Recent Bank System Hacking Illuminates Security Shortfalls

Earlier this month, Bank of America, JP Morgan Chase, and Wells Fargo all reported major cyber attacks. The bank hacks, thought to sourced to Iran, were first realized mid September, although reportedly could be part of a broader campaign dating as far back as last year, according to Reuters.

The high-profile hacks initially affected the sites of both Chase and Bank of America, causing surges in traffic that resulted in Web site disruptions and outages.

Wells Fargo was the latest financial institution to report a massive cyber attacks, which affected more than 21 million online customers and 8.5 million mobile bankers.

All of cases, the targeted banks were pummeled with Distributed Denial of Service (DDoS) attacks, which bombard a network with more traffic than it can handle, causing it to stop functioning and shut down.

Reasons for the attacks are, at this point, speculative, although theories range from retaliation by Islamic extremists for a U.S.-made anti-Muslim film, to state sponsored retaliation for tighter U.S. imposed economic sanctions on Iran.

Wells Fargo was the latest financial institution to report a massive cyber attacks, which affected more than 21 million online customers and 8.5 million mobile bankers.

All of cases, the targeted banks were pummeled with Distributed Denial of Service (DDoS) attacks, which bombard a network with more traffic than it can handle, causing it to stop functioning and shut down.

Reasons for the attacks are, at this point, speculative, although theories range from retaliation by Islamic extremists for a U.S.-made anti-Muslim film, to state sponsored retaliation for tighter U.S. imposed economic sanctions on Iran.

But who is responsible might not be as ascertainable as how this problem can be addressed when–not if–it happens again.

Banks get hacked, and hacked with regularity, because, as the age-old joke makes clear, that’s where the money is. But the fact that banks are being easily targeted en mass undermine perceptions of them as being more secure than other market verticals. It also suggests that the financial services industry still has a long ways to go in terms of effective cybersecurity.

But security holes, illuminated by the spate of recent hacks, also means that there are still lots of opportunities for the channel. As such, partners will almost certainly be required to step up their game in financial services markets in the near future now that the industry is in the public spotlight.

Financial services and banking institutions are among the most heavily regulated in terms of cybersecurity, subjected to a plethora of regulatory compliance audits under the Sarbanes-Oxley Act, the Gramm-Leach-Bliley Act (GLBA), and the Bank Secrecy Act, as well as a slew of state cybersecurity regulations and data breach laws.

Historically, partners have gained entry into these markets by offering solutions and related services that play to these compliance mandates. And those solutions, which range from standard firewalls and antivirus to more complex data protection and encryption products, are still undeniably necessary.

From channelnomics.com at http://channelnomics.com/2012/10/02/bank-hacks-illuminate-security-shortfalls/

U.S. cyber chief: “Hackers shifting from ‘disruption’ to ‘destruction”

Hackers are stepping up the intensity of their attacks, moving from “disruption” to “destruction” of key computer systems, the top US cyber-defense official said Monday.

General Keith Alexander, who is director of the National Security Agency and commander of the US Cyber Command, told a Washington forum that the new tactics could move beyond mere annoyances and begin causing severe economic damage.

“We are seeing the threat grow from exploitation to disruption to destruction,” he told the group at the Woodrow Wilson Center.

He argued that these attacks could impact organizations ranging from stock markets to power grid operators — “all of that is in the realm of the possible.”

These types of destructive attacks can wipe out data, which could bankrupt a company or disable the control systems operating key infrastructure.

More from RawStory.com: http://www.rawstory.com/rs/2012/10/01/hackers-shifting-from-disruption-to-destruction-u-s-cyber-chief/

Hackers share security tips with the public

In an effort to fight increased cyber-surveillance by authorities, more hackers and security experts are sharing their tips to online security with the public.

According to Russia Today, there has been an increase in “cryptoparties,” gatherings where newcomers can learn how to shield their online usage from detection, through programs like the Tor Project, which developers say protects internet users from “traffic analysis,” a process used to deduce who someone is communicating with on public networks.

Also among the programs being used is CryptoCat. The difference between this program and online messaging services like Facebook chat and Google Talk, said its’ creator, Nadim Kobeissi, is that the messages users send in the latter aren’t private — they go back to their respective hosts, and can easily be intercepted by either them or government forces.

More from RawStory.com at http://www.rawstory.com/rs/2012/09/22/hackers-share-security-tips-with-the-public-in-cryptoparties/

Illegal data collection a ‘violation of everybody’s Constitutional rights

Bill Binney believes he helped create a monster.

Sitting in the innocuous surroundings of an Olive Garden in the Baltimore suburbs, the former senior National Security Agency (NSA) official even believes he owes the whole American people an apology.

Binney, a tall, professorial man in his late 60s, led the development of a secret software code he now believes is illegally collecting huge amounts of information on his fellow citizens. For the staunch Republican, who worked for 32 years at the NSA, it is a civil liberties nightmare come true.

So Binney has started speaking out as an NSA whistleblower – an act that has earned him an armed FBI raid on his home. “What’s happening is a violation of the constitutional rights of everybody in the country. That’s pretty straightforward. I could not be associated with it,” he told the Guardian.

Binney, a career NSA employee who first volunteered for the army in the mid-1960s, has now become a high-profile thorn in the side of NSA chiefs when they deny the programme’s existence.

At a hacking conference this summer in Las Vegas, NSA director General Keith Alexander said the NSA “absolutely” did not keep files on Americans.

“Anyone who would tell you that we’re keeping files or dossiers on the American people knows that’s not true,” the NSA chief told an audience of computer and security experts. But Binney himself was at the same conference and publicly accused Alexander of playing a “word game”.

“Once the software takes in data, it will build profiles on everyone in that data,” he told a convention panel there.

More at RawStory.com: http://www.rawstory.com/rs/2012/09/15/nsa-whistleblower-illegal-data-collection-a-violation-of-everybodys-constitutional-rights/

White House Pursuing Cybersecurity

The White House is putting together an executive order, to be issued by President Obama, that would create a new “interagency Cybersecurity Council,” under the umbrella of the Department of Homeland Security, The Washington Post reported Friday.

The order, which is currently in its draft stages at 4-pages long and could take months to be finished, according to the Post, would also administer new voluntary standards of cyber protection measures to private companies, namely, those in charge of national infrastructure deemed critical — think power plants, water treatment facilities, railroads and telecommunications networks. Right now, there are few federal mechanisms to force companies to create and maintain their own cyber security measures.

The order is being contemplated following Congress’s vote in early August not to move forward with leading cybersecurity legislation that would have set up a similar system. The bill’s failure was cheered by Web freedom and user advocates, who feared it could lead to privacy intrusions.

From talkingpointsmemo.com at http://livewire.talkingpointsmemo.com/entry/wapo-white-house-pursuing-cybersecurity-executive-order