A group of hacktivists under the name OpUSA have put American financial institutions on alert with threats of a widespread distributed denial of service (DDoS) attack on May 7 targeting banks and government entities.
The DDoS attack, which effectively disrupt certain services such as websites or online banking access by flooding servers with traffic, have gained notoriety in recent years by online activist groups that either wish to make a political statement or worse, mask attempts to infiltrate security and gain access to sensitive information. And at the very least, the online outages DDoS attacks cause can lead to headaches for customers and staff that wish to access the financial institution online for regular business.
“It doesn’t surprise me that DDoS is on the rise, mainly because of the growing global zombie population (botnets),” says Chris Banta, Safe Systems manager of managed services. “Fortunately from what I’ve seen, the more publicized ‘scary’ distributed denial of service attacks tend to have minimal impact when compared to the less visible and more complex attacks.”
In the case of OpUSA, the organization plotting the attack has made its intent fairly clear. As a Data Breach Today post highlights:
Anonymous has said the attacks are being waged because of perceived social and political injustices. In an April 21 Pastebin post, it states: “Anonymous will make sure that this May 7th will be a day to remember. On that day Anonymous will start phase one of operation USA. America, you have committed multiple war crimes in Iraq, Afghanistan, Pakistan, and recently you have committed war crimes in your own country.”
The group goes on to say U.S. financial institutions will be targeted for attack. “Do not take this as a warning,” the post states. “You cannot stop the Internet hate machine from doxes, DNS attacks, defaces, redirects, DDoS attacks, database leaks and admin takeovers.”
The White House and several other government entities were also listed as potential targets of the May 7 attack.
For banks, which are already a prime target for hackers, DDoS attacks can either be a simple inconvenience blocking customers and staff from accessing certain services, or they can be the entry point to much bigger data breaches. Safe Systems partner Gladiator Enterprise Information Systems is aware of the May 7 OpUSA attack, and has indicated that it is more of the political nature and is meant as more of an annoyance than opportunistic grab for sensitive banking data and assets.
With regard to this type of website-crippling DDoS attack, 2013 has thus far been a bad year for the nation’s largest banks. In a six-week span leading up to March 31, the websites of 15 of the largest banks experienced collective downtime of about 249 hours, according to an InformationWeek report. To put that in perspective, those same banks only experienced about 140 hours of downtime throughout all of 2012.