American banks are under attack. Both the enemy’s weapon of choice and its target is the Internet, which is a headache for the institutions — many of the country’s largest — that are fending off persistent assaults on their websites, not to mention customers.
Joe Lieberman, the chairman of the Senate’s homeland security committee, said in a C-Span interview last week that he believed the Iranian government was behind a stream of cyberattacks targeting U.S. financial institutions. Both the Iranian government as well as a group claiming to represent the hackers denied this assertion, although a security expert quoted by the New York Times says web traffic out of Iran increased in recent days, while the attacks have grown in intensity.
The type of attack being carried out is called a distributed denial of service of DDoS. “It’s basically overloading servers to the point when they can no longer function,” says Jacob Jegher, a senior analyst in the banking division of consulting company Celent. “In the highly digital age that we’re currently in, this is the disruption of a customer’s primary access to their financial institution.”
“These attacks were designed to slow the customer experience but their funds and data are secure,” a US Bancorp spokesman told the Times. US Bancorp and PNC are believed to be the latest in a growing list of victims that also includes Bank of America, Chase, Citibank and Wells Fargo, the Times says.
So far, the impact on customers is minimal outside of the hassle factor. DDoS attacks are the prank phone calls of hacking. They’re fairly easy to execute and hugely annoying for the recipients, but they’re so crude that their ability to inflict serious damage is limited. They can’t reach inside a bank’s servers and pull out customer or account information.
“Interrupting a consumer-facing server is very different from diving into back-end systems,” Jegher says. “When you go after customers’ data and personal information, that’s a whole other kind of a war.” In general, it takes more sophisticated hacking to carry out a data breach, which the perpetrators of these recent attacks might or might not be capable of, depending on who they are.
From the banks’ perspective, the sheer number of and coordination behind the attacks is bound to be alarming. “No matter how you look at it, this is bad news,” Jegher says. “For something to shut down what I consider the primary banking channel of U.S. customers is a crazy message.”