asked why the bank was not better able to withstand such an attack, he
said that while PNC had systems in place to prevent delays and disruption from
hacker attacks, in this case “the volume of traffic was unprecedented.”
Representatives for other banks also confirmed that they had experienced
slow Internet performance and intermittent downtime because of an unusually
high volume of traffic.
Security researchers said the attack methods were too basic to have taken so
many American bank sites offline. The hackers appeared to be enlisting
volunteers for the attacks with messages on various sites. On
one blog, they called on people to visit two Web
addresses that would cause their computers to flood banks with hundreds of data
requests a second. They asked volunteers to attack banks according to a
timetable: Wells Fargo on Tuesday, U.S. Bancorp on Wednesday and PNC on
Thursday.
But experts said it seemed implausible that this method would create an attack
of this scale. “The number of users you need to break those targets is very
high,” said Jaime Blasco, a security researcher at AlienVault who has been
investigating the attacks. “They must have had help from other sources.”
Those sources, Mr. Blasco said, would have to be a group with money, like a
nation, or botnets — networks of infected computers that do the bidding of
criminals. Botnets can be rented through black market schemes that are common
in the Internet underground, or lent out by criminals or governments.
Last week, Senator Joseph I. Lieberman of Connecticut, chairman of the
Senate Homeland Security Committee,
said
in an interview on C-Span that he believed Iran’s government had
sponsored the attacks in retaliation for Western economic sanctions. The hacker
group rejected that claim. In an online post, it said the attacks had not been
sponsored by a country and that its members “strongly reject the American
officials’ insidious attempts to deceive public opinion.”
The hackers maintained that they were retaliating for the online video.
“Insult to the prophet is not acceptable, especially when it is the last
Prophet Muhammad,” they wrote.
It is very difficult to trace such attacks back to a particular country,
security experts say, because they can be routed through different Internet
addresses to mask their true origin.
But experts said they had seen an increase in such activity from Iran and in
the number of so-called hacktivists, hackers who attack for political purposes
rather than for profit, based in Iran.
“We absolutely have seen more activity from the Middle
East, and in particular Iran has been increasingly active as they build up their
cyber capabilities,” said George Kurtz, the president of CrowdStrike, a
computer security company, and former chief technology officer at McAfee.
“There is also a strong activist movement underfoot, which should be concerning
to many large companies. The threat is real, and what we are seeing now is only
the tip of the iceberg.”
James A. Lewis, a computer security expert at the Center for Strategic and
International Studies, said that in this case, the attack methods used were
“pretty basic” to have been state-sponsored. But he added that even if the
attacks were not the work of Iran’s government, the state would be aware of
them because Iran monitors its networks extensively.
For Mr. Downs, the small-business owner in Pennsylvania, such half explanations
were of little consolation.
“A major bank has a problem and gives no indication of
what’s happening, when it started or when it will stop,” he said. “That’s
pretty freaky if it’s your own business’s money and you need to do things with
it.”
===============
No hay comentarios:
Publicar un comentario