It’s been called “gigantic”, “massive” and “the largest attempt ever”. Those adjectives are being used to describe the cyber attack that almost was on Memorial Day.
Reuters is reporting that while millions of us were celebrating Memorial Day, efforts were being made to hack into the a real time financial exchange. They almost succeeded – they being a group of cyber hackers – and had they been successful, it would have been the largest distributed denial of service attack ever.
Instead, Prolexic said it was able to deflect the overwhelming efforts that peaked at 167 gigabytes per second, making it the biggest that company had ever seen. Fortunately, and despite what some might say genius efforts, the attack simply wasn’t sophisticated enough to carry it through,
This was a massive attack that made up in brute force what it lacked in sophistication,
Prolexic CEO Scott Hammack said in a statement on Thursday as he disclosed and provided details surrounding the failed attempt. He also said that no malicious traffic ever came close to the exchange’s website and downtime. The company wasn’t even aware it was under attack, explained Hammack.
Cyber Attack – The New White Collar Crime
By now, the big banks and the financial sector as a whole – along with the American consumer – have become quite familiar and even prepared for the denial of service attacks. Late last year, many bank customers were unable to log into their accounts, make loan and credit card payments or even check their balances all because of the denial of service attacks. No group has been identified as the one responsible, which has many wondering why security and law enforcement can’t catch up with them. Still, they’ve become common and many have reserved themselves to that new reality, which is something that shouldn’t be acceptable to any company or government official.
Now, though, the hackers have raised the stakes. The Memorial Day attack was measured at 167 gbps and is far higher than the average attack bandwidth of about 48.25 gbps. In the first quarter of 2013, though, there’s been a 691% year-over-year increase and 718% from the fourth quarter of last year.
Due to confidentiality considerations, Prolexic isn’t releasing the name of the exchange that was targeted, but it’s interesting that both the Dow and Nasdaq were closed on Memorial Day and both have been targets in the past. Exchanges are deemed high-profile targets because they are symbols of capitalism and for some, equitable to the “American Dream”. Many hackers take advantage of that in an effort of manipulating the markets that allow it to flow.
Meanwhile, another company, Radware, says it has no information that would pinpoint the massive size that Prolexic reported. While it refused to provide details on which exchange, it did say that it was distributed across its cloud scrubbing centers in cities around the world.
As a final marker to this, a spokesperson for Prolexic said,
…it’s only a matter of time, perhaps as early as the second quarter, that DDoS attacks eclipse the 200 Gbps marker.
While all of this is bad enough, news also broke on Thursday that many efforts on a lower scale are often achieved due to a “flawed password system”. Worse – we’re all guilt of it.
McAfee is reporting that 74 percent of internet users still use the same password across their myriad of websites they use. Their Facebook passwords are the same as their passwords to log into their banks and credit card companies. It’s also a major player into how cyber attacks are being pulled off with ease. It says the Associated Press Twitter take over last month was hacked because of a common password the new agency used in many of its accounts. The hacker tweeted that the White House had been bombed and as a result, stocks spiraled down more than 143 points. The take away lesson: it’s never been more important to ensure passwords are unique for every single site you visit.
Some say even that’s not enough. Robert Siciliano, an online security expert at Intel’s (INTC) McAfee, said,
There has been so many breaches of data over the past decade – so many breaches of high profile accounts such as the AP – that it has just become so painfully obvious that the password is just done.
The Financial Times’ Twitter account was hacked last week, Burger King and the New York Times both had their social media accounts hacked. There’s no doubt everything we thought we knew is irrelevant as more and more hackers are better armed. Wondering how it is so many companies are easily hacked? Consider this: Out of three million user passwords analyzed in a recent Trustwave report, 50% of business users were found to be using easily-guessed passwords – the most common being “Password1″ because it often meets the minimum standard for acceptable passwords.
And then, there are even bigger considerations.
Cyber Attack and Future Threats
Just hours ago, Defense Secretary Chuck Hagel spoke to reporters on a flight to Singapore, where he’s expected to address ongoing cyber threats during meetings with a Chinese delegation. He says cyber threats pose a “quiet, stealthy, insidious” danger to the United States and says it’s time to redefine the “rules of the road” while also developing better understanding among nations when it comes to various technological advantages.
Cyber threats are real, they’re terribly dangerous,
Hagel was quoted by Reuters as saying.
They’re probably as insidious and real a threat (as there is) to the United States, as well as China, by the way, and every nation.
He says the U.S. must lead the way in developing better and more universal ways of ensuring responsible use of that technology,
There’s only one way to deal with these issues – that’s straight up.
The solution, according to some, is a bit “futuristic”; safer and more reliable, but not really realistic at this point. Multiple-factor verification systems that incorporate a multi-layer approach of protection of facial recognition, codes and personal questions as well as usernames and passwords go several layers deeper, making it more difficult for hackers to gain access. Of course, that’s not even close to being mainstream. The reasons? Money. Training. Consistency: three things many companies and consumers simply don’t have enough of at this point.
Similar Personal Finance News
- 3 Years In, Credit CARD Act Working – February 25, 2013
- Overwhelming Financial Truths: How They Affect Everything – May 27, 2013