By Joseph Menn
| SAN FRANCISCO
SAN FRANCISCO Oct 2 The hackers behind the
cyber attacks on major U.S. banks have repeatedly disrupted
online banking by using sophisticated and diverse tools that
point to a carefully coordinated campaign, according to security
researchers.
The hackers, believed to be activists in the Middle East,
were highly knowledgeable about the defensive equipment used by
the banks and likely spent months on reconnaissance, said
several researchers interviewed by Reuters, who viewed the
assaults as among the strongest and most complex the world has
seen to date.
In the past two weeks, customers of top U.S. banks including
Bank of America Corp, JPMorgan Chase & Co, Wells
Fargo & Co, U.S. Bancorp and PNC Financial
Services have reported having trouble accessing their
websites, as unusually high traffic volumes appeared to crash or
slow down the systems.
No thefts have been tied to hacked sites, but an untold
number of customers were not able to pay bills or transfer money
from their computers, leaving banks with remediation expenses
and customer irritation as the biggest costs.
Researchers said the hackers used groups of compromised
computers, known as botnets, which are inexpensive to rent for
short periods. What made these botnets much more powerful was
that they were made up of web servers that had been taken over,
instead of mere personal computers.
"Tens of thousands" of servers are involved, said Tom
Kellermann, vice president of major security vendor Trend Micro.
The FBI declined to comment on its investigation of the
attacks. The banks either declined to comment or noted that most
customers have been able to log into their accounts.
"It's fairly large, but it's something financial
institutions are accustomed to dealing with," said Doug Johnson,
vice president of the American Bankers Association trade group.
Sources familiar with the bank attacks have previously told
Reuters that they could be part of a year-long cyber campaign
waged by Iranian hackers against major U.S. financial
institutions and other corporate entities.
Senator Joseph Lieberman, chairman of the Senate's Homeland
Security and Governmental Affairs Committee, has also blamed
Iran's much-improved cyber forces on the bank website outages.
A group that calls itself the Cyber Fighters of Izz ad-din
Al Qassam has claimed credit for the recent bank attacks,
declaring them a protest against the anti-Islam video posted on
YouTube and stoked violent protests across the Muslim world.
The latest attacks against the banks have thrown as many as
30 million electronic packets per second at the websites, at
times overwhelming both the banks and the additional technical
resources being moved into place to counter the attacks.
That much volume "would overwhelm almost anyone, including
large telecommunications companies," said Scott Hammack, chief
executive of Prolexic Technologies, which specializes in warding
off "denial of service" attacks. Prolexic's clients include
several of the biggest banks, though Hammack declined to name
which ones.
Experts said that high-volume denial-of-service attacks were
becoming more common even before the latest bank assaults and
would continue to increase in sophistication as well.
"This entire episode speaks to the need for banks, or any
business operating online, to be prepared for this type of
availability attack," said Dan Holden, director of research at
security firm Arbor Networks.