I recently found an article, written by David
Goldman of CNN, discussing the denial of services attacks against the
banks: Bank of America, JPMorgan Chase, Wells Fargo, US Bank, and PNC
Bank. Security experts say the outages stem from one of the biggest
cyber-attacks they've ever seen. These "denial of service" attacks --
huge amounts of traffic directed at a website to make it crash -- were
the largest ever recorded by a wide margin, according to two
researchers. (Goldman, 2012) These same banks have a great deal of
defenses built to prevent such attacks, but Goldman says this time they
were outgunned.
"The
volume of traffic sent to these sites is frankly unprecedented," said
Dmitri Alperovitch, co-founder of CrowdStrike, a security firm that has
been investigating the attacks. "It's 10 to 20 times the volume that we
normally see, and twice the previous record for a denial of service
attack." To carry out the cyberattacks, the attackers got hold of
thousands of high-powered application servers and pointed them all at
the targeted banks. That overwhelmed Bank of America and Chase's Web
servers on Sept. 19, Wells Fargo and U.S. Bank on Wednesday and PNC on
Thursday.
Goldman
writes, denial of service attacks are an effective but unsophisticated
tool that doesn't involve any actual hacking. No data was stolen from
the banks, and their transactional systems -- like their ATM networks --
remained unaffected. The aim of the attacks was simply to temporarily
knock down the banks' public-facing websites. That level of pre-planning
is a deviation from the kinds of denial of service attacks launched at
banks in the past by so-called "hacktivists." Typically, hacktivists use
home PCs infected with malware to amass their botnets. Attacks on this
scale would be impossible to carry out with home PCs -- users too
frequently turn them off or disconnect them from the Internet.
Cited:
Goldman, David. (2012). CNN: Major Banks hit with biggest cyber-attacks in history. Retrieved at: http://money.cnn.com/2012/09/