Avivah Litan

A member of the Gartner Blog Network

Avivah Litan
VP Distinguished Analyst
12 years at Gartner
30 years IT industry

Avivah Litan is a Vice President and Distinguished Analyst in Gartner Research. Her area of expertise includes financial fraud, authentication, access management, identity proofing, identity theft, fraud detection and prevention applications…Read Full Bio

Coverage Areas:

Financial Armageddon: Are the current DDOS attacks against U.S. Banks what we always worried about?

by Avivah Litan  |  September 27, 2012  |  4 Comments

That’s how a colleague who knows what he is talking about characterized the latest spate of DDOS attacks against the U.S. Financial industry. Financial Armageddon.

Frankly, after learning some of the details of these DDOS attacks, we should all breathe a sigh of relief that the hacktivists are taking a break, at least for now. From what I can tell, there is no reason they needed to other than the fact that they need these U.S. banks to be up and running themselves so they can get the cash they need to sustain their lifestyles and nefarious activities.

Apparently, the DDOS attacks that are causing havoc at some of our most esteemed financial institutions are being launched from just 3000 compromised endpoints distributed around the world, all lobbing payloads of multiple megabytes that together add up to 100 gigabytes of noise blasting at the banks through their Internet pipes. This makes it impossible for customers and others using the same pipe to get to their websites.

From what I’ve been told (I’m not a network security specialist) the leading DDOS prevention software more or less stops working when the attacks get larger than 60-70 gigabytes and simply can’t handle the bandwidth of these 100 plus gigabyte attacks. The major ISPs only have a few hundred gigabytes bandwidth for all their customers, and even if they added more on to that, the hacktivists could quickly and easily eat the additional bandwidth up.

The only way to stop these attacks is to take down the compromised endpoints launching them but that would mean working with and coordinating with the thousands of service providers that service them, not an easy feat!

I’ve also learned that the attackers are communicating with each other in English so there’s no strong evidence that these attacks are being launched by an unfriendly nation state or foreign gang. That was my original and initial reaction upon learning about them.

Whether or not the hackers are robbing the banks in addition to denying their users service is unclear. They could very well be doing that – it’s a common ploy to launch a DDOS attack against a bank and then, when the security staff are all distracted, to go in for the ‘kill’ and transfer money out of bank accounts. That’s a common crime and battle tactic – distract the enemy and then go in for what you really want.

What’s the solution? Rapid identification and takedown of the offending endpoints conducting the attack. This should be possible as long as there is coordination and strong cooperation across countries and internet service providers.

In the meantime, don’t hold your breath waiting for that to happen. Instead, cross your fingers and check your bank balances as often as you can.

4 Comments »

Category: Uncategorized     Tags:

4 responses so far ↓

  • 1 DDoS attacks hit Wells Fargo, PNC Bank, U.S. Bancorp | Preventia IT Security   October 1, 2012 at 9:45 am

    [...] attacks,” Avivah Litan, vice president and distinguished analyst of Gartner, wrote in a blog poston Thursday. “The major ISPs only have a few hundred gigabytes bandwidth for all their [...]

  • 2 Neil Schwartzman   October 2, 2012 at 1:35 pm

    There is no evidence thus far that these are hacktivists. The attackers and motives are unknown at this juncture, and blaming it on hacktivists, and the pause in the action on them needing to get cash out of a bank, sorely misplaced.

  • 3 Anonymous   October 3, 2012 at 6:08 pm

    [...] [...]

  • 4 DDoS attacks on major US banks are no Stuxnet—here’s why « VietHiP   October 4, 2012 at 12:08 pm

    [...] More importantly, it’s grossly premature to compare these attacks to Stuxnet, the highly sophisticated malware the US and Israel designed to disrupt Iran’s nuclear program, or to declare the spate of attacks “Financial Armageddon.” [...]