Middle East Hackers Attack Websites of Wells Fargo, Chase and Other Large Banks
If you had problems accessing your bank's website this week, you're not alone. Several major banks were hit this week with denial-of-service attacks which can make websites inaccessible. The latest bank to be hit was PNC Bank. Yesterday evening PNC had a "repair in progress" message on its home page. When I tried to access pnc.com this morning, I wasn't able to access anything.
I've been reporting on these issues in this forum thread when rumors first began about a cyberattack. As you might expect, banks kept quiet in reporting the cyberattack. But as the website outages grew, it became apparent that this was a sophisticated cyberattack, and yesterday evening, it was the top story of ABC World News. The news report called it "the most extensive attack on American banks ever - launched from the Middle East - happening right now." In addition to PNC, the banks that have been hit this week include Bank of America, Wells Fargo, Chase and US Bank.
It's important to understand that this cyberattack has no direct effect on your money. There have been no reports that hackers have gained access to customer accounts. The type of attack that we are seeing is what's called a denial-of-service attack. The hackers send a huge amount of traffic to a website which overloads the website and makes it inaccessible for others. One defense that websites use against this attack is to block IP addresses. Hackers can make this defense more difficult by sending traffic from many different IP addresses. This is often done by hijacking thousands of servers with viruses that can be instructed to send traffic to certain websites. This more sophisticated approach is called a distributed denial-of-service (DDoS) attack. New defenses have been developed to guard against DDoS attacks, but hackers keep working on ways to break those defenses. It appears that in this bank DDoS wave of attacks, the hackers took it to the next level. According to this CNNMoney.com article:
Banks get hit by cyberattackers all the time and typically have some of the best defenses against them. This time, they were outgunned.
"The volume of traffic sent to these sites is frankly unprecedented," said Dmitri Alperovitch, co-founder of CrowdStrike, a security firm that has been investigating the attacks. "It's 10 to 20 times the volume that we normally see, and twice the previous record for a denial of service attack."
Even though these cyberattacks don't affect our bank savings, it can make it more difficult for us to conduct our banking business. If you can't quickly access your bank accounts, you might lose money. For example, if it delays an online bill payment, you might be hit with a late fee. Also, if you are trying to close a CD that has matured, a delay could allow the CD to be automatically renewed at a very low rate. This is another reason to avoid waiting to the last day to take care of these transactions.
One thing that can help you deal with these issues is to bookmark your bank's login page. Often the account servers are different than the servers that run the main pages. These DDoS attacks may only affect the bank's main page without affecting the account servers. When an attack is in progress, a bank may put up a temporary front page with links to its login pages. This is what PNC did yesterday.
Denial of service when combined with direction of service can make your live miserable, since the attackers can get your real logging IDs and password without you ever knowing.
How they do it, simple, the denial of service is not obvious until after you type your user ID and you press enter or click on log in, what happens next is that that info can be harvested and you may be directed to a phony server that looks just like the original bank.
Without any suspicions you continue to type your password or other security questions.
And voila, your banking IDs have been stollen. You may never find out by yourself that you have been hacked until your bank account is emptied to an account in Moldova or Russia or China.
The thieves use POS or ACH or WIRE to empty what ever your balance is. All they need to find out is your account number and the well known ABA number from the web pages of your bank.
Chase is especially important to me because I use it as one of my hub accounts, so any compromise of the login id and psw might expose details of other institutions where I bank. The "manage external accts" window displays the name of the linked institution, the routing number and the last 4 of the account.
BOA additionally offers another level of security called Safepass (see "Security Features" at the Customer Service tab), which allows you to optionally use the added measure of security for selected transactions by requiring a 6-digit, one-time-use code to authorize your most sensitive transactions. The SafePass code is a one-time use code sent from Online Banking to your mobile device as a text message (or alternatively you can purchase a device for $19.99 which is always with you and generates a code on the fly). I have not used this feature before but there's no time like the present to start.
Hope the detail on changing logon ids and psws helps other readers make these changes quickly, if they are so inclined.
“When an attack is in progress, a bank may put up a temporary front page with links to its login pages. This is what PNC did yesterday.”
I would never go to any temporary page as you suggested, why, how would you know that the page is authentic and posted from the bank and not the hackers. And how would you know the look of the page should be, and how sure can you be that the page is not re-directing you to the hacker’s logging page.
If something like this happens, I always stay away from that bank until all clear is sounded and I recognize the previous look and feel of the logging pages.
Good post #4.
After reading a little about it, I now understand your point that the intranet system is more privatized than the internet system, but what assures me that it is 100% secure from intruders?