Explaining DDoS to Consumers

Banks Work to Balance Communication with Risk Mitigation

By , January 8, 2013.
Explaining DDoS to Consumers

Leading institutions are increasingly taking steps to mitigate fraud risks and online banking site outages linked to distributed-denial-of-service attacks. But they are struggling to find a balance between keeping customers informed and giving attackers too much publicity, experts say.

See Also: Actionable Threat Intelligence: From Theory to Practice

"When the attacks are acknowledged, the hacktivists seem to thrive on that," says Bill Nelson of the Financial Services Information Sharing and Analysis Center. "It's a propaganda war going on."

But the Office of the Comptroller of the Currency has suggested banking institutions ensure incident-response strategies involve timely communication with consumers.

"As part of their contingency planning process, banks should be prepared to provide timely and accurate communication to their customers regarding Web site problems, risks to customers, precautions customers can take, and alternate delivery channels that will meet their banking needs," the regulatory alert stated.

Banking institutions' communication with customers about the attacks, however, has varied widely. And fraud expert Avivah Litan, a Gartner Research analyst, contends that some banks have not done enough to communicate with consumers.

"Banks do need to have a clear, explicit communication plan for customers that addresses concerns they will undoubtedly have," Litan says. "This is the big elephant in the room that the banks do not want to deal with. They don't want to call attention to the fact that they are undergoing DDoS attacks that they can't always prevent and withstand."

New Activity

The hacktivist group Izz ad-Din al-Qassam Cyber Fighters again this week posted an update on the open forum Pastebin, promising more attacks against U.S. banks.

On the morning of Jan. 8, the group promised more DDoS attacks in protest of a YouTube video deemed offensive to Muslims. "Perhaps more attacks make them wiser to be able to choose a simpler solution," the Pastebin post states. "Dissatisfaction of customers of the banking services is increasing, but, by contrast, the banks responsibility about the disruptions of their activities is reducing day by day."

On Jan. 1, the hacktivist group, which has taken credit for DDoS attacks that have struck U.S. banks since mid-September, bragged on Pastebin that it had successfully interrupted online service to nine leading U.S. banks since the kickoff of its second campaign in early December. The group also put other institutions on notice: "Rulers and officials of American banks must expect our massive attacks! From now on, none of the U.S. banks will be safe from our attacks."

Since the hacktivists' Jan. 1 update, BB&T, Fifth Third Bank and Ally Financial Corp. have confirmed online banking access issues related to high volumes of traffic consistent with a DDoS attack. In addition, PNC confirmed sporadic site access issues, but it did not specify the cause.

The hacktivist group took credit for December attacks against JPMorgan Chase, Bank of America, Citigroup, Wells Fargo, U.S. Bancorp, PNC Financial Services Group, BB&T Corp., Suntrust Banks and Regions Financial Corp. The group says the attacks have been waged to protest a YouTube video deemed offensive to Muslims (see 5 Banks Targeted for New DDoS Attacks.)

In December, Regions and SunTrust were the only institutions named by the hacktivists for which abnormal traffic patterns could not be confirmed. And during the first campaign, which ran from mid-September to mid-October, all of the same institutions were affected, as well as HSBC Holdings and Capital One.

Banks Offer Updates

On Jan. 3, Fifth Third spokeswoman Barbara Grimsley said high volumes of traffic hit the bank's website during the early part of the week, but that online access issues were only temporary.

"This slowdown has not impacted customer accounts," Grimsley said. "This situation appears to only be isolated to 53.com and does not involve customer data. Customer account information is secure."

Follow Tracy Kitten on Twitter: @FraudBlogger

  • Print
  • Tweet Like LinkedIn share
Get permission to license our content for reuse in a myriad of ways.
ARTICLE Senate Intel Panel OK's Info-Sharing Bill

The Senate Intelligence Committee has passed a cyberthreat information sharing bill known as CISA,...

Latest Tweets and Mentions

ARTICLE Senate Intel Panel OK's Info-Sharing Bill

The Senate Intelligence Committee has passed a cyberthreat information sharing bill known as CISA,...

The ISMG Network