Seven days after Bank of America instituted a hugely unpopular $5 fee for debit card use and six days into widespread reports from customers about error messages, slow service and other problems accessing the home page or other parts of the bank’s website, speculation is mounting that this isn’t just a technical glitch. Bank of America spokeswoman Tara Burke says, “The Bank of America online banking site is largely operating normally,” although the home screen up on Wednesday morning warned of potential delays in service. This is just “a disclosure of possible issues,” she says. People are taking to the blogosphere and social networking sites to gripe about website-related issues and ask: Is this the work of hackers?
Bank of America has repeatedly denied that any sort of malfeasance is going on and has said very little else. “It’s not a result of malware or denial of service … or an attack,” Burke says. “We’re not going to go into further detail.” The absence of a fuller explanation is leading customers — as well as some security experts — to come up with possible explanations of their own.
“What is most likely happening is a distributed denial-of-service attack,” says Greg Reber, CEO of AsTech Consulting. Also referred to as a DDoS, this happens when hackers send out malware that puts a program into poorly protected computers. At a set time, all those machines will try to log onto the same webpage at once with the intention of overwhelming the targeted site.
“I don’t believe it,” says Reber of the bank’s denial that hackers or malware are involved. “The timing just doesn’t lend itself to belief. They know what they’re doing as far as installing websites.”
Yesterday, CNBC.com corresponded with Bank of America’s Burke. “She says the access problems are a result of the bank managing traffic volume during peak use,” the site reported.
“To me it would make sense only if they were getting more traffic than they expected, more than they ever expected. The next logical step is that they are under a DDoS,” Reber says.
Steve Santorelli, director of global outreach at Internet security company Team Cymru, says it would be “pure speculation” to declare Bank of America a victim of hackers. But while he says that a glitch or tech problem could be benign, “you would assume a significant company has the resources to deal with legitimate traffic.”
“The amount of firepower to take down a website isn’t necessarily as much as you think,” Santorelli says. He adds, though, that hackers often like to publicize their work and brag about their exploits, and no person or group has taken responsibility for Bank of America’s web woes.
“There also have been a few arrests recently so that might be quitting the ‘look what I did kind of movement’ until after the fact, because if it’s still going on you can trace attackers back through the chain of machines they’re using,” Reber says.
Whether hackers are the source of the problem or not, there’s no denying that anger over financial misdeeds, characterized by the “Occupy Wall Street” protests that are taking place in New York City and elsewhere, has reached a fever pitch. Whatever the cause of the problem, Bank of America has a lot of frustrated customers on its hands during a time of intense anti-bank sentiment.
Even politicians have weighed in on the debit-fee flap, and nonprofit group Consumers Union issued a call for a federal investigation into the fee. President Obama said in an interview with George Stephanopoulos, “[Banks] don’t have some inherent right just to — you know, get a certain amount of profit. … This is exactly the sort of stuff that folks are frustrated by.”
Senator Richard Durbin (D-IL), architect of the legislation that led to the debit “swipe fee” cap, reminded consumers that they have other options. On the Senate floor, he called the new debit fee an “outrage” and said, “Bank of America customers, vote with your feet, get the heck out of that bank. Find yourself a bank or credit union that won’t gouge you for $5 a month.”