November 15, 2024

Bits Blog: U.S. Banks Again Hit by Wave of Cyberattacks

For the last week, hackers have — once again — attacked the online banking sites of several American banks.

The attacks appear to be the second stage of a campaign that began in September, when a hacker group calling itself Izz ad-Din al-Qassam Cyber Fighters took credit for a series of attacks on the Web sites of Bank of America, Citigroup, U.S. Bank, Wells Fargo and PNC  that caused intermittent delays.

The group said it had attacked the banks in retaliation for an anti-Islam video that mocked the Prophet Muhammad and pledged to continue its campaign until the video was removed from the Internet. They called the campaign Operation Ababil, a Koran reference to the swallows Allah sent to attack an army of elephants dispatched by the King of Yemen to attack Mecca in 571 A.D.

In an online post on Tuesday, the group said that it had resumed Operation Ababil and that, over the last several weeks, it had focused on nine banks: JPMorgan Chase, Bank of America, Citigroup, Wells Fargo, U.S. Bancorp, PNC, BBT, Suntrust and Regions Financial.

“Our aim of this operation is removal of that insulting and absurd film,” the hackers wrote in an online post.

Of the nine banks, representatives of PNC, BBT and Citigroup confirmed that their online banking sites had experienced intermittent disruptions because of a high volume of Web traffic, but they said that bank accounts and customer information had not been affected. Though they were not mentioned in the group’s online hit list, Capital One and Fifth Third Bank also experienced brief disruptions.

Customers at Bank of America, Wells Fargo, U.S. Bancorp and JPMorgan did not appear to have had any trouble reaching their accounts.

In an e-mail to customers, PNC said it had experienced “an unusually high volume of traffic” to its site. “This volume of traffic is consistent with threatened cyberattacks on the U.S. banking system and is designed to cause access delays for legitimate Internet customers,” the statement said.

Debra DeCourcy, a spokeswoman for Fifth Third Bank, said that from 11 a.m. to 3 p.m. on Thursday, Fifth Third also had a high volume of traffic to its site. “We believe it was a denial of service attack designed to disrupt access to our site,” Ms. DeCourcy said. “This was an access issue, not a security issue: No customer information or data was compromised.”

In a denial of service attack, hackers bombard a site with traffic until it collapses under the load. Though banks take great pains to absorb large volumes of traffic, many experienced  unprecedented levels. Typically such attacks are deployed through a Web application, in which hackers recruit volunteers to click on a link that sends signals from their computers to a victim’s site, or through botnets, networks of infected computers and devices that do hackers’ work for them.

But security researchers who studied the attacks on banking sites last fall said hackers had used a new weapon: data centers.

Researchers at Radware who investigated the attacks for several banks found that the traffic was coming from data centers around the world that had been infected with a sophisticated form of malware that was designed to evade detection by antivirus solutions. The attackers used those infected servers to simultaneously fire traffic at each banking site until it slowed or collapsed. By infecting data centers instead of computers, attackers obtained the horsepower to mount an enormous denial of service attack.

Jenny Shearer, a spokeswoman for the Federal Bureau of Investigation, declined to comment on the source of the attacks on Friday.

In an online post, hackers said the attacks had not been sponsored by a country.

Government and intelligence officials have blamed Iran for the fall attacks and for a destructive cyberattack on computers at Saudi Aramco in August, though they have not presented any evidence to back up their claims. Tracing cyberattacks back to one particular country is difficult, security experts say, because traffic can be routed through different Internet addresses to mask their true origin.

Security researchers still do not know how the data centers used in the first wave of attacks were infected in the first place, how widespread the infection rate was and — perhaps most troubling  — whether the servers could be used to damage other sensitive targets in the future.

On Tuesday, the hackers said they had no intention of halting their campaign. “Officials of American banks must expect our massive attacks,” they wrote. “From now on, none of the U.S. banks will be safe.”

Article source: http://bits.blogs.nytimes.com/2013/01/04/u-s-banks-again-hit-by-wave-of-cyberattacks/?partner=rss&emc=rss

New Ways to Exploit Raw Data May Bring Surge of Innovation, a Study Says

Math majors, rejoice. Businesses are going to need tens of thousands of you in the coming years as companies grapple with a growing mountain of data.

Data is a vital raw material of the information economy, much as coal and iron ore were in the Industrial Revolution. But the business world is just beginning to learn how to process it all.

The current data surge is coming from sophisticated computer tracking of shipments, sales, suppliers and customers, as well as e-mail, Web traffic and social network comments. The quantity of business data doubles every 1.2 years, by one estimate.

Mining and analyzing these big new data sets can open the door to a new wave of innovation, accelerating productivity and economic growth. Some economists, academics and business executives see an opportunity to move beyond the payoff of the first stage of the Internet, which combined computing and low-cost communications to automate all kinds of commercial transactions.

The next stage, they say, will exploit Internet-scale data sets to discover new businesses and predict consumer behavior and market shifts.

Others are skeptical of the “big data” thesis. They see limited potential beyond a few marquee examples, like Google in Internet search and online advertising.

The McKinsey Global Institute, the research arm of the consulting firm, is coming down on the side of the optimists in a lengthy study to be published on Friday. The report, based on nine months of work is “Big Data: The Next Frontier for Innovation, Competition and Productivity.” It makes estimates of the potential benefits from deploying data-harvesting technologies and skills.

The McKinsey research unit, for example, says the value to the health care system in the United States could be $300 billion a year, and that American retailers could increase their operating profit margins by 60 percent.

But the study also identifies challenges. One hurdle is a talent and skills gap. The United States alone, McKinsey projects, will need 140,000 to 190,000 more people with “deep analytical” skills, typically experts in statistical methods and data-analysis technologies.

McKinsey says the nation will also need 1.5 million more data-literate managers, whether retrained or hired. The report points to the need for a sweeping change in business to adapt a new way of managing and making decisions that relies more on data analysis. Managers, according to the McKinsey researchers, must grasp the principles of data analytics and be able to ask the right questions.

“Every manager will really have to understand something about statistics and experimental design going forward,” said Michael Chui, a senior fellow at the McKinsey Global Institute.

The study estimates that the use of personal location data could save consumers worldwide more than $600 billion annually by 2020. Computers determine users’ whereabouts by tracking their mobile devices, like cellphones. The study cites smartphone location services including Foursquare and Loopt, for locating friends, and ones for finding nearby stores and restaurants.

But the biggest single consumer benefit, the study says, is going to come from time and fuel savings from location-based services — tapping into real-time traffic and weather data — that help drivers avoid congestion and suggest alternative routes. The location tracking, McKinsey says, will work either from drivers’ mobile phones or GPS systems in cars.

Personal location data raises privacy concerns. Both Google and Apple, for example, have faced protests recently for collecting location data without most users’ knowledge. The McKinsey report says such services should require that users have a choice and opt-in to use them, but the report does not deal with privacy issues in detail.

The sizable projected payoff for consumers, some experts say, is not surprising. “Much of the benefit of innovation always flows to consumers,” said Martin Baily, an economist at the Brookings Institution, who was an adviser on the study. “So the large consumer surplus makes sense.”

In health care, the biggest slice of the $300 billion gain is expected to come from more effectively using data to inform treatment decisions. The tools include clinical decision support to assist doctors, and comparative effectiveness research to make more informed decisions on drug therapy.

For example, the Department of Veterans Affairs and Kaiser Permanente save millions of dollars a year in treating many patients with high cholesterol with generic statins instead of branded statins, like Lipitor. But such tailored treatments require electronic health records for tracking results, and most of the nation’s hospitals and physicians still use paper records.

Skeptics say the economic payoff from harnessing big data sets is mostly wishful thinking so far. The nation’s technology-assisted increase in productivity began in 1995 and continued through 2004, having trailed off since, despite investments in data analytics.

“The big dividend mostly hasn’t arrived yet,” said Tyler Cowen, an economist at George Mason University.

The McKinsey authors say that the big-data trend is just getting under way. It will take years, they say, before the gains show up in the economic statistics, just as it did for computers to prove they were engines of productivity.

“But it’s clear that data is an important factor of production now,” said James Manyika, a director of the McKinsey Global Institute.

Article source: http://feeds.nytimes.com/click.phdo?i=5a30d792f94279a1904fb1cd527117d5