The latest DDOS attack today against Cap One, which hactivists pre-announced, may be followed by attacks against two other preannounced (on Pastebin) hacktivist attacks against U.S. regional banks. I personally take these very seriously. In speaking with others closer to the situation, it appears the hacktivists are voluntarily stopping their attacks and taking breathers so that they don’t get caught. The authorities know which compromised servers are used to lob the mega payloads against the banks, but they haven’t yet identified or located the individuals conducting the attacks.
One highly respected researcher says there is direct evidence that the same tools used in January 2012 to take the Israeli stock exchange and El Al airlines websites down are being used for these DDOS attacks. And those attacks against the Israeli companies were publicly praised by Hamas leaders. No doubt, they are hiring English speaking experts for the ‘technical details.’
So is there fraud against accounts at these banks under siege? There are anecdotal accounts of fraud getting through their call centers, where call volume ratchets up tremendously during the attacks when web applications are unavailable, and more ‘untrained’ call center staff are put to work to help handle the volume. The bad guys socially engineer or lie their way through the identity proofing processes, and are able to get wire transfers executed over the phone. Call center security is much weaker than web security. Now would be a good time to change that.
Category: Uncategorized Tags: