Blog post

Financial Armageddon: Are the current DDOS attacks against U.S. Banks what we always worried about?

By Avivah Litan | September 27, 2012 | 1 Comment

That’s how a colleague who knows what he is talking about characterized the latest spate of DDOS attacks against the U.S. Financial industry. Financial Armageddon.

Frankly, after learning some of the details of these DDOS attacks, we should all breathe a sigh of relief that the hacktivists are taking a break, at least for now. From what I can tell, there is no reason they needed to other than the fact that they need these U.S. banks to be up and running themselves so they can get the cash they need to sustain their lifestyles and nefarious activities.

Apparently, the DDOS attacks that are causing havoc at some of our most esteemed financial institutions are being launched from just 3000 compromised endpoints distributed around the world, all lobbing payloads of multiple megabytes that together add up to 100 gigabytes of noise blasting at the banks through their Internet pipes. This makes it impossible for customers and others using the same pipe to get to their websites.

From what I’ve been told (I’m not a network security specialist) the leading DDOS prevention software more or less stops working when the attacks get larger than 60-70 gigabytes and simply can’t handle the bandwidth of these 100 plus gigabyte attacks. The major ISPs only have a few hundred gigabytes bandwidth for all their customers, and even if they added more on to that, the hacktivists could quickly and easily eat the additional bandwidth up.

The only way to stop these attacks is to take down the compromised endpoints launching them but that would mean working with and coordinating with the thousands of service providers that service them, not an easy feat!

I’ve also learned that the attackers are communicating with each other in English so there’s no strong evidence that these attacks are being launched by an unfriendly nation state or foreign gang. That was my original and initial reaction upon learning about them.

Whether or not the hackers are robbing the banks in addition to denying their users service is unclear. They could very well be doing that – it’s a common ploy to launch a DDOS attack against a bank and then, when the security staff are all distracted, to go in for the ‘kill’ and transfer money out of bank accounts. That’s a common crime and battle tactic – distract the enemy and then go in for what you really want.

What’s the solution? Rapid identification and takedown of the offending endpoints conducting the attack. This should be possible as long as there is coordination and strong cooperation across countries and internet service providers.

In the meantime, don’t hold your breath waiting for that to happen. Instead, cross your fingers and check your bank balances as often as you can.

The Gartner Blog Network provides an opportunity for Gartner analysts to test ideas and move research forward. Because the content posted by Gartner analysts on this site does not undergo our standard editorial review, all comments or opinions expressed hereunder are those of the individual contributors and do not represent the views of Gartner, Inc. or its management.

Comments are closed

1 Comment

  • There is no evidence thus far that these are hacktivists. The attackers and motives are unknown at this juncture, and blaming it on hacktivists, and the pause in the action on them needing to get cash out of a bank, sorely misplaced.