Avivah Litan

A member of the Gartner Blog Network

Avivah Litan
VP Distinguished Analyst
12 years at Gartner
30 years IT industry

Avivah Litan is a Vice President and Distinguished Analyst in Gartner Research. Her area of expertise includes financial fraud, authentication, access management, identity proofing, identity theft, fraud detection and prevention applications…Read Full Bio

Coverage Areas:

DDoS and Project Blitzkrieg attacks are keeping U.S. bankers awake at night

by Avivah Litan  |  December 18, 2012  |  2 Comments

There has been much talk at the banks and in the press around DDoS attacks allegedly sponsored by Iran and praised by Hamas, and an upcoming “Project Blitzkrieg” threatening costly online theft at 30 U.S. banks.

While many in the industry ‘poo poo’ these threats, I have heard now from a few senior credible sources that the DDoS attacks against major U.S. banks in recent months were definitely linked to online fraud.

Apparently, if you put all the information together, there are three classes of DDoS attackers and attacks:

a) Political hactivists conducting DDoS attacks with no ability to commit fraud (e.g. wire money out of a customer’s account to a mule account and then their own) and no fraud committed.

b) Political hactivists conducting DDoS attacks with no ability to commit fraud but fraud is committed by a different gang taking advantage of distracted bank security staff.

c) One financially motivated gang conducting the DDoS attacks and committing fraud at the same time.

It’s important to note that the megabanks being attacked have many online properties, so a DDoS attack against one specific domain can still leave other domains up and running with the security staff who manage all of the domains very much distracted. The result: online fraud can and has occurred during the DDoS attacks.

So while there are conflicting opinions and accounts over what’s happened, this is how I sum up what I have heard from well-placed professionals.

Solution: layers of fraud prevention, authentication and authorization controls. We’ve got a lot of research in this area, including a research note coming out “Innovation drives Seven Dimensions of Context Aware Security.”

The note also discusses the importance of organizational focus and alignment. For sure the technical solutions are out there – and using them effectively can likely stop 80-90% of the damage. The key barrier to success is lining up the right resources in the right way to stop these bad guys – whoever they are and however real their threats are — head on.

2 Comments »

Category: Uncategorized     Tags:

2 responses so far ↓

  • 1 John LaCour   December 21, 2012 at 2:12 pm

    I’m not aware of any evidence that Izz ad-din Al qassam group responsible for recent large DDOS attacks on banks are involved in any fraud. You are right that their attacks can be leveraged by other cybercriminals. The DirtJumper DDOS malware has been used as a cover for large wire transfers out of compromised accounts.

  • 2 Avivah Litan   December 21, 2012 at 2:19 pm

    Thanks John. I agree. and now the OCC put out an alert that indicates the same phenomena. Good to know about the DirtJumper DDOS software.