Bank group warns of heightened risk of cyber attacks

Wed Sep 19, 2012 7:56pm EDT

JPMorgan Chase & Co's international headquarters are seen on Park Avenue in New York July 13, 2012. REUTERS/Andrew Burton

JPMorgan Chase & Co's international headquarters are seen on Park Avenue in New York July 13, 2012.

Credit: Reuters/Andrew Burton

Related Topics

(Reuters) - A financial services industry group warned U.S. banks, brokerages and insurers on Wednesday to be on heightened alert for cyber attacks after Bank of America and JPMorgan Chase experienced unexplained outages on their public websites.

The Financial Services Information Sharing and Analysis Center, which is widely known as FS-ISAC, raised the cyber threat level to "high" from "elevated" in an advisory to members, citing "recent credible intelligence regarding the potential" for cyber attacks as its reason for the move.

An outside security contractor told Reuters that "massive" denial-of-service attacks had been launched against multiple banks, but declined to comment further.

Denial-of-service attacks seek to disrupt websites and other computer systems at the targeted organization by overwhelming their networks with computer traffic.

The move by FS-ISAC came just two days the FBI published a "fraud alert" advising financial services firms that cyber criminals may be disrupting service to their websites in a bid to keep banks from noticing a recent surge in fraudulent large-sized wire transfers. (1.usa.gov/SUGCDZ)

An FBI spokeswoman declined to say if the tactics cited in the "fraud alert" were related to the problems experienced by the two banks.

The problems with the websites at the two banks came after an unidentified person posted a statement on the Internet threatening to attack Bank of America and the New York Stock Exchange as a "first step" in a campaign against U.S. companies. The posting said the attacks would continue until the film that had stirred up anti-U.S. protests across the Middle East was "erased" from the Internet.

It was not possible to identify the person who posted the statement. Nor was it clear if the threat had anything to do with the issues at either of the two banks.

JP MORGAN

On Wednesday the consumer banking website of JPMorgan Chase & Co was intermittently unavailable to some customers. The problems followed issues with the website of Bank of America Corp on Tuesday amid threats on the Internet that a group was planning to launch cyber attacks on a U.S. bank.

JPMorgan Chase spokesman Patrick Linehan said, "We're experiencing intermittent issues with Chase.com. We apologize for any inconvenience and are working to restore full connectivity.

A Bank of America spokesman reported no continuing problems on Wednesday. "Our online banking services have been, and are, up and running," Mark Pipitone said. "The vast majority of our customers have not experienced any issues."

The short advisory from the industry group urged banks and other industry members to "ensure constant diligence in monitoring and quick response to any malicious events."

The Reston, Virginia-based group is owned by dozens of firms, including the two banks, as well as Citigroup Inc, Goldman Sachs Group Inc and Morgan Stanley. Insurers including American International Group, Allstate Corp and State Farm Insurance also belong to the group, as do credit card firms MasterCard Inc and Visa Inc.

The advisory also cited a warning from Microsoft Corp that hackers have attacked some of its customers due to a security bug in its widely used Internet Explorer browser.

Microsoft has yet to release software to fix that security flaw. The German government advised the public to stop using Internet Explorer until an update is released. The U.S. Department of Homeland Security has advised users to follow steps recommended by Microsoft to reduce the risk of attacks but noted that those measures may not fully secure the browser.

POLICY DEBATE

The warning from FS-ISAC comes as the Obama Administration is considering issuing an executive order that could instruct government agencies to take action to help better protect the nation's critical infrastructure from cyber attacks.

Legislation that would strengthen the government's ability to help secure private networks has so far been stalled in Congress by groups concerned about privacy issues as well as business groups that oppose increased regulation of their activities.

Senator Jay Rockefeller, who heads the Senate Commerce Committee, on Wednesday sent letters to the 500 biggest U.S. companies, challenging them to improve their computer security. He blamed the defeat of the legislation on concerns raised by "a handful of business lobbying groups and trade associations."

He asked the companies to identify their own best practices and to spell out their concerns about government-conducted risk assessments that were part of the cyber security bill. He warned that the companies could face "reactive and overly prescriptive legislation" if nothing was done until some cyber disaster.

Deputy Defense Secretary Ashton Carter complained that businesses are not doing enough to protect their own networks during a speech to the annual Air Force Association conference, saying he was disappointed that the legislation has not passed Congress.

Officials with FS-ISAC could not be reached to comment on the decision to raise its cyber threat level. A spokesman for the Department of Homeland Security declined to comment on the advisory from the industry group.

A short film mocking the Prophet Mohammad, made with private funds in the United States and posted on the Internet, has ignited days of demonstrations in the Arab world, Africa, Asia and in some Western countries.

(Reporting by David Henry in New York, Rick Rothacker in Charlotte, North Carolina, Jim Finkle in Boston. Additional reporting by Joseph Menn in San Franciso and Andrea Shalal-Esa in Washington; Editing by Gerald E. McCormick, Steve Orlofsky and Bob Burgdorfer)

FILED UNDER:
We welcome comments that advance the story through relevant opinion, anecdotes, links and data. If you see a comment that you believe is irrelevant or inappropriate, you can flag it to our editors by using the report abuse links. Views expressed in the comments do not represent those of Reuters. For more information on our comment policy, see http://blogs.reuters.com/fulldisclosure/2010/09/27/toward-a-more-thoughtful-conversation-on-stories/
Comments (2)
DC_Bank wrote:
Talk about issues .. I have NOT been able to pay my Mortage Payment with Bank Of America since they change their online payment system. Issue is log on Aug 6th, still NO resolution until today .. Sep 19th.

Sep 19, 2012 5:34pm EDT  --  Report as abuse
alrphfool wrote:
I find it passing strange that America who has declared war on just about everyone and thing now seems determined to declare war on itself.
The US government along probably with Israel created statnet and flame. it has boasted that it has the capacity to crash other internet systems. It is appalling that something so progressing educating and of so much benefit to the people of the world has been reduced to domination and control and those who consider this behaviour unacceptable.Their all doing is a common catch phrase.When some really bright person comes along and decides that enough is enough and writes something which infects the whole system what will we do then. I suppose it does not really matter what is important is that we won the war and showed those terrorists who is boss.

Sep 19, 2012 8:20pm EDT  --  Report as abuse
This discussion is now closed. We welcome comments on our articles for a limited period after their publication.