The Green Sheet Online Edition
June 24, 2013 • Issue 13:06:02
The FDIC responds to Brobot
In response to reports regarding ongoing attacks on the websites of major U.S. financial institutions (FIs), the Federal Deposit Insurance Corp. issued a warning to consumers about distributed denial of service (DDoS) attacks. I wrote about this series of DDoS attacks, which began in September 2012, in "Brobot strikes again," The Green Sheet, April 8, 2013, issue 13:04:02.
Botnets run amok
I mentioned in "Brobot strikes again" that a DDoS attack occurs when a third party hijacks a machine or network of machines to run botnets that flood a web service to cause a temporary outage and thereby deny legitimate users access to the site. Botnets are connected via the Internet and can communicate with one another to perform tasks; they can be used for good or ill.
This series of attacks is attributed to the hactivist group Izz ad-Din al-Qassam Cyber Fighters, which uses a group of botnets, called Brobot, to carry out the assaults. In addition to FIs, three online gaming websites were also targeted.
Consumer fears addressed
In "What To Know if Criminals Disrupt a Bank's Internet Service" published in the Spring 2013 edition of FDIC Consumer News, the FDIC endeavored to provide useful information to the public and alleviate consumers' fears. It also noted that banks are required to notify the public if sensitive data is ever breached during attacks such as these.
"The motive behind most denial-of-service attacks to date has been to damage the targeted institution's reputation by keeping customers from accessing its website or online banking system and causing people to believe something is seriously wrong with the bank," said Michael Benardo, Manager of the FDIC's Cyber Fraud and Financial Crimes Section. "In reality, denial-of-service attacks to date have done little more than temporarily inconvenience Internet banking customers."
The full bulletin can be found at www.fdic.gov/consumers/consumer/news/cnspr13/cyberattacks.html.
Consumers whose access to online banking has been disrupted have expressed their concerns about this on social media sites such as Facebook and Twitter. FIs have responded to their customers' tweets and posts in an effort to confirm that their money is safe.
Banks have also stated that if an online banking portal goes down, it does not mean people cannot access their money; they have other ways to reach their FIs, including via mobile device, ATM and call center.
There have been three phases of DDoS attacks attributed to Izz ad-Din al-Qassam so far, and with each phase, the attacks are stronger and more concentrated. As of mid-May 2013, the group appeared to be on a temporary hiatus. What is truly dangerous is that it could be attacking multiple sites at once and staying under the radar without divulging its intentions or what it may be searching for. Will there be a fourth wave?
Another data breach
On April 26, LivingSocial Inc. was also breached, though the intrusion does not seem to be related to Brobot. As of April 29, no credit card numbers had been reported stolen. According to PCMag.com, 50 million customers' accounts may have been compromised, and LivingSocial sent them an e-mail notification informing them of the cyber-attack. It is not yet known how the breach occurred and what pieces of information were stolen.
Nicholas Cucci is the Director of Marketing for Network Merchants Inc., a graduate of Benedictine University and a licensed Certified Fraud Examiner. Cucci is also a member of the Advisory Board and Anti-Fraud Technology Committee for the Association of Certified Fraud Examiners, as well as a member of the Electronic Transactions Association's Risk, Fraud and Security Committee. NMI builds e-commerce payment gateways for companies that want to process transactions online in real time anywhere in the world. Contact him at firstname.lastname@example.org.
Notice to readers: These are archived articles. Contact names or information may be out of date. We regret any inconvenience.