Verizon Communications Inc. (VZ:US) is helping to investigate a series of cyber attacks that have disrupted the websites of the biggest U.S. banks over the past two weeks, a company official said.
Verizon is looking into the attacks, which commandeered commercial servers to overwhelm the sites with traffic, for some of the affected banks and assisting the federal government through the National Cybersecurity and Communications Integration Center, said Sean McGurk, managing principal for industrial control systems cybersecurity for the New York-based company and formerly director of the center led by the Department of Homeland Security.
“It’s an escalation,” said McGurk, who said commercial servers have been used in such attacks before, although never on this scale. “We refer to it as a campaign,” he said.
An official at one of the banks that has been targeted said yesterday that the attack stopped the day before when the still- unidentified perpetrators issued a stop command to the network of computers they had commandeered. The assault stopped because the attackers quit or moved on to another bank, not because the bank defeated it, said the official, who asked not to be identified discussing security issues.
Many of the banks that were attacked were forced to reduce their services and rely on backup procedures to restore their main services, telling customers their websites were being repaired, the official said.
“The sole purpose that we’ve been able to determine is that they want to disrupt your ability to access your funds,” McGurk said in an interview at a security conference in Washington.
The goal of the attacks was to “not steal your money; not steal your personal identity; not take information or intellectual property from the financial institutions themselves, but actually to prevent you from doing things that you like to do from a convenience standpoint,” McGurk said.
Such attacks “could potentially impact the public’s trust and confidence in your ability to deliver services,” McGurk said. “If you’re a large bank and I constantly have issues gaining access to what I consider to be my own money, then I may take my money somewhere else to a bank that’s not being impacted on a routine basis.”
The distributed denial-of-service (DDoS) attacks on financial firms began last week, starting with Bank of America Corp. (BAC:US), JPMorgan Chase & Co. (JPM:US) and Citigroup Inc. (C:US) and moving successively this week to Wells Fargo & Co. (WFC:US), U.S. Bancorp (USB:US) and PNC Financial Services Group Inc. (PNC:US)
Michael Balmoris, a spokeswoman for Dallas-based AT&T Inc. (T:US), and Sena Fitzmaurice, a spokeswoman for Comcast Corp. (CMCSA:US), headquartered in Philadelphia, didn’t respond to requests for comment about whether they are also investigating the attacks.
Karn Dhingra, spokesman for USTelecom, a trade group representing U.S. telecommunications companies, said, “Our companies are cooperating with law enforcement and the other appropriate agencies who are handling the investigation, and we’ll continue to.”
McGurk said it would take time to determine who is behind the attacks. A group calling itself Izz ad-Din al-Quassam Cyber Fighters claimed responsibility in a statement posted to the website pastebin.com, saying it was in response to a video uploaded to Google Inc.’s (GOOG:US) YouTube, ridiculing the Prophet Muhammad and offending some Muslims.
Charlotte, North Carolina-based Bank of America hasn’t experienced disruptions to its networks this week, company spokesman Mark Pipitone said. Operations at U.S. Bancorp, based in Minneapolis, returned to normal and have remained that way, according to company spokesman Tom Joyce.
Heavy Internet traffic at Pittsburgh-based PNC is subsiding, and operations are returning to normal, company spokesman Fred Solomon said. Bridget Braxton, a spokeswoman for San Francisco-based Wells Fargo, said customers can access their accounts through online and mobile channels.
Kristin Lemkau, a spokeswoman for JPMorgan, said the bank had no comment.
The assault on banks, which escalated this week, was the subject of closed-door White House meetings in the past few days, according to a private-security specialist who asked not to be identified because he is helping to trace the attacks.
President Barack Obama’s administration is circulating a draft executive order that would create a program to shield vital computer networks, including financial institutions, from cyber attacks. The administration is considering the move after the U.S. Senate last month failed to advance comprehensive cybersecurity legislation backed by Obama.
Homeland Security Secretary Janet Napolitano didn’t directly address the bank attacks when asked about them at the Washington security conference yesterday. She declined to give a timeline for the executive order, saying Obama hasn’t had a chance to review it. She said legislation is still needed for elements such as liability protection for companies to share cyber threat information.
To contact the reporters on this story: Eric Engleman in Washington at firstname.lastname@example.org; Chris Strohm in Washington at email@example.com
To contact the editor responsible for this story: John Walcott at firstname.lastname@example.org