Download: Fast, Fun, Awesome

Tuesday, 9 October 2012

Wave of attacks against U.S. banks shows evolution of Hackers

The wave of cyber attacks against U.S. financial institutions dropped this week but the recent demonstrations have shown that improved techniques can still cause a lot of headaches.

Attacks against Wells Fargo, U.S. Bancorp, PNC Financial Services Group, Citigroup, Bank of America and JPMorgan Chase managed to irritate consumers trying to use the sites to perform regular operations of internet banking. But dealing with sites for clients is only a small part of the complex banking systems, which consist sometimes of thousands of back-end applications - which are constantly exploited by attackers, said Scott Hammack, CEO of Prolexic, a company specializing in defense of denial of service (DDoS).

The attackers "did their homework with regard to these big companies," said Hammack. "They found many weaknesses and attacks are very focused on these weak links."

The Prolexic is in a unique position to closely observe these attacks, because financial institutions victimized by scams from last week are your customers - although a confidentiality agreement does not allow the provider to confirm this information.

The attacks have consumed up to 70 Gbps (gigabits per second) of bandwidth, well beyond the 1 Gbps to 10 Gbps that large companies tend to rent, said Schölly. "There are few companies that can afford to buy this kind of service," said Schölly.

After a few minutes after the onset of an attack, routing configurations DNS (Domain Name System) and BGP (Border Gateway Protocol) is used to redirect traffic to malicious Prolexic in central London, Hong Kong, San Jose ( California) and Ashburn (Virginia). The bad traffic is filtered and the blow is not passed on to customers. But that does not mean that all cases of a site are immediately resolved.

Hackers are using between six and eight different types of attacks from small armies of compromised computers. These botnets are mostly from the U.S. and China, countries with large numbers of outdated computers, making the machines vulnerable to attacks that install DDoS toolkits.

The Prolexic identified one of these kits as "itsoknoproblembro" in a recent statement, but declined to say whether the tool was used in an attack last week.

Criminals are taking steps to make each computer within the malicious botnets seem different. The Prolexic attacker tries to identify a computer by its "signature," or a set of characteristics that make it unique. But, if these parameters vary over time, it is more difficult to block an attack.

A wide range of IP addresses used by banks also hinders the defense, since crackers test attack techniques against different ports and applications, latency and how long the bank's systems slow to respond.

"It's not like protecting a small shop with a single IP [address] and a pair of doors," Hammack said.

Executives at Prolexic not speculate on the motives of the attacks or what group was responsible, but Hammack said he gets "frustrated when people say that this is just an attack by a boy in an apartment in New York."

This really begs the Question, "Is online Banking Safe? ".