Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Islamic hacktivists' bank attack claims gain credibility

Taylor Armerding | Sept. 27, 2012
Experts say executive order from President on cybersecurity would not help in instances such as Tuesday's Wells Fargo attack

Roger Thornton, CTO of AlienVault, called them "the digital equivalent of having a group of protesters block the entrance to a building or tie up the phone lines."

"These attacks can be a nuisance and can cause real damage or even physical harm at times -- if the 911 response system was tied up when you needed an ambulance, for example," he said. "But just like the protesters blocking a branch of the bank, a DDoS attack is very hard to prevent, somewhat inevitable regardless of your security posture and is not an attack that results in data stolen or systems permanently damaged."

And Thornton said there is already "a pretty good system for sharing threat data between the Department of Homeland Security and the financial services community today through a program run by FS-ISAC (Financial Services Information Sharing Analysis Center). There are already communication lines in place and these programs are part of the reason our banks are still operating in spite of such hostile threats."

Gary McGraw, CTO of Cigital, said he is a bit puzzled at all the interest in the recent wave of attacks. "These sorts of attacks happen all the time," he said. "I'm not sure why there seems to be more interested in these."

But he is certain that the banks don't need help from the government with DDoS attacks. "Google and Amazon don't need the government to help them with DDoS. That's ridiculous," he said.

Paul DeSouza of the Cyber Security Forum Initiative said the private sector and government have different roles to play. "The private sector should be responsible for deploying the necessary technologies and controls to include trained personnel to be able to continue to operate through and in cyberspace in the protection of their assets even under attack," he said.

"The role of the government should be of a supporting nature to include cyber intelligence and knowledge sharing capabilities," he said. "Offensive cyber responses are reserved to governmental actors with the appropriate authorities to engage in full spectrum cyber operations."

But Jody Westby, an attorney and CEO of Global Cyber Risk, said the problem is not so much coordination between the private and public sector in the U.S., but internationally.

"Cybercriminals today have effectively analyzed what jurisdictions lack skilled law enforcement, where cooperation is lacking or nil, and where cybercrime laws are either non-existent or civil penalties," she said.

"Meanwhile, we do not have effective cross-border cooperation and law enforcement support to counter the attacks. Until we address cybercrime, these attacks will continue to be sophisticated, ingenious, and successful," Westby said.

She said financial institutions do a good job overall in defending against attacks, but believes political leaders should at least be speaking out. "The President or State Department should show some diplomatic muscle," she said, even if the attacks are from a nation state. "Cyber Command does not have the legal authority to assist private sector networks."

 

Previous Page  1  2  3  Next Page 

Sign up for CIO Asia eNewsletters.