Best of the Week
Most Popular
1. Market Decline Will Lead To Pension Collapse, USD Devaluation, And NWO - Raymond_Matison
2.Uber’s Nightmare Has Just Started - Stephen_McBride
3.Stock Market Crash Black Swan Event Set Up Sept 12th? - Brad_Gudgeon
4.GDow Stock Market Trend Forecast Update - Nadeem_Walayat
5.Gold Significant Correction Has Started - Clive_Maund
6.British Pound GBP vs Brexit Chaos Timeline - Nadeem_Walayat
7.Cameco Crash, Uranium Sector Won’t Catch a break - Richard_Mills
8.Recession 2020 Forecast : The New Risks & New Profits Of A Grand Experiment - Dan_Amerman
9.Gold When Global Insanity Prevails - Michael Ballanger
10.UK General Election Forecast 2019 - Betting Market Odds - Nadeem_Walayat
Last 7 days
US Treasury Bonds Pause Near Resistance Before The Next Rally - 18th Oct 19
The Biggest Housing Boom in US History Has Just Begun - 18th Oct 19
British Pound Brexit Chaos GBP Trend Forecast - 18th Oct 19
Stocks Don’t Care About Trump Impeachment - 17th Oct 19
Currencies Show A Shift to Safety And Maturity – What Does It Mean? - 17th Oct 19
Stock Market Future Projected Cycles - 17th Oct 19
Weekly SPX & Gold Price Cycle Report - 17th Oct 19
What Makes United Markets Capital Different From Other Online Brokers? - 17th Oct 19
Stock Market Dow Long-term Trend Analysis - 16th Oct 19
This Is Not a Money Printing Press - 16th Oct 19
Online Casino Operator LeoVegas is Optimistic about the Future - 16th Oct 19
Stock Market Dow Elliott Wave Analysis Forecast - Video - 16th Oct 19
$100 Silver Has Come And Gone - 16th Oct 19
Stock Market Roll Over Risk to New highs in S&P 500 - 16th Oct 19
10 Best Trading Schools and Courses for Students - 16th Oct 19
Dow Stock Market Short-term Trend Analysis - 15th Oct 19
The Many Aligning Signals in Gold - 15th Oct 19
Market Action Suggests Downside in Precious Metals - 15th Oct 19
US Major Stock Market Indexes Retest Critical Price Channel Resistance - 15th Oct 19
“Baghad Jerome” Powell Denies the Fed Is Using Financial Crisis Tools - 15th Oct 19
British Pound GBP Trend Analysis - 14th Oct 19
A Guide to Financing Your Next Car - 14th Oct 19
America's Ruling Class - Underestimating Them & Overestimating Us - 14th Oct 19
Stock Market Range Bound - 14th Oct 19
Gold, Silver Bonds - Inflation in the Offing? - 14th Oct 19
East-West Trade War: Never Take a Knife to a Gunfight - 14th Oct 19
Consider Precious Metals for Insurance First, Profit Second... - 14th Oct 19
Stock Market Dow Elliott Wave Analysis Forecast - 13th Oct 19
The Most Successful IPOs Have This One Thing in Common - 13th Oct 19
Precious Metals & Stock Market VIX Are Set To Launch Dramatically Higher - 13th Oct 19
Discovery Sport EGR Valve Gasket Problems - Land Rover Dealer Fix - 13th Oct 19
Stock Market US Presidential Cycle - Video - 12th Oct 19
Social Security Is Screwing Millennials - 12th Oct 19
Gold Gifts Traders With Another Rotation Below $1500 - 12th Oct 19
US Dollar Index Trend Analysis - 11th Oct 19
China Golden Week Sales Exceed Expectations - 11th Oct 19
Stock Market Short-term Consolidation Does Not change Secular Bullish Trend - 11th Oct 19
The Allure of Upswings in Silver Mining Stocks - 11th Oct 19
US Housing Market 2018-2019 and 2006-2007: Similarities & Differences - 11th Oct 19
Now Is the Time to Load Up on 5G Stocks - 11th Oct 19
Why the Law Can’t Protect Your Money - 11th Oct 19
Will Miami be the First U.S. Real Estate Bubble to Burst? - 11th Oct 19
How Online Casinos Maximise Profits - 11th Oct 19
3 Tips for Picking Junior Gold Stocks - 10th Oct 19
How Does Inflation Affect Exchange Rates? - 10th Oct 19
This Is the Best Time to Load Up on These 3 Value Stocks - 10th Oct 19
What Makes this Gold Market Rally Different From All Others - 10th Oct 19
Stock Market US Presidential Cycle - 9th Oct 19

Market Oracle FREE Newsletter

Stock Market Trend Forecast Oct - Dec 2019 by Nadeem Walayat

Mounting Fears of 'Cyber-Pearl-Harbor', Escalating Attacks on Banks

Stock-Markets / Cyber War Oct 23, 2012 - 10:18 AM GMT

By: DK_Matai

Stock-Markets

Best Financial Markets Analysis ArticleFrom Bank of America to HSBC and from JPMorgan Chase to Wells Fargo bank a growing wave of cyber attacks has disrupted and crippled the customer-facing online presence of some of the biggest and most powerful high-profile Western financial institutions over the past several weeks.  Ally Financial, BB&T, Capital One Financial, PNC Bank, Regions Financial, SunTrust Bank and US Bank have also been targeted.  Customers trying to use the online systems of those banks after the latest digital attacks were denied access or faced long delays.  Some of the digital attacks appear to have originated in Iran and Russia.  Security experts now believe that multiple well-organised digital attackers rather than a single attacker are behind the events that caused day-long slowdowns and, at times, complete online outages at various top banks. 


US Secretary of Defense Cautions Against Cyber-Pearl-Harbor

The US Secretary of Defense Leon Panetta has warned that the country could face a 'Cyber-Pearl-Harbor' in the near future and has drafted new rules which would enable the American military to move quickly to thwart any such attacks.  Panetta is also concerned that the “scale and speed” of the bank attacks is unprecedented.  The digital attacks have continued this week despite a warning from him that America has the ability to determine who is responsible.  Specifically, Panetta said, “Potential aggressors should be aware that the United States has the capacity to locate them and hold them accountable for actions that harm America or its interests” to business executives in New York. 

Panetta also said that Iran has “undertaken a concerted effort to use cyberspace to its advantage.”  Panetta added that digital attacks emanating from foreign soils could paralyse the country's power grid financial networks and transportation system saying that a cyber attack had the potential to "paralyse and shock the nation and create a profound new sense of vulnerability."  "If we detect an imminent threat of attack that will cause significant physical destruction in the United States or kill American citizens, we need to have the option to take action against those who would attack us, to defend this nation when directed by the president," Panetta said in the speech to top business executives in New York. 

Panetta also added that the "Shamoon" virus which attacked Saudi Arabia's state oil company, Aramco, was probably the most destructive attack the business sector has seen to date.  The virus also struck a joint venture between the US oil firm ExxonMobil and state-controlled Qatar Petroleum.  Iran is suspected of taking revenge for US sanctions by targeting oil companies with cyber attacks, knocking out Saudi Arabia’s Aramco’s computers for two weeks.  A disruption to Saudi Arabia's oil exports could cause oil prices to spike from their already elevated prices and tip the fragile global economic recovery into recession.

Need for Emergency Board Meeting

If there ever was a time for any major organisation's board of directors to listen carefully to their Chief Information Officer (CIO) and Chief Information Security Officer (CISO) that time has now arrived.  Call an emergency board meeting and please pay close attention to the advice of your CIO and CISO in regard to online security matters.  Your online reputation, trust in your brand, customer confidence and share price may soon depend on the swiftness of your attention to this urgent matter.  Companies have to be very aware of what’s going on in regard to this latest round of cyber attacks on banks of 100+ billion bytes per second and they have to start thinking about a Plan B and Plan C beyond Plan A if financial chaos is manifest in the near future.

Why the Red Alert? Possible Flash Crash?

The mi2g Intelligence Unit (mIU) and the ATCA 5000 Research & Analysis Wing (A-RAW) have become concerned about the latest round of digital attacks because US and Western large capital financial institutions have some of the best network security defences of any industry. Sustained attacks could disrupt customer confidence in industries beyond banking and may have a much larger cascading fallout given that Systemically Important Financial Institutions -- SIFIs -- are also coming under sustained attack.  The latest campaign of digital attacks appears to have been near-100 percent effective, at least in bringing the targeted financial institutions some level of visible duress.  The attackers are adapting to the banks’ defences and becoming more sophisticated in their tactics with every passing week.  Is it plausible that the next flash crash which manifests in the global financial markets may be traced back to these swiftly escalating cyber attacks? 

Who Is Responsible? And Why?

A hacktivist group calling itself the "Izz ad-Din al-Qassam Cyber Fighters" took credit for the cyber attacks against banking giants in a Pastebin post, which has since been removed.  The group, perhaps Iranian, has claimed that it is protesting the presence of the anti-Islamic video 'Innocence of Muslims' on the Internet, which has helped spark outrage in the Middle East against the United States in particular and the West in general.  There is scepticism that fringe Islamist groups are sufficiently organised to mount these colossal digital attacks on their own without nation-state assistance.

Some of the attacks are apparently linked to hacktivists associated with Anonymous. In a Pastebin post, UK-based Fawkes Security took responsibility for some of the attacks.  "As some of you may be aware HSBC bank suffered several DDoS attacks on the named sites in the past hours us.hsbc.com hsbc.co.uk hsbc.com hsbc.ca they were all brought down by #FawkesSecurity," according to the post. "Before any claim [expletive] attempt to take ownership of this attack, the proof is all in our Twitter account, Targets, time and date :) @FawkesSecurity."

The source of some of the digital attacks, which are flooding the banking websites with so much traffic that they become unavailable, are still not fully known.  United States authorities are used to cyber espionage from Russia and China, but have been surprised by the swift rise in Iran's digital warfare capability.  Based on some limited data samples, some security experts suggest that the Iranian government may be behind the digital attacks against banks and oil companies as opposed to fringe Islamists or hacktivists.  However, further definitive evidence is still needed.  There’s no technical problem in forensically figuring out who did what. The problem remains that can one visit China, Russia or Iran and actually carry out the inspection of their equipment to know what’s really going on?

Why Is 100+ Billion Bytes per Second So Powerful?

There is no denying that the latest round of Distributed Denial of Service -- DDoS -- digital attacks are extremely powerful and unprecedented at 100+ billion bytes or 100+ Giga bytes per second.  The leading DDoS prevention software more or less stops working when the digital attacks get larger than 60-70 Gigabytes per second and simply can't handle the bandwidth of these 100+ Gigabyte per second attacks.  The major ISPs have only a few hundred Giga-bytes per second bandwidth for all their customers, and even if they add more on to that, the hacktivists could quickly and easily overwhelm any additionally allocated bandwidth.

This is an unprecedented escalation because the commercial servers that have been deployed in carrying out the digital attacks have not previously been utilised on such a large scale to deliver 100+ Gigabytes per second attacks.  Along with using commercial servers, digital attackers are overloading bank websites with queries, such as requests to find branch locations, and sending encrypted data packets that bypass traditional defences and intrusion-detection systems.

DDoS attacks that are causing havoc are being launched from just 3,000+ compromised endpoints distributed around the world, all lobbing payloads of multiple megabytes per second that together add up to 100+ Gigabytes per second of a digital cacophony blasting into the banks through their digital plumbing.  DDoS attacks have nearly doubled in frequency and tripled in size during the past year.  The transition from digital attacks using botnets made up of low-bandwidth home computers to high-bandwidth corporate servers has definitely played a role in increasing the average attack bandwidth significantly.  Ahead of the massive digital attacks reconnaissance, probing and scanning to evaluate the banking websites’ effectiveness is routinely taking place to see if they have certain attributes in place.

What Are the Attacks' Objectives?

The sole purpose of the attacks appears to be to disrupt banking customers' ability to access their funds.  The goal of the digital attacks appears neither to have been to steal money, nor to steal personal identity, nor to take information or intellectual property from the financial institutions themselves, but actually to prevent banking customers from doing things that they like to do online from a convenience standpoint. 

Who Is Winning?

Senior officials at some of the banks that have been targeted said that the large scale attacks stopped the day when the perpetrators issued a stop command to the network of computers they had commandeered. The assault stopped because the attackers quit or moved on to other banks, not because the banking groups defeated the attacks.

Firewalls Don't Work

Firewalls can no longer block these sophisticated digital attacks.  In the case of some of the banks, excessive traffic was coming in at a rate of 100+ Gigabytes per second, totally overwhelming the infrastructure.  DDoS and other advanced attacks can't be solved by opening up more bandwidth. The problem is that firewalls, Intrusion Prevention Systems (IPS) and other infrastructure aren't designed to deal with volumetric attacks and they simply freeze up.

What’s the Solution?

Networks need a new "first line of defence" at the perimeter.  The solution may lie in a new type of hardware device designed to sit in front of the firewall.  Its purpose may be to pre-evaluate all traffic and remove unwanted "digital noise" before it can get to the firewall, the IPS, and other points in the infrastructure.  When the nefarious traffic is eliminated, these other devices can do the jobs they are intended to do.  The new hardware device may need to systematically deploy several steps to move successively deeper into the protocol stack to inspect the packets more closely in order to counter more complex issues than any firewall alone may be able to mitigate:

Step 1:  Utilise real-time reputation updates, current geo-location information and real-time threat detection to evaluate inbound traffic. For example, if packets are originating from a country where the network owner doesn't do business -- say China, Russia or Iran -- then the traffic ought to be blocked. 

Step 2:  Limit the frequency rates of self-similar traffic coming into the network from the same source. This would take care of repeated requests for specific pages originating from the same digital location.

Step 3:  Analyse the behaviour of the digital traffic and toss out packets that violate protocol and application usage standards.  Also, look for questionable outbound traffic not conforming to policies and/or standards.

Step 4:  Look for known security issues in the digital traffic. This includes:

            a. buffer overflows;

            b. injections and brute-force password attacks;

            c. random malware and exploits in the payloads; and

            d. advanced evasion techniques such as fragmentation and segmentation that can be used to hide attacks.

By the time traffic has gone through all these extra layers of inspection, it may be sufficiently clean to continue to the second line of defence -- the firewall and the Intrusion Prevention System (IPS). 

Of course, rapid identification and takedown of the offending endpoints conducting the DDoS attacks would be ideal. This ought to be possible as long as there is co-ordination and strong cooperation across countries and internet service providers.  This is not a small feat.  In the meantime, don’t hold your breath waiting for that to happen. Instead, evolve your "first line of defence", evolve multiple online banking relationships, alert your board of directors and get talking to your CIO and CISO straightaway!

We will shortly be conducting two face-to-face roundtables on this subject and if you would like to attend please let us know.

What are your thoughts, observations and views? We are hosting an Expert roundtable on this issue at ATCA 24/7 on Yammer.

By DK Matai

www.mi2g.net

Asymmetric Threats Contingency Alliance (ATCA) & The Philanthropia

We welcome your participation in this Socratic dialogue. Please access by clicking here.

ATCA: The Asymmetric Threats Contingency Alliance is a philanthropic expert initiative founded in 2001 to resolve complex global challenges through collective Socratic dialogue and joint executive action to build a wisdom based global economy. Adhering to the doctrine of non-violence, ATCA addresses asymmetric threats and social opportunities arising from climate chaos and the environment; radical poverty and microfinance; geo-politics and energy; organised crime & extremism; advanced technologies -- bio, info, nano, robo & AI; demographic skews and resource shortages; pandemics; financial systems and systemic risk; as well as transhumanism and ethics. Present membership of ATCA is by invitation only and has over 5,000 distinguished members from over 120 countries: including 1,000 Parliamentarians; 1,500 Chairmen and CEOs of corporations; 1,000 Heads of NGOs; 750 Directors at Academic Centres of Excellence; 500 Inventors and Original thinkers; as well as 250 Editors-in-Chief of major media.

The Philanthropia, founded in 2005, brings together over 1,000 leading individual and private philanthropists, family offices, foundations, private banks, non-governmental organisations and specialist advisors to address complex global challenges such as countering climate chaos, reducing radical poverty and developing global leadership for the younger generation through the appliance of science and technology, leveraging acumen and finance, as well as encouraging collaboration with a strong commitment to ethics. Philanthropia emphasises multi-faith spiritual values: introspection, healthy living and ecology. Philanthropia Targets: Countering climate chaos and carbon neutrality; Eliminating radical poverty -- through micro-credit schemes, empowerment of women and more responsible capitalism; Leadership for the Younger Generation; and Corporate and social responsibility.

© 2012 Copyright DK Matai - All Rights Reserved Disclaimer: The above is a matter of opinion provided for general information purposes only and is not intended as investment advice. Information and analysis above are derived from sources and utilising methods believed to be reliable, but we cannot accept responsibility for any losses you may incur as a result of this analysis. Individuals should consult with their personal financial advisors.


© 2005-2019 http://www.MarketOracle.co.uk - The Market Oracle is a FREE Daily Financial Markets Analysis & Forecasting online publication.


Post Comment

Only logged in users are allowed to post comments. Register/ Log in

6 Critical Money Making Rules