Wednesday, January 16, 2013

Who’s in YOUR Wallet – Cyber attacks on banks

While we watch politicians stand in line to develop questionable solutions to the problem of violence in America, it is easy to forget that some very bad people are constantly trying to do us harm from overseas.  But they are.  And it is working.  Here is how we know.
According to a recent article by Ellen Nakashima (an excellent reporter of homeland security issues for the Washington Post – see  ), several large banks have  approached the National Security Agency and asked for help securing their systems from outside attack.
For years, businesses in general, and financial businesses in particular, have resisted calling law enforcement in the wake of cybercrimes. The reason is simple. If you call the police to investigate a break-in at your home, and they see something illegal during their visit (say, too many pet rabbits for a local city ordinance), they are obligated to investigate your “law breaking,” too. And their investigation goes to the prosecutor, whether they catch the burglars or not.  Now assume you are a bank with hundreds of employees, thousands of depositors, and millions of transactions. Would you be thrilled to have an FBI team taking an electronic stroll through your records? How do you think your depositors would feel? Think it might hurt business for people to know:
1)      The electronic defenses of your bank have been penetrated and accounts may have been accessed.
2)      So federal intelligence and law enforcement agencies are combing through bank systems and depositor records.
Anyone who says “You have nothing to worry about if you are not guilty,” doesn’t understand tax law.
      So what does it tell us when six major banks (Bank of America, PNC Bank, Wells Fargo, Citigroup, HSBC and SunTrust according to the Washington Post article) consider going to the feds?  It tells us that we as a nation have a problem. A big problem.
The Department of Homeland Security (DHS) considers 18 sectors of our national “enterprise” to be Critical Infrastructure (CI). ( CI is defined as: “the assets, systems, and networks, whether physical or virtual, so vital to the United States that their incapacitation or destruction would have a debilitating effect on security, national economic security, public health or safety, or any combination thereof.”   The sectors include Food, Energy, Transportation, etc. . . . and Banking and Finance.
      Attacks on this sector have been common for years because, to quote bank robber Willie Sutton, “that’s where the money is.” But starting about a year ago – as sanctions really began to bite into the Iranian economy – a new type of coordinated attack emerged. Called a “Denial of Services” attack, these high tech efforts do not go after data or accounts, but seek to prevent the banks from doing business, by overwhelming their computers with what look like legitimate requests for attention.  It is as if a million people showed up to stand in line at the ticket windows of a football game, even though they had no intention of buying tickets. The windows would be shut down, legitimate customers frozen out, the attention of officials diverted, and over time, the team owners would suffer significant loss. Since last September, such attacks on the banking industry have accelerated. Some banks (most remain very leery of telling the stock markets who is having the worst problems) are so hard pressed that they have turned to the National Security Agency for help.
      To be clear, the NSA is an intelligence agency, not a law enforcement agency. It has long monitored the communications of opponents overseas and performed other services so secret that during the Cold War many claimed that NSA stood for “No Such Agency.” But since 9/11,  the NSA has stepped to the fore in seeking America’s dangerous enemies abroad and protecting federal electronic resources at home.  And in some cases they have extended that protection to resources that were not owned by the federal government but served a national purpose, like the computer systems of defense contractors.  While exactly what they do is not exactly clear (by design), it appears that for non-governmental partners, they do more consulting and recommending than actual protection. And while their interaction with defense and law enforcement agencies is a matter for classified Congressional oversight, it would certainly be reasonable to expect coordination with those who can investigate, prosecute, and perhaps even retaliate.
      So if we do not know exactly what federal agencies are involved with this new defense effort, or exactly what they are doing, why be concerned about this activity?  Because it tells us two things:
1)      Somebody is making a serious, large scale attempt to attack the economic sinews of the United States.
2)      It’s working well enough to get the full attention of the US government at the highest levels.
It is public knowledge, supported by statements from “unnamed sources,” that both China and Iran have mounted major efforts to penetrate our government computers, our key industries, our university research facilities, and a wide range of our critical infrastructure. Some claim that damage already achieved would be cause for war if it had been done by physical attack. And it is especially interesting that the current attacks as described in the Nakashima article were conducted on specific days in a coordinated manner. This may indicate a military operation, or an exercise for organized forces, or even (as we may have seen in the Russian attacks on Estonia and Georgia six years ago), the contracting out of services to some other agent. (A third party intelligence service? A transnational crime organization?)
            All we know for sure from the two points above is that some very bad people are trying to do some very bad things to the foundations of American power and society. We all ought to be paying attention.
Oh yes, there is a third point.  We might not win.

No comments:

Post a Comment