The Fraud Blog with Tracy Kitten

Occupy: How Much of a Threat? Financial Institutions Should Be Concerned About Hacks
Occupy: How Much of a Threat?

They also claim the nation's power is out of balance, with the country's wealthiest 1 percent controlling 99 percent of the population.

Now Occupy demonstrators say they plan to march on five of the nation's biggest banks and financial firms in New York. Thousands of demonstrators are expected Oct. 28 to protest in front of the headquarters of Bank of America, Morgan Stanley, Wells Fargo, Citigroup and JPMorgan Chase.

With many of their members proudly describing them as leaderless, any range of behaviors is possible. 

And it's not just physical protests that are garnering attention. Earlier this month, in the name of support for the Occupy Boston protests and the International Day of Action Against Police Brutality, hacktivists at Anonymous claimed they hacked the Boston Police Patrolmen's website and e-mail server to leak the names, e-mail addresses and passwords of Boston officers.

Anonymous claimed the hack was waged in response to "the unprovoked mass arrests and brutality experienced by those at Occupy Boston. ... Let this be a warning to BPD and police everywhere: Future acts of aggression against our movements will be met with a vengeance."

How concerned should banks be about what happened in Boston? Could financial institutions be the next targets of Occupy sympathizers?

In short: Yes.

Investment banks and their leaders have been obvious targets. Just this week, CabinCr3w, an Anonymous group, published personal contact information for Bank of America CEO Brian Moynihan, on its Tumblr blog. Moynihan now joins the ranks of CitiGroup CEO Vikram S. Pandit and Goldman Sachs Chairman Lloyd Blankfien, both of whom CabinCr3w has already targeted and exposed personal information about, all in the name of support for Occupy Wall Street.

James Van Dyke, president and founder of Javelin Strategy & Research, who visited Occupy Boston, says the Occupy movement is a tricky one. "With many of their members proudly describing them as leaderless, any range of behaviors is possible," he says.

But Occupy is not just a conglomerate of disparate voices and demonstrators. Banks and credit unions should be prepared for cyber and even physical attacks.

Van Dyke, who also blogged about his experiences, says banks need to be careful. "With affiliated efforts, such as Huffington Post's MoveYourMoneyProject.org, some hacktivists may be motivated to deface sites in order to encourage people to move funds out of large bank sites."

But banks have, up to this point at least, chosen to do nothing. They aren't even talking about the Occupy Movement. One bank told me it is staying "as far away" from the Occupy issue as possible.

Phil Blank, who works in Javelin's Security, Risk and Fraud Practice, says banks and credit unions should take action, by tuning their marketing messages and relying on social media to communicate with consumers. "Right now, some financial institutions are perceived to be stonewalling," he says.

"Demonstrate that you have heard the occupy protesters," Blank says. "Perhaps reduce the debit charges (temporarily suspend them) or educate in a non-confrontational manner why the financial industry believes that these are necessary."

And given the financial community's lack of acknowledgment, the "stonewalling" perception will only grow.

I agree communication through social networks is advisable. But banks have to be careful they don't come across as passing the proverbial buck, especially when it comes to debit fees, mortgage concerns or general consumer discontent.

Remember, memories of big-bank bailouts have not faded. Sympathy is not something institutions are likely to receive from even their most loyal customers and members.

Banks also need to reinforce their lines of defense, and basically maintain security checks they should already be conducting. We all have to be prepared for an attack, like the one that hit Boston police.

Make sure firewalls are patched and up-to-date, and have plans in place for if a hack does occur. Run network and server-based intrusion-detection systems, and just stay on your toes.

The best piece of advice from Blank: "Don't antagonize by being in the 'crosshairs.'"



About the Author

Tracy Kitten

Tracy Kitten

Executive Editor, BankInfoSecurity & CUInfoSecurity

A veteran journalist with more than 18 years' experience, Kitten has covered the financial sector for the last 11 years. Before joining Information Security Media Group in 2010, where she now serves as the Executive Editor of BankInfoSecurity and CUInfoSecurity, she covered the financial self-service industry as the senior editor of ATMmarketplace, part of Networld Media. Kitten has been a regular speaker at domestic and international conferences, and was the keynote at ATMIA's U.S. and Canadian conferences in 2009. She has been quoted by CNN.com, ABC News, Bankrate.com and MSN Money.




Around the Network