Two major money-center banks were hit by mid-September internet-access outages, probably triggered by cyber-attacks. At the same time, a New York Stock Exchange site was hit by what appeared to be a different type of cyber attack.
All of the latest attacks on financial-industry websites seem to be associated with politically-motivated "hactivists." They are a reminder that just because the Anonymous hackers and related groups had been out of the news for a couple of months does not mean that they have gone away.
Bank of America was the first money-center bank to be hit by website problems, suffering "prolonged issues" with website access. The next day, JP Morgan Chase was hit with similar Internet outages.
Analysts for cyber-intelligence firm Flashpoint Partners reported that the Chase attack, at least, appeared to be a "sustained denial-of-service" attack, powered by "a large botnet." A botnet is a network of computers that have been infected and hijacked without the knowledge of their regular users.
Such botnets can be used to flood a website with so many service requests that the site is overloaded and knocked offline. And botnets are a technique associated with the Anonymous hactivist group. But whether the B of A and Chase attacks are related is unclear. The former, but not the latter, was claimed by a group, "Izz ad-din Al quassam Brigades," that said it is acting on behalf of Muslims.
The cyber attack on the NYSE Euronext site, in contrast, used a different type of attack mechanism, a so-called webhive. And credit for this attack was claimed by a group calling itself "SaudiAnonymous1."
A financial industry trade group responded to the latest attacks by raising the cyber threat level from "elevated" to "high."
The real identity of all the attackers remains uncertain, and trade group announcements do not by themselves enhance security. What is fairly certain is that cyber attacks on the financial industry will continue.
