Home

Hackers Attack BoA and Chase Banking Sites, Press Overreacts (As Usual)

Hackers appear to have targeted both Bank or America and JPMorganChase with DDoS attacks, but despite what some media outlets want you to think, the attacks really aren't something to worry about, according to CIO.com blogger Constantine von Hoffman. Here's why.
Reasonable Doubter
By Constantine von Hoffman, CIO

monsters-inc-we-scare-because-we-care.jpg
The press tried to raise U.S. hysteria to OMG levels this week when reports of problems at two American banks’ websites were linked to the deadly protests going on across the Middle East. Everyone–meaning mostly my fellow journalists–needs to calm the [EXPLETIVE DELETED] down. Even if this turns out to be true the hackers’ greatest accomplishment will have been to cause some minor inconveniences.

Bank of America and JPMorganChase both experienced slowdowns on their online banking sites, which were supposedly caused by distributed denial of service (DDoS) attacks. This caused The Financial Services Information Sharing and Analysis Center to send out an advisory that raised the cyber-threat level to “high” from “elevated.” The center is widely known as FS-ISAC but will be hereafter referred to as Fizzy Isaac. So, Fizzy Isaac cited “recent credible intelligence regarding the potential” for cyber attacks as its reason for the move.

Just as all this virtual feces hit the newswires a hacktivist group (or someone posing as one) claimed credit for the deeds. The “cyber fighters of Izz ad-din Al qassam” posted a message on Pastebin claiming the attacks were meant to target “properties of American-Zionist capitalists.” A planned attack on the New York Stock Exchange was also mentioned in the message, though no news has so far surfaced of any such attack.

The net result of this: Not much at all. I did some online banking on Bank of America’s site yesterday and didn’t notice a thing. Out of curiosity I went to Chase.com, and it also seemed just fine. Both banks apologized via Twitter for some slowdowns, so I will take them at their words that something did indeed happen.

The press did its best to turn this into something more than it was:

For some reason, perhaps it was the Romney video, the promise of a Lindsay Lohan/Kim Kardashian alliterative cat fight or those pictures of Princess Her Majesty Kate walking around topless, Mr. and Ms. America didn’t get very worked up about this. Good for them. It is a rare occasion when we pass on the chance at a hate-filled attack about how hate-filled someone else’s religion is.

A question for Fizzy Isaac: What is the point of raising the threat level? Here’s the thing about IT security, it either works or it doesn’t. There is no low-medium-high setting on these programs. With physical security you can actually change things if you think you are at greater risk, but not so here in cyberland. If a company’s infosecurity is any good there is no online equivalent to putting more guards on duty. If there’s something more an IT security team can do then it is already failing. There should be no more hatches to batten down.

And, to my colleagues in the press, better luck with the next panic.