Cyber Attacks on Banks Expose U.S. Infrastructure Vulnerability

September 27, 2012 10:44PM ET | Bloomberg
(Bloomberg) — Cyber attacks on the biggest U.S. banks, including JPMorgan Chase & Co.and Wells Fargo & Co., have breached some of the nation’s most advanced computer defenses and exposed the vulnerability of its infrastructure, said cybersecurity specialists tracking the assaults.
Bank Attacks
The group started almost two weeks ago with test attacks that triggered multiple alerts. The assault on financial firms began last week, starting with JPMorgan, Citigroup Inc. and Charlotte, North Carolina-based Bank of America Corp., moving successively this week to Wells Fargo, U.S. Bancorp and yesterday, PNC Financial Services Group Inc.
If the financial industry, which spends more on Internet security than any other industry and has its largest and most extensive defenses, can’t handle this, it’s not clear whether any critical-infrastructure industry can, the analysts said
The U.S. Senate last month failed to advance comprehensive cybersecurity legislation and the administration is contemplating using the executive order because it’s not certain that Congress can pass a cybersecurity bill, the officials said.
Inadequate Defenses
That hackers telegraphed their intentions and targets shows the difficulty industries and governments face in keeping up with fast-moving network threats, said Atif Mushtaq, senior staff scientist with FireEye Inc., a Milipitas, California-based security firm.
“They had already declared they would hit these banks at these times, and still we are seeing that these banks are not able to handle these DDoS attacks,” Mushtaq said. “It’s clear that the current infrastructure under the control of these banks is not good enough.”
There’s no sign the attacks are going to stop, Alperovitch and Joffe said.
A broader or more sustained denial of service attack could shake consumer confidence in the banking industry, Joffe said.
Bad Timing
“If banking infrastructure was affected in this way for an extended period of time, the natural outcome of that is a loss of faith,” he said. “If you can’t get to your banking site for three or four hours on a day when you have to do things, you start thinking about what are my alternatives because this might happen again.”
The banking industry worries about an organization with more resources launching attacks, said Ed Powers, head of security and private issues for U.S. financial firms at Deloitte & Touche LLP.
“This is coming toward the end of the month; it’s badly timed,” Joffe said. “People have to pay bills today and tomorrow.”

Leave a Reply

Your email address will not be published. Required fields are marked *