GS Logo
The Green Sheet, Inc

Please Log in

A Thing
View Archives

View flipbook of this issue

Care to Share?

Table of Contents

Lead Story

Bitcoin - viable currency or flash in the pan?

Patti Murphy
ProScribes Inc.


Industry Update

Court smacks Fed over debit interchange rules

FTC continues industry scrutiny

Double-billing causes headaches

The rise of loyalty



Interoperability, security issues dog mobile payments

Selling Prepaid

Prepaid in brief

InComm reinvents POS as digital payments hub


No doomsday for debit despite Durbin decision

Patti Murphy
ProScribes Inc.


Street SmartsSM:
Five keys to successful partnerships

Dale S. Laszig
Castles Technology Co. Ltd.

Strengthen your sales muscle memory

Jeff Fortney
Clearent LLC

Vacation over, hacktivists return

Nicholas Cucci
Network Merchants Inc.

Company Profile

The TAS Group Inc.

North American Bancard LLC

New Products

Turning a new leaf at the POS

LeafPresenter v2

Keeping payment simple

VeriFone Point


Readers Speak

Resource Guide


A Bigger Thing

The Green Sheet Online Edition

August 26, 2013  •  Issue 13:08:02

previous next

Vacation over, hacktivists return

By Nicholas Cucci

A group that has dubbed itself the al-Qassam Cyber Fighters boasted in late July the beginning of "phase four" of its distributed denial-of-service (DDoS) attacks against U.S. banks. The hacktivist group had not attacked American banks since early May 2013.

The attacks are retaliation for the continued availability on YouTube of a video clip the group has deemed offensive to Islam.

In a July 23 Internet post, the group stated it plans to disrupt the service of American banks until all clips of the film are removed from YouTube. "Planning in the new phase will be a bit different and you'll feel this in the coming days," the post stated. For more details, see

JPMorgan Chase & Co., U.S. Bancorp, and Regions Financial Corp. reportedly have all had intermittent issues since July 24. A DDoS attack on July 27 was aimed at Regions, which stated on its website that customers may have had difficulty using their debit cards.

The DDoS was a large-scale attack and had the potential to affect many customers. However, the issue lasted only two hours. "Attacks like this have not been uncommon this year for us or, frankly, for any other major banks," Regions Bank spokesman Mel Campbell told

The outage at Chase on July 24 was heavy in the early morning, stopped in the late morning and ramped up again in the afternoon, said a DDoS expert who asked to remain anonymous. The outages at Regions Bank followed the same pattern.

Growing bigger and shorter

According to Arbor Networks Inc., at the end of 2012 the average size of DDoS attacks was around 1.77 Gigabits per second (Gbps), reflecting 19 percent growth over comparable attacks in 2011.

Following are a few recent statistics from Arbor regarding DDoS attacks:

Arbor also found that attacks are shorter, with most lasting less than one hour. Packet-per-second attack sizes have diminished, reversing the strong growth seen from late 2011 through 2012.

"The increasing volume of highly visible attacks - including a mix of politically motivated attacks, state-sponsored electronic warfare, social activism, organized crime, and good old-fashioned pointless mischief and mayhem - is being driven by the easy availability of bots/botnets for hire and easily distributed crowd-sourced attack tools," stated Jeff Wilson, Principal Network Security Analyst with Infonetics Research, in Arbor's announcement.

Mitigating risk

How can you fight DDoS? You can't prevent an attack; it is out of your control; everyone is vulnerable. DDoS attacks are cheap to launch and expensive and tough to battle. Yet, enterprise-level companies can mitigate the risk.

DDoS prevention systems direct traffic through a wider bandwidth, but they won't protect against everything. Addressing and securing bottlenecks inside a corporate network will help.

Also, be aware of application-layer attacks. Unfortunately, this type can be hard to track. Keep potential DDoS attacks such as user datagram protocol flooding and TCP (transmission control protocol) SYN (synchronization packet) floods in check.

These attacks are typically spoofed rather than accomplished by using real Internet protocol addresses from real machines that run complete application transactions.

Another option is to use third-party services, such as those provided by Akamai Technologies Inc., VeriSign Inc. and CloudFlare Inc. for DDoS protection. Even cloud-based protection is now available.

Nicholas Cucci is the Director of Marketing for Network Merchants Inc., a graduate of Benedictine University and a licensed Certified Fraud Examiner. Cucci is also a member of the Advisory Board and Anti-Fraud Technology Committee for the Association of Certified Fraud Examiners, as well as a member of the Electronic Transactions Association's Risk, Fraud and Security Committee. NMI builds e-commerce payment gateways for companies that want to process transactions online in real time anywhere in the world. Contact him at

Notice to readers: These are archived articles. Contact names or information may be out of date. We regret any inconvenience.

previous next

Spotlight Innovators:

North American Bancard | USAePay | Board Studios