The attacks follow a routine pattern each week, says Smith. On Monday, a posting online at Pastebin, said to come from Al-Qassam, announces the targeted financial institution, and on Tuesday, Wednesday and Thursday, the DDoS attacks come roaring.
The DDoS attack, proceeding methodically from website to website of the bank, reaches a stream of 65Gbps traffic. This stream hits each bank server, making it unavailable to customers, for up to about 20 hours. It moves on from website to website of the same bank. Then the pattern repeats itself at another bank, and another. He says no bank has yet found a way to fully mitigate against the attacks, though he notes there are things being done with help from ISPs and others.
But the odd coincidence in all this is that the day before the attacks started, the financial services group called Financial Services Information Sharing and Analysis center (FS-ISAC), which coordinates on security issues with the Department of Homeland Security, issued an advisory warning of an increase in bank-employee computer takeovers based on financial theft malware, such as ZeuS.
It's well-known in the security industry that DDoS attacks and cybercrime attacks often coincide since DDoS helps fraudsters carrying on elaborate cybercrime to steal funds or carry out other evil deeds. "It delays the response, the forensics," says Smith.
Smith suspects that the methodical round of DDoS attacks on the bank websites may simply be one element in something vaster fraud carried out by crime rings, such as those in Eastern Europe. Banks seldom disclose their fraud rates something that has frustrated the FBI in the past so it might not be known for some time if it's this kind of cybercrime that's been underway the past month. In any event, Smith adds that until there's more proof brought forward, he personally doesn't think the culprit in all this is Iran either.
This week has been quiet so far on the banking front. Smith points out that a DDoS attack in and of itself is mainly an inconvenience for banking customers since they can go through other channels, such as phoning the bank or visiting it, to conduct their business.
Some in industry say DDoS attacks are pretty common.
Dan Farrell, the director of network operations at web-hosting company Applied Innovations in Boca Raton, Fla., says his firm sees DDoS attacks more and more, about once a month. Most of the time, it's a customer who's targeted, some even receiving extortion threats. Applied Innovations uses Corero's anti-DDoS product, which mitigates the worst of it by dropping attack packets, with the real challenge being in determining the difference between DoS and legitimate traffic.
One of the more memorable incidents related to DDoS attacks arose against the e-commerce sites of two retailers, notes Farrell. It turned out their competitors in the retail space were DDoSing them, but it was possible to shield them from it.
Sign up for MIS Asia eNewsletters.