A silent war is being waged between suspected Middle Eastern hackers and major US banks. In recent days, Wells Fargo, Bank of America, U.S. Bank, JP Morgan Chase and Citigroup have all been targeted by aggressive cyber attacks. Bank representatives assure the public that customer account information hasn’t been compromised during this wave of cyber assaults. Instead, the cybercriminals overwhelmed the banks’ website servers and caused downtime where users couldn’t log into online banking. Your money is safe, for now, but the attacks highlight gaping holes in the financial sector’s defenses. Security experts and consumers alike are worried that the situation could escalate.
DDOS Attack Committed by Hamas Group?
The cyber assaults, which began on September 19 when Bank of America’s website was shut down, are a type of hacking known as Distributed Denial of Service (DDOS). In a DDOS attack, hackers generate high volumes of false traffic to overwhelm a website’s servers. These malicious hits crash the system and prevent legitimate users from accessing the site. According to DailyFinance.com, banks are popular targets for DDOS attacks, but the recent hacking efforts are unprecedented. Dmitri Alperovitch, a cyber security consultant and co-founder of the online defense firm CrowdStrike, told DailyFinance.com that the current DDOS wave has shattered records.
“It’s 10 to 20 times the volume that we normally see, and twice the previous record for a denial of service attack,” Alperovitch said. Due to the scope of the attack, Alperovitch told the media, it’s likely that the perpetrators were planning and organizing for months.
And who are the hackers behind this troubling cyber crime wave? Experts are certain that
the attacks originated in the Middle East and the Izz ad-Din al-Qassam Cyber Fighters, an Islamic hacker group associated with Hamas, is openly claiming responsibility. The Los Angeles Times reports that the Cyber Fighters posted an online manifesto on Tuesday, stating that the DDOS attacks won’t let up until a controversial anti-Islam YouTube video is taken down. The same video has stirred extremists throughout the Middle East to riot against the US.
However, online security experts are divided about whether the Cyber Fighters actually coordinated the attacks or if they’re merely taking credit for someone else’s digital dirty work. Alperovitch believes the Cyber Fighters are responsible, but another expert, Radware’s Ronen Kenig, thinks the group isn’t sophisticated enough to organize such a ferocious attack. US Senator Joe Lieberman, Chairman of the Senate’s Homeland Security Committee, suggested that Iran executed the assault as retaliation for economic sanctions.
Experts Assure Consumers Their Money is Safe
Whether the Cyber Fighters, Iran or another group are behind the DDOS attacks, one thing’s for sure. Even with an FBI warning, the US banks hit by the hackers weren’t ready. They couldn’t neutralize the attack. The Los Angeles Times reports that one financial executive, who spoke on conditions of anonymity, described a “war room” where the Department of Homeland Security was working with bankers to coordinate their defense efforts.
“The banks put a lot of effort into cyber security. But they’re so desirable as a target, even with all that effort they still have problems,” said James Lewis, an expert at the Center for Strategic and International Studies in Washington, told the Times.”If you can pull together enough resources, you can overwhelm any defense temporarily.”
Two more anonymous bankers told the Times that their banks were monitoring website activity in case the DDOS attacks were a diversion for fraudulent money transfers. A warning issued by the FBI on September 17 stated that hackers were executing a phishing campaign “to compromise financial institution networks and obtain employee login information.”
Despite the security concerns exposed by these attacks, banking officials reminded the public that customer account information — usernames, passwords, account balances or other private data — has not been touched by the hackers. Millions of people who use electronic banking weren’t able to access their bank’s website during the extensive DDOS attacks, but their money remained safe.
We’ll be following this story and provide updates as they become available. In the meantime, Scambook recommends that consumers who bank with Wells Fargo, Bank of America, U.S. Bank, JP Morgan Chase or Citigroup should take a few extra security precautions in the wake of this hacking epidemic.
Take Action to Boost Your Own Online Security
1. Change your account password. We advise users to change their account passwords every 3 months, regardless, but the DDOS attacks on these major banks is a sinister reminder that Internet security is vital. Watch our video about How to Create a Secure, Unique Password Even your Ex Can’t Hack or use password generating software like LastPass.
2. Check your bank account online every day. We can’t emphasize this enough. Unless your bank’s website is unavailable because it’s being hacked, there’s no excuse to avoid monitoring your account activity. Make it part of your morning or evening routine. Remember, the sooner you spot suspicious activity in your account, the sooner you can dispute it (click here to learn how to dispute an unauthorized charge). Most online banking websites will let you enable Email or Text Message Alerts to notify you about suspicious activity. Take advantage of this feature.
3. Make sure your computer has anti-virus software that’s up to date and always turned on. Think of anti-virus software like the seat belt of your car. Never use your computer without it. If you don’t already have anti-virus software, you can download programs like Avira or AVG for free. Keep your software installed, turned on and always updated. Scan your PC regularly.
For more information about Internet threats, click here to browse the Scambook Blog’s Online/Social Media & Software category. If you’ve been affected by a hacker, click here to file a complaint report and share your story with others.