GS Logo
The Green Sheet, Inc

Please Log in

A Thing
View Archives

View flipbook of this issue

Care to Share?

Table of Contents

Lead Story

D.C. taxis at payments crossroads


Industry Update

Pango mobile parking app catching on in Scranton

BlueSnap empowers Game of Thrones Ascent

First EMV-compliant ATMs in U.S. go live


GS Advisory Board:
Insiders' views on new developments, challenges, opportunities in payments - Part 2

Selling Prepaid

Prepaid in brief

Prepaid improves global payroll

10 simple steps to a better IVR

Justin Lemrow
Contact Solutions LLC


What's in a name?

Patti Murphy
ProScribes Inc.

Amid disruption, distribution remains key

Ken Musante
Eureka Payments LLC


Street SmartsSM:
Are terminals an endangered species?

Dale S. Laszig
Castles Technology Co. Ltd.

Data protection laws are global and enforced

Ross Federgreen

Tricks of reading credit card statements

Jeffrey I. Shavitz
Charge Card Systems Inc.

Conquer your to-dos in three simple steps

Jeff Fortney
Clearent LLC

The FDIC responds to Brobot

Nicholas Cucci
Network Merchants Inc.

Company Profile

Clearent LLC

New Products

EMV-ready mobile device



Intuit the secret to success


Readers Speak

Resource Guide


A Bigger Thing

The Green Sheet Online Edition

June 24, 2013  •  Issue 13:06:02

previous next

The FDIC responds to Brobot

By Nicholas Cucci

In response to reports regarding ongoing attacks on the websites of major U.S. financial institutions (FIs), the Federal Deposit Insurance Corp. issued a warning to consumers about distributed denial of service (DDoS) attacks. I wrote about this series of DDoS attacks, which began in September 2012, in "Brobot strikes again," The Green Sheet, April 8, 2013, issue 13:04:02.

Botnets run amok

I mentioned in "Brobot strikes again" that a DDoS attack occurs when a third party hijacks a machine or network of machines to run botnets that flood a web service to cause a temporary outage and thereby deny legitimate users access to the site. Botnets are connected via the Internet and can communicate with one another to perform tasks; they can be used for good or ill.

This series of attacks is attributed to the hactivist group Izz ad-Din al-Qassam Cyber Fighters, which uses a group of botnets, called Brobot, to carry out the assaults. In addition to FIs, three online gaming websites were also targeted.

Consumer fears addressed

In "What To Know if Criminals Disrupt a Bank's Internet Service" published in the Spring 2013 edition of FDIC Consumer News, the FDIC endeavored to provide useful information to the public and alleviate consumers' fears. It also noted that banks are required to notify the public if sensitive data is ever breached during attacks such as these.

"The motive behind most denial-of-service attacks to date has been to damage the targeted institution's reputation by keeping customers from accessing its website or online banking system and causing people to believe something is seriously wrong with the bank," said Michael Benardo, Manager of the FDIC's Cyber Fraud and Financial Crimes Section. "In reality, denial-of-service attacks to date have done little more than temporarily inconvenience Internet banking customers."

The full bulletin can be found at

Consumers whose access to online banking has been disrupted have expressed their concerns about this on social media sites such as Facebook and Twitter. FIs have responded to their customers' tweets and posts in an effort to confirm that their money is safe.

Banks have also stated that if an online banking portal goes down, it does not mean people cannot access their money; they have other ways to reach their FIs, including via mobile device, ATM and call center.

There have been three phases of DDoS attacks attributed to Izz ad-Din al-Qassam so far, and with each phase, the attacks are stronger and more concentrated. As of mid-May 2013, the group appeared to be on a temporary hiatus. What is truly dangerous is that it could be attacking multiple sites at once and staying under the radar without divulging its intentions or what it may be searching for. Will there be a fourth wave?

Another data breach

On April 26, LivingSocial Inc. was also breached, though the intrusion does not seem to be related to Brobot. As of April 29, no credit card numbers had been reported stolen. According to, 50 million customers' accounts may have been compromised, and LivingSocial sent them an e-mail notification informing them of the cyber-attack. It is not yet known how the breach occurred and what pieces of information were stolen.

Nicholas Cucci is the Director of Marketing for Network Merchants Inc., a graduate of Benedictine University and a licensed Certified Fraud Examiner. Cucci is also a member of the Advisory Board and Anti-Fraud Technology Committee for the Association of Certified Fraud Examiners, as well as a member of the Electronic Transactions Association's Risk, Fraud and Security Committee. NMI builds e-commerce payment gateways for companies that want to process transactions online in real time anywhere in the world. Contact him at

Notice to readers: These are archived articles. Contact names or information may be out of date. We regret any inconvenience.

previous next

Spotlight Innovators:

North American Bancard | USAePay | Impact Paysystems | Board Studios