Best of the Week
Most Popular
1. Stock Markets and the History Chart of the End of the World (With Presidential Cycles) - 28th Aug 20
2.Google, Apple, Amazon, Facebook... AI Tech Stocks Buying Levels and Valuations Q3 2020 - 31st Aug 20
3.The Inflation Mega-trend is Going Hyper! - 11th Sep 20
4.Is this the End of Capitalism? - 13th Sep 20
5.What's Driving Gold, Silver and What's Next? - 3rd Sep 20
6.QE4EVER! - 9th Sep 20
7.Gold Price Trend Forecast Analysis - Part1 - 7th Sep 20
8.The Fed May “Cause” The Next Stock Market Crash - 3rd Sep 20
9.Bitcoin Price Crash - You Will be Suprised What Happens Next - 7th Sep 20
10.NVIDIA Stock Price Soars on RTX 3000 Cornering the GPU Market for next 2 years! - 3rd Sep 20
Last 7 days
Further Clues Reveal Gold’s Weakness - 26th Nov 20
Fun Things to Do this Christmas - 26th Nov 20
Industries that Require Secure Messaging Apps - 26th Nov 20
Dow Stock Market Trend Analysis - 25th Nov 20
Amazon Black Friday Dell 32 Inch S3220DGF VA Curved Screen Gaming Monitor Bargain Deal! - 25th Nov 20
Biden the Silver Bull - 25th Nov 20
Inflation Warning to the Fed: Be Careful What You Wish For - 25th Nov 20
Financial Stocks Sector ETF Shows Unique Island Setup – What Next? - 25th Nov 20
Herd Immunity or Herd Insolvency: Which Will Affect Gold More? - 25th Nov 20
Stock Market SEASONAL TREND and ELECTION CYCLE - 24th Nov 20
Amazon Black Friday - Karcher K7 FC Pressure Washer Assembly and 1st Use - Is it Any Good? - 24th Nov 20
I Dislike Shallow People And Shallow Market Pullbacks - 24th Nov 20
Small Traders vs. Large Traders vs. Commercials: Who Is Right Most Often? - 24th Nov 20
10 Reasons You Should Trade With a Regulated Broker In UK - 24th Nov 20
Stock Market Elliott Wave Analysis - 23rd Nov 20
Evolution of the Fed - 23rd Nov 20
Gold and Silver Now and Then - A Comparison - 23rd Nov 20
Nasdaq NQ Has Stalled Above a 1.382 Fibonacci Expansion Range Three Times - 23rd Nov 20
Learn How To Trade Forex Successfully - 23rd Nov 20
Market 2020 vs 2016 and 2012 - 22nd Nov 20
Gold & Silver - Adapting Dynamic Learning Shows Possible Upside Price Rally - 22nd Nov 20
Stock Market Short-term Correction - 22nd Nov 20
Stock Market SPY/SPX Island Setups Warn Of A Potential Reversal In This Uptrend - 21st Nov 20
Why Budgies Make Great Pets for Kids - 21st Nov 20
How To Find The Best Dry Dog Food For Your Furry Best Friend?  - 21st Nov 20
The Key to a Successful LGBT Relationship is Matching by Preferences - 21st Nov 20
Stock Market Dow Long-term Trend Analysis - 20th Nov 20
Margin: How Stock Market Investors Are "Reaching for the Stars" - 20th Nov 20
World’s Largest Free-Trade Pact Inspiration for Global Economic Recovery - 20th Nov 20
Dating Sites Break all the Stereotypes About Distance - 20th Nov 20
Reasons why Bitcoin is Treading at it's Highest Level Since 2017 and a Warning - 19th Nov 20
Media Celebrates after Trump’s Pro-Gold Fed Nominee Gets Blocked - 19th Nov 20
DJIA Short-term Stock Market Technical Trend Analysis - 19th Nov 20
Demoncracy Ushers in the Flu World Order How to Survive and Profit From What Is Coming - 19th Nov 20
US Bond Market: "When Investors Should Worry" - 18th Nov 20
Gold Remains the Best Pandemic Insurance - 18th Nov 20
GPU Fan Not Spinning FIX - How to Easily Extend the Life of Your Gaming PC System - 18th Nov 20
Dow Jones E-Mini Futures Tag 30k Twice – Setting Up Stock Market Double Top - 18th Nov 20
Edge Computing Is Leading the Next Great Tech Revolution - 18th Nov 20
This Chart Signals When Gold Stocks Will Explode - 17th Nov 20
Gold Price Momentous ally From 2000 Compared To SPY Stock Market and Nasdaq - 17th Nov 20
Creating Marketing Campaigns Using the Freedom of Information Act - 17th Nov 20
Stock Market Uptrend in Process - 17th Nov 20
How My Friend Made $128,000 Investing in Stocks Without Knowing It - 16th Nov 20
Free-spending Biden and/or continued Fed stimulus will hike Gold prices - 16th Nov 20
Top Cheap Budgie Toys - Every Budgie Owner Should Have These Safe Bird Toys! - 16th Nov 20
Line Up For Your Jab to get your Covaids Freedom Pass and a 5% Work From Home Tax - 16th Nov 20
You May Have Overlooked These “Sleeper” Precious Metals - 16th Nov 20
Demystifying interesting facts about online Casinos - 16th Nov 20
What's Ahead for the Gold Market? - 15th Nov 20
Gold’s Momentous Rally From 2000 Compared To Stock Market SPY & QQQ - 15th Nov 20
Overclockers UK Quality of Custom Gaming System Build - OEM Windows Sticker? - 15th Nov 20
UK GCSE Exams 2021 CANCELLED! Grades Based on Mock Exams and Teacher Assessments - 15th Nov 20

Market Oracle FREE Newsletter

How to Get Rich Investing in Stocks by Riding the Electron Wave

Mounting Fears of 'Cyber-Pearl-Harbor', Escalating Attacks on Banks

Stock-Markets / Cyber War Oct 23, 2012 - 10:18 AM GMT

By: DK_Matai


Best Financial Markets Analysis ArticleFrom Bank of America to HSBC and from JPMorgan Chase to Wells Fargo bank a growing wave of cyber attacks has disrupted and crippled the customer-facing online presence of some of the biggest and most powerful high-profile Western financial institutions over the past several weeks.  Ally Financial, BB&T, Capital One Financial, PNC Bank, Regions Financial, SunTrust Bank and US Bank have also been targeted.  Customers trying to use the online systems of those banks after the latest digital attacks were denied access or faced long delays.  Some of the digital attacks appear to have originated in Iran and Russia.  Security experts now believe that multiple well-organised digital attackers rather than a single attacker are behind the events that caused day-long slowdowns and, at times, complete online outages at various top banks. 

US Secretary of Defense Cautions Against Cyber-Pearl-Harbor

The US Secretary of Defense Leon Panetta has warned that the country could face a 'Cyber-Pearl-Harbor' in the near future and has drafted new rules which would enable the American military to move quickly to thwart any such attacks.  Panetta is also concerned that the “scale and speed” of the bank attacks is unprecedented.  The digital attacks have continued this week despite a warning from him that America has the ability to determine who is responsible.  Specifically, Panetta said, “Potential aggressors should be aware that the United States has the capacity to locate them and hold them accountable for actions that harm America or its interests” to business executives in New York. 

Panetta also said that Iran has “undertaken a concerted effort to use cyberspace to its advantage.”  Panetta added that digital attacks emanating from foreign soils could paralyse the country's power grid financial networks and transportation system saying that a cyber attack had the potential to "paralyse and shock the nation and create a profound new sense of vulnerability."  "If we detect an imminent threat of attack that will cause significant physical destruction in the United States or kill American citizens, we need to have the option to take action against those who would attack us, to defend this nation when directed by the president," Panetta said in the speech to top business executives in New York. 

Panetta also added that the "Shamoon" virus which attacked Saudi Arabia's state oil company, Aramco, was probably the most destructive attack the business sector has seen to date.  The virus also struck a joint venture between the US oil firm ExxonMobil and state-controlled Qatar Petroleum.  Iran is suspected of taking revenge for US sanctions by targeting oil companies with cyber attacks, knocking out Saudi Arabia’s Aramco’s computers for two weeks.  A disruption to Saudi Arabia's oil exports could cause oil prices to spike from their already elevated prices and tip the fragile global economic recovery into recession.

Need for Emergency Board Meeting

If there ever was a time for any major organisation's board of directors to listen carefully to their Chief Information Officer (CIO) and Chief Information Security Officer (CISO) that time has now arrived.  Call an emergency board meeting and please pay close attention to the advice of your CIO and CISO in regard to online security matters.  Your online reputation, trust in your brand, customer confidence and share price may soon depend on the swiftness of your attention to this urgent matter.  Companies have to be very aware of what’s going on in regard to this latest round of cyber attacks on banks of 100+ billion bytes per second and they have to start thinking about a Plan B and Plan C beyond Plan A if financial chaos is manifest in the near future.

Why the Red Alert? Possible Flash Crash?

The mi2g Intelligence Unit (mIU) and the ATCA 5000 Research & Analysis Wing (A-RAW) have become concerned about the latest round of digital attacks because US and Western large capital financial institutions have some of the best network security defences of any industry. Sustained attacks could disrupt customer confidence in industries beyond banking and may have a much larger cascading fallout given that Systemically Important Financial Institutions -- SIFIs -- are also coming under sustained attack.  The latest campaign of digital attacks appears to have been near-100 percent effective, at least in bringing the targeted financial institutions some level of visible duress.  The attackers are adapting to the banks’ defences and becoming more sophisticated in their tactics with every passing week.  Is it plausible that the next flash crash which manifests in the global financial markets may be traced back to these swiftly escalating cyber attacks? 

Who Is Responsible? And Why?

A hacktivist group calling itself the "Izz ad-Din al-Qassam Cyber Fighters" took credit for the cyber attacks against banking giants in a Pastebin post, which has since been removed.  The group, perhaps Iranian, has claimed that it is protesting the presence of the anti-Islamic video 'Innocence of Muslims' on the Internet, which has helped spark outrage in the Middle East against the United States in particular and the West in general.  There is scepticism that fringe Islamist groups are sufficiently organised to mount these colossal digital attacks on their own without nation-state assistance.

Some of the attacks are apparently linked to hacktivists associated with Anonymous. In a Pastebin post, UK-based Fawkes Security took responsibility for some of the attacks.  "As some of you may be aware HSBC bank suffered several DDoS attacks on the named sites in the past hours they were all brought down by #FawkesSecurity," according to the post. "Before any claim [expletive] attempt to take ownership of this attack, the proof is all in our Twitter account, Targets, time and date :) @FawkesSecurity."

The source of some of the digital attacks, which are flooding the banking websites with so much traffic that they become unavailable, are still not fully known.  United States authorities are used to cyber espionage from Russia and China, but have been surprised by the swift rise in Iran's digital warfare capability.  Based on some limited data samples, some security experts suggest that the Iranian government may be behind the digital attacks against banks and oil companies as opposed to fringe Islamists or hacktivists.  However, further definitive evidence is still needed.  There’s no technical problem in forensically figuring out who did what. The problem remains that can one visit China, Russia or Iran and actually carry out the inspection of their equipment to know what’s really going on?

Why Is 100+ Billion Bytes per Second So Powerful?

There is no denying that the latest round of Distributed Denial of Service -- DDoS -- digital attacks are extremely powerful and unprecedented at 100+ billion bytes or 100+ Giga bytes per second.  The leading DDoS prevention software more or less stops working when the digital attacks get larger than 60-70 Gigabytes per second and simply can't handle the bandwidth of these 100+ Gigabyte per second attacks.  The major ISPs have only a few hundred Giga-bytes per second bandwidth for all their customers, and even if they add more on to that, the hacktivists could quickly and easily overwhelm any additionally allocated bandwidth.

This is an unprecedented escalation because the commercial servers that have been deployed in carrying out the digital attacks have not previously been utilised on such a large scale to deliver 100+ Gigabytes per second attacks.  Along with using commercial servers, digital attackers are overloading bank websites with queries, such as requests to find branch locations, and sending encrypted data packets that bypass traditional defences and intrusion-detection systems.

DDoS attacks that are causing havoc are being launched from just 3,000+ compromised endpoints distributed around the world, all lobbing payloads of multiple megabytes per second that together add up to 100+ Gigabytes per second of a digital cacophony blasting into the banks through their digital plumbing.  DDoS attacks have nearly doubled in frequency and tripled in size during the past year.  The transition from digital attacks using botnets made up of low-bandwidth home computers to high-bandwidth corporate servers has definitely played a role in increasing the average attack bandwidth significantly.  Ahead of the massive digital attacks reconnaissance, probing and scanning to evaluate the banking websites’ effectiveness is routinely taking place to see if they have certain attributes in place.

What Are the Attacks' Objectives?

The sole purpose of the attacks appears to be to disrupt banking customers' ability to access their funds.  The goal of the digital attacks appears neither to have been to steal money, nor to steal personal identity, nor to take information or intellectual property from the financial institutions themselves, but actually to prevent banking customers from doing things that they like to do online from a convenience standpoint. 

Who Is Winning?

Senior officials at some of the banks that have been targeted said that the large scale attacks stopped the day when the perpetrators issued a stop command to the network of computers they had commandeered. The assault stopped because the attackers quit or moved on to other banks, not because the banking groups defeated the attacks.

Firewalls Don't Work

Firewalls can no longer block these sophisticated digital attacks.  In the case of some of the banks, excessive traffic was coming in at a rate of 100+ Gigabytes per second, totally overwhelming the infrastructure.  DDoS and other advanced attacks can't be solved by opening up more bandwidth. The problem is that firewalls, Intrusion Prevention Systems (IPS) and other infrastructure aren't designed to deal with volumetric attacks and they simply freeze up.

What’s the Solution?

Networks need a new "first line of defence" at the perimeter.  The solution may lie in a new type of hardware device designed to sit in front of the firewall.  Its purpose may be to pre-evaluate all traffic and remove unwanted "digital noise" before it can get to the firewall, the IPS, and other points in the infrastructure.  When the nefarious traffic is eliminated, these other devices can do the jobs they are intended to do.  The new hardware device may need to systematically deploy several steps to move successively deeper into the protocol stack to inspect the packets more closely in order to counter more complex issues than any firewall alone may be able to mitigate:

Step 1:  Utilise real-time reputation updates, current geo-location information and real-time threat detection to evaluate inbound traffic. For example, if packets are originating from a country where the network owner doesn't do business -- say China, Russia or Iran -- then the traffic ought to be blocked. 

Step 2:  Limit the frequency rates of self-similar traffic coming into the network from the same source. This would take care of repeated requests for specific pages originating from the same digital location.

Step 3:  Analyse the behaviour of the digital traffic and toss out packets that violate protocol and application usage standards.  Also, look for questionable outbound traffic not conforming to policies and/or standards.

Step 4:  Look for known security issues in the digital traffic. This includes:

            a. buffer overflows;

            b. injections and brute-force password attacks;

            c. random malware and exploits in the payloads; and

            d. advanced evasion techniques such as fragmentation and segmentation that can be used to hide attacks.

By the time traffic has gone through all these extra layers of inspection, it may be sufficiently clean to continue to the second line of defence -- the firewall and the Intrusion Prevention System (IPS). 

Of course, rapid identification and takedown of the offending endpoints conducting the DDoS attacks would be ideal. This ought to be possible as long as there is co-ordination and strong cooperation across countries and internet service providers.  This is not a small feat.  In the meantime, don’t hold your breath waiting for that to happen. Instead, evolve your "first line of defence", evolve multiple online banking relationships, alert your board of directors and get talking to your CIO and CISO straightaway!

We will shortly be conducting two face-to-face roundtables on this subject and if you would like to attend please let us know.

What are your thoughts, observations and views? We are hosting an Expert roundtable on this issue at ATCA 24/7 on Yammer.

By DK Matai

Asymmetric Threats Contingency Alliance (ATCA) & The Philanthropia

We welcome your participation in this Socratic dialogue. Please access by clicking here.

ATCA: The Asymmetric Threats Contingency Alliance is a philanthropic expert initiative founded in 2001 to resolve complex global challenges through collective Socratic dialogue and joint executive action to build a wisdom based global economy. Adhering to the doctrine of non-violence, ATCA addresses asymmetric threats and social opportunities arising from climate chaos and the environment; radical poverty and microfinance; geo-politics and energy; organised crime & extremism; advanced technologies -- bio, info, nano, robo & AI; demographic skews and resource shortages; pandemics; financial systems and systemic risk; as well as transhumanism and ethics. Present membership of ATCA is by invitation only and has over 5,000 distinguished members from over 120 countries: including 1,000 Parliamentarians; 1,500 Chairmen and CEOs of corporations; 1,000 Heads of NGOs; 750 Directors at Academic Centres of Excellence; 500 Inventors and Original thinkers; as well as 250 Editors-in-Chief of major media.

The Philanthropia, founded in 2005, brings together over 1,000 leading individual and private philanthropists, family offices, foundations, private banks, non-governmental organisations and specialist advisors to address complex global challenges such as countering climate chaos, reducing radical poverty and developing global leadership for the younger generation through the appliance of science and technology, leveraging acumen and finance, as well as encouraging collaboration with a strong commitment to ethics. Philanthropia emphasises multi-faith spiritual values: introspection, healthy living and ecology. Philanthropia Targets: Countering climate chaos and carbon neutrality; Eliminating radical poverty -- through micro-credit schemes, empowerment of women and more responsible capitalism; Leadership for the Younger Generation; and Corporate and social responsibility.

© 2012 Copyright DK Matai - All Rights Reserved Disclaimer: The above is a matter of opinion provided for general information purposes only and is not intended as investment advice. Information and analysis above are derived from sources and utilising methods believed to be reliable, but we cannot accept responsibility for any losses you may incur as a result of this analysis. Individuals should consult with their personal financial advisors.

© 2005-2019 - The Market Oracle is a FREE Daily Financial Markets Analysis & Forecasting online publication.

Post Comment

Only logged in users are allowed to post comments. Register/ Log in

6 Critical Money Making Rules