Gartner Blog Network


Financial Armageddon: Are the current DDOS attacks against U.S. Banks what we always worried about?

by Avivah Litan  |  September 27, 2012  |  4 Comments

That’s how a colleague who knows what he is talking about characterized the latest spate of DDOS attacks against the U.S. Financial industry. Financial Armageddon.

Frankly, after learning some of the details of these DDOS attacks, we should all breathe a sigh of relief that the hacktivists are taking a break, at least for now. From what I can tell, there is no reason they needed to other than the fact that they need these U.S. banks to be up and running themselves so they can get the cash they need to sustain their lifestyles and nefarious activities.

Apparently, the DDOS attacks that are causing havoc at some of our most esteemed financial institutions are being launched from just 3000 compromised endpoints distributed around the world, all lobbing payloads of multiple megabytes that together add up to 100 gigabytes of noise blasting at the banks through their Internet pipes. This makes it impossible for customers and others using the same pipe to get to their websites.

From what I’ve been told (I’m not a network security specialist) the leading DDOS prevention software more or less stops working when the attacks get larger than 60-70 gigabytes and simply can’t handle the bandwidth of these 100 plus gigabyte attacks. The major ISPs only have a few hundred gigabytes bandwidth for all their customers, and even if they added more on to that, the hacktivists could quickly and easily eat the additional bandwidth up.

The only way to stop these attacks is to take down the compromised endpoints launching them but that would mean working with and coordinating with the thousands of service providers that service them, not an easy feat!

I’ve also learned that the attackers are communicating with each other in English so there’s no strong evidence that these attacks are being launched by an unfriendly nation state or foreign gang. That was my original and initial reaction upon learning about them.

Whether or not the hackers are robbing the banks in addition to denying their users service is unclear. They could very well be doing that – it’s a common ploy to launch a DDOS attack against a bank and then, when the security staff are all distracted, to go in for the ‘kill’ and transfer money out of bank accounts. That’s a common crime and battle tactic – distract the enemy and then go in for what you really want.

What’s the solution? Rapid identification and takedown of the offending endpoints conducting the attack. This should be possible as long as there is coordination and strong cooperation across countries and internet service providers.

In the meantime, don’t hold your breath waiting for that to happen. Instead, cross your fingers and check your bank balances as often as you can.

Category: 


Thoughts on Financial Armageddon: Are the current DDOS attacks against U.S. Banks what we always worried about?


  1. […] attacks,” Avivah Litan, vice president and distinguished analyst of Gartner, wrote in a blog poston Thursday. “The major ISPs only have a few hundred gigabytes bandwidth for all their […]

  2. There is no evidence thus far that these are hacktivists. The attackers and motives are unknown at this juncture, and blaming it on hacktivists, and the pause in the action on them needing to get cash out of a bank, sorely misplaced.

  3. […] More importantly, it’s grossly premature to compare these attacks to Stuxnet, the highly sophisticated malware the US and Israel designed to disrupt Iran’s nuclear program, or to declare the spate of attacks “Financial Armageddon.” […]



Comments are closed

Comments or opinions expressed on this blog are those of the individual contributors only, and do not necessarily represent the views of Gartner, Inc. or its management. Readers may copy and redistribute blog postings on other blogs, or otherwise for private, non-commercial or journalistic purposes, with attribution to Gartner. This content may not be used for any other purposes in any other formats or media. The content on this blog is provided on an "as-is" basis. Gartner shall not be liable for any damages whatsoever arising out of the content or use of this blog.