Bank of America and JPMorganChase both experienced slowdowns on their online banking sites, which were supposedly caused by distributed denial of service (DDoS) attacks. This caused The Financial Services Information Sharing and Analysis Center to send out an advisory that raised the cyber-threat level to “high” from “elevated.” The center is widely known as FS-ISAC but will be hereafter referred to as Fizzy Isaac. So, Fizzy Isaac cited “recent credible intelligence regarding the potential” for cyber attacks as its reason for the move.
Just as all this virtual feces hit the newswires a hacktivist group (or someone posing as one) claimed credit for the deeds. The “cyber fighters of Izz ad-din Al qassam” posted a message on Pastebin claiming the attacks were meant to target “properties of American-Zionist capitalists.” A planned attack on the New York Stock Exchange was also mentioned in the message, though no news has so far surfaced of any such attack.
The net result of this: Not much at all. I did some online banking on Bank of America’s site yesterday and didn’t notice a thing. Out of curiosity I went to Chase.com, and it also seemed just fine. Both banks apologized via Twitter for some slowdowns, so I will take them at their words that something did indeed happen.
The press did its best to turn this into something more than it was:
- Cyberattack warning prompted by Bank of America, JPMorgan Chase website
- Chase, NYSE Websites Targeted in Cyber Attacks
- Chase Bank Is Second to be Hit with Cyber-Attack In Response to “Sacrilegious yada yada”
For some reason, perhaps it was the Romney video, the promise of a Lindsay Lohan/Kim Kardashian alliterative cat fight or those pictures of Princess Her Majesty Kate walking around topless, Mr. and Ms. America didn’t get very worked up about this. Good for them. It is a rare occasion when we pass on the chance at a hate-filled attack about how hate-filled someone else’s religion is.
A question for Fizzy Isaac: What is the point of raising the threat level? Here’s the thing about IT security, it either works or it doesn’t. There is no low-medium-high setting on these programs. With physical security you can actually change things if you think you are at greater risk, but not so here in cyberland. If a company’s infosecurity is any good there is no online equivalent to putting more guards on duty. If there’s something more an IT security team can do then it is already failing. There should be no more hatches to batten down.
And, to my colleagues in the press, better luck with the next panic.