Tag Archives: Bank of America

US Banks Hit by Largest Cyber Attack Ever (But Won’t Admit It)

Last week’s cyber attacks against US banks were more widespread than reported. In fact, it may have been the largest attack ever, industry experts say. According to Radware, a security firm that has investigated cyber intrusions on behalf of financial firms, roughly a half-dozen institutions endured digital assaults at around the same time, Tuesday. But only JPMorgan Chase (JPM) and BB&T (BBT) have so far confirmed the incident.

“If you have a leak in a boat, you can build a bigger boat so the leaks won’t mathematically sink your boat. That’s been fundamentally the process many folks have been taking.”

Carl Herberger

Cyber-Fighters-of-Izz-al-Din-al-Qassam

The attacks followed a threat earlier Tuesday by the al-Qassam Cyber Fighters, a group that has claimed responsibility for a series of incursions since September that have bogged down websites at some of the nation’s biggest banks and prevented customers from accessing their accounts. Tuesday’s attacks “were the largest attacks we’ve seen to date in scale,” says Carl Herberger, vice president of security solutions at Radware.

The group, which has vowed to continue its campaign until YouTube takes down a trailer for an anti-Muslim film, said it would target JPMorgan Chase, Bank of America (BAC), Citibank (NYSE:C), PNC Financial (PNC), Fifth Third Bancorp (FITB), Union Bank, BB&T (BBT) and Capital One (COF) for another round of assaults, AmericanBanker.com reports.

“The one that was advertised to the world was Chase, but I can tell you that almost on an hourly basis banks were being attacked, which is a very substantial campaign.”

“If you actually measure the response time of some of these banks that are being attacked, you can see that they are under duress,” Herberger says. Adding: “Most of them labored for hours on end with little or no response.”

Herberger declined to say which banks beside Chase weathered attacks on Tuesday, citing confidentiality agreements between Radware and its clients.

BB&T spokeswoman Merrie Tolbert said in an email that the Winston-Salem, N.C., bank “experienced intermittent outages yesterday” but said the bank was able to restore service quickly. Daniel Weidman, a spokesman for Union Bank, said in an email the bank’s website also “experienced intermittent outages” on Tuesday before resuming regular operation.

Citigroup, Fifth Third and Capital One spokespeople said their companies’ websites functioned normally on Tuesday. Bank of America’s websites also continued to operate without incident, according to a source close to the company.

“If you have a leak in a boat, you can build a bigger boat so the leaks won’t mathematically sink your boat. That’s been fundamentally the process many folks have been taking. We see few instances of fixing the leak, “Herberger says.

While banks continue to take steps to strengthen security, hackers continue to hone their capabilities and can outmatch banks’ best efforts to deter them, experts say.

ddos-attacks-by-muslim-cyber-fighters-infographic

.

Can Be A Diversion

IT employees at banks are dealing with malicious coders at all ends.

Depositories are being targeted by both denial of service attacks, in which botnets bombard a financial services company’s website in order to shut it down and disrupt services to customer; and invasive malware that infects customers’ sometimes insecure devices and compromises their accounts.

Often denial of service attacks “can be a diversion,” says Dave Ostertag, a computer security expert and a global investigation manager with Verizon. At the same time, criminals might be trying to extract financial information from a bank using a variety of different techniques, he says.

There are, of course, prescriptions banks can follow in order to block some fraudulent money transfers.

Sergio Fidalgo, BBVA Compass‘ chief information officer, says his bank hedges against instances of high-tech theft by inserting people and processes into transactions. “There is not a single point of failure in which we rely on from a security perspective,” he says. “It’s not just about detecting, preventing and fighting the attacks… we have procedures that have to be strictly met when we talk about money leaving the bank.”

Human beings, however, can only catch so much, says Barak Eilam, president of Israeli tech vendor NICE Systems for the Americas.

Eilam stresses that though computers can only do so much, they certainly pare down what could be indomitable threats to banks by flagging suspicious activity. “Because of banks’ scale, complexity, and sophistication … this is where technology comes in place,” Eilam says. “Technology helps.”

Even then, people will always be susceptible to social engineering attacks in which hackers pick up just enough information about a person to fool a bank employee into moving a victim’s money, or worse.

Still, as Herberger sees it, banks continue to play catch-up:

“How is it we’ve gotten to the point where we’ve had the largest financial institutions, the most handsome security departments and all of the regulators, where there was a risk to begin with and numerous vulnerabilities that are exploitable, and yet we haven’t been able to resolve it?”

Good question. And still there are some who don’t understand why there’s a lack of confidence in the financial markets?

FULL POST@AmericanBanker.com

Related by econoTwist’s:

3 Comments

Filed under International Econnomic Politics, Laws and Regulations, National Economic Politics, Technology

Gigant Social Media Security Hole in Banking

Did you know that you can log into an American online banking service from outside the US, using only your Facebook log-in credentials? Well, now you do. And so does about a million criminal hackers from around the world…

“That’s the very, very, very risky thing about social networks. The idea of using them as an authentication platform really has its drawbacks. I really think it’s a bad idea.”

Dr. Ken Baylor

shawshank-1

Facebook and access to millions of people through a single social login process . All customers right there on the platform. And aid in registering and creating new online accounts. This “dream of a bank marketer’s” may soon turn into a horrible nightmare for the decision makers in the international banking industry.

I have suspected for a while that this may be the case:

But, last week it was confirmed through an article written by the banking industry itself and published on their own website, AmericanBanker.com.

image_17Not the fact that some banks have already started to allow users to access their bank accounts with a Facebook account as the only form for identification, but the fact that any breach of security that a user encounters on social networks could potentially spread to that person’s online bank account, and from there, leak into to highly connected global system of online banking.

According to vice president at information security research and advisory company NSS Labs. Dr. Ken Baylo, the social networking as an authentication factor have “just proven to be highly susceptible to malware, multiple times.”

Additionally. many unsophisticated users wouldn’t think twice about clicking on a malicious link, making it particularly enticing for criminals hackers.

“That’s the very, very, very risky thing about social networks,” says Dr. Ken Baylor.

“The idea of using them as an authentication platform really has its drawbacks. I really think it’s a bad idea.”

“Banks outside the US are starting to allow direct access to online banking through Facebook and that’s where there should be a concern about Facebook hacking,”  says Nicole Sturgill, research director in the cards and retail banking practice at CEB Towergroup.

“Facebook should be used as a gateway to online banking, but there should be an extra layer of security. No one should be able to log in to online banking with nothing but their Facebook ID and password,” Nicole Sturgill says.

Most banks in the US, though, are still  just using Twitter and Facebook for marketing and customer service messaging, rather than as a portal to online banking.

In addition to Facebook, banks are also planning to allow people to tie their bank accounts directly to Twitter.

“The benefits, for us, outweigh the potential risk,” says King.

“The fact is that Facebook’s login platform is still magnitudes more robust than most Internet banks.”

FULL POST @ RATIONAL ARROGANCE

3 Comments

Filed under International Econnomic Politics, Laws and Regulations, National Economic Politics, Technology

Top 10 Financial Failures of 2011

It’s the financial service web site FierceFinance.com who have put together the list of the biggest blunders in the industry during the past year. Personally, I might have put a few other issues on the list, but when it comes to the final top position I think we have a winner:

“Led by CEO Jon Corzine, formerly of Goldman Sachs, MF Global was a trading powerhouse back in 2010. That all came crashing down in late 2011, as the bank filed for Chapter 11 bankruptcy and lost track of $600 million in capital.”

FierceFinance

Yeah, losing $600 million is probably harder than earning them, and quite an achievement…

FireceFinance writes:

“The MF Global failure was a total unraveling involving poor management and risky investment. For what it’s worth, Corzine said he will not be seeking to collect his $12 million Golden Parachute severance package. But reports surfaced in The Telegraph speculating that MF Global employees in the U.K. may have received Q3 corporate bonuses, even with the firm on the brink of failure.”

Read more: MF Global coverage.

Here’e the rest of the list:

2. Bank of America imposes debit card fee.

“The backlash against the bank was severe. But CEO Brian Moynihan defended the bank’s right to make a profit, saying in a statement that he had “an inherent duty as a CEO of a publicly owned company to get a return for my shareholders.”

3.  Frustration sparks Occupy Wall Street protests.

“What originated as peaceful has become violent, as reports surfaced of police using tear gas on protestors along with attempts to force them out of encampments.”

4. S&P downgrades US credit rating.

“Even though S&P went on to be criticized for its debt rating practices (the issue of credit rating agency credibility looms large), the move was significant at a time when budget showdowns in Washington and a stagnant economy were constantly in the headlines.”

5. Raj Rajaratnam slammed for insider trading.

“The convicted insider trader dominated the news in 2011 and in many ways is seen as the pinnacle of success for federal prosecutors, who have been cracking down on offenders.”

6. Citi stumbles after major data breach.

“Citi was reluctant to publicly announce the breach, finally doing so only after being pressed on the subject by the media. Citi offered a public explanation of the incident and tried reassuring customers that the stolen data was insufficient to commit fraud and that social security numbers, dates of birth and card security codes remained secure.”

7. Bank of America forecloses on couple.

“One of the more bizarre stories of 2011 was when Bank of America accidentally foreclosed on a Florida couple. Although the bank eventually backed down, the couple hired a lawyer to recoup attorney’s fees. Five months passed without payment–this coming after a judge ordered the bank to pay up. So the couple and its attorney showed up to foreclose on a local Bank of America branch, declaring their intent to remove furniture, cash and other property.”

8. RSA suffers cyber attack.

“RSA’s SecureID tokens are used by 30,000 organizations worldwide. RSA remained open about the attack, offering tips and posting details describing the anatomy of the breach. But even transparency didn’t reverse the fact that banks were forced to rethink security and look for new options.”

9. Typo costs Goldman Sachs $45 million.

“A tip for everyone who deals with contracts: Double check all calculations. Goldman Sachs learned that lesson the hard way back in June when it issued four warrants relating to Japan’s Nikkei index. Buried in the depths of financial jargon was a serious formulaic mistake: A multiplication sign was inserted where there should have been a divide by sign.”

10. John Paulson‘s Sino-Forest bust.

“In all likelihood, 2011 will not be a great year for hedge fund manager John Paulson. Among his failures was selling 35 million shares of the Chinese company Sino-Forest at an estimated loss of $500 million.”

Related:

Comments Off on Top 10 Financial Failures of 2011

Filed under International Econnomic Politics, National Economic Politics