'The bank attacks are remarkable because they seem unstoppable, even with advance warning. Just how bad are banks suffering at the hands of attackers? Rodney Joffe, senior technologist at Internet infrastructure provider Neustar, said the best some banks can do to prepare is to have a sincere-sounding apology at the ready, backed up with a plan B that points customers to an alternative method of communication such as a call center.
"There is in fact no way to defend against it properly," said Joffe, who has helped banks try to recover from the attacks. "We can mitigate the attacks to some extent, but it is very difficult to keep systems up…This is one of our worst nightmares."
The criminals identify themselves in their warnings as the "al-Qassam Cyber Fighters," purportedly part of Hamas' al Qassam military wing. The basic attack is nothing new: It's a denial of service attack designed to make the banking websites unavailable. Bank sites are flooded with bogus Internet traffic so they are overwhelmed, and can only give the equivalent of a busy signal to customers. But these attacks are very different, experts say, because of the sheer amount of bogus traffic that's generated…
But the biggest nightmare, he said, is that banks don't "defeat" the attacks with countermeasures. The criminals simply stop and turn their attention on another target, leaving bank security officials wondering when they might be victimized again. Capital One, for example, has suffered at least two separate service disruptions.'
Tuesday, October 23, 2012
Fwd: Bank Denial of Service attacks