General Discussion
Related: Editorials & Other Articles, Issue Forums, Alliance Forums, Region ForumsU.S. online banking hacked; Muslim hackivists take credit
http://www.informationweek.com/security/attacks/muslim-hacktivists-take-credit-for-us-ba/240008059Here is the page for related articles in Google: http://news.google.com/news/story?hl=en&client=safari&q=wells+fargo+online+hacked&bav=on.2,or.r_gc.r_pw.&biw=768&bih=916&um=1&ie=UTF-8&ncl=dtESB4iYyCfoabMqvbWK5jTNrHSvM&sa=X&ei=R2FoUMCMD4ro8QTU3IDADw&ved=0CDMQqgIwAQ
I haven't seen any discussion of this on the news, just a blurb here or there. Some of the sites are still down. This is a problem for people who rely on the systems to efficiently pay their bills. At least one bank is taking orders from customers for bill pay over the phone.
PeaceNikki
(27,985 posts)Just to clarify for those unclear.
And you don't hear about it because no business likes to advertise that they are vulnerable to these attacks that are very simple and cheap to execute.
Zalatix
(8,994 posts)There is justifiable confusion over the word 'hack', as it has been expanded to include DDoS attacks.
You don't even want to KNOW about the old debates over whether the word 'hacker' even legitimately means a computer intruder. Many people contended (and still contend) that hack actually means to tinker.
Those were some... interesting debates, to say the least.
PeaceNikki
(27,985 posts)they really are.
Anyone can buy or rent tools for almost nothing to launch attacks on, well, anyone.
Zalatix
(8,994 posts)To stop that you need better antivirus tools, or better yet.. switch everyone to Linux.
Compromising most modern flavors of Linux is usually a Samurai duel, a grueling fight between an intruder and a single computer system.
Now there is no such thing as a perfectly secure system, but when you have to go sword to sword in a minutes or hours-long battle with a SINGLE system, it's just not worth it, ESPECIALLY when it comes to creating the kind of botnet that you need to carry out a DDoS. There is no "fire off an internet Trojan/worm/wtf-ever and sleep while 1 million PCs are zombified" with Linux. You do it one at a time, an hour long fight per PC. Nut-uh. Hackers will take that fight to break into a website or maybe a bank, but not millions of user PCs. No botnet for Linux... at least not under current conditions. You can never predict the future with that stuff. As I said, there is no such thing as a perfectly secure system. Linux just makes a horribly poor candidate for a botnet zombie.
On the other hand, making botnets from Windows machines is like dragnet fishing. You can catch a million Windows PCs with a single net and turn them into botnet zombies. Fire off a virus now, sleep tonight, have a million infected PCs awaiting your command tomorrow. Easy cheesy. Newbs can do that: we're at the point of "idiot who works for McDonald's today, comes home, looks up botnetting on the web, downloads a tool, customizes, and fires into cyberspace, wakes up tomorrow with a million Windows PCs at their command."
100 million Americans using Linux instead of Windows would make botnets not so much completely impossible (once again, to stress: no system can be perfectly secure) as it would make it so ridiculously impractical that botnet makers would give up on the United States for years, until someone found a way to introduce a virus into Linux that would be able to propagate.
Note, it is not impossible to hit Linux with a virus. It has been done. It's just stupidly difficult and hackers would be delusionally optimistic to think it's merely difficult to make such an infection propagate. But Linux does have issues that make for potential vulnerabilities... ironically, issues that arise from giving it Windows-like features!!! The Java engine is one oft-repeated weakness. Even the libraries that let you read JPEG files have been a security flaw in the past. And that damned SQL/XML injection and cross-site scripting (XSS) bullshit? That has the future potential to make botnets from ANY system, Linux or otherwise.
Just so no one becomes COMPLACENT about Linux's resistance to botnetting, here is a long video about Linux vulnerabilities.
Those guys who made STUXNET? They probably could zombify a million Linux machines.
In closing: the key to stopping botnets is not to make it impossible. You can't do that. The key is to make it so difficult to compromise a single PC that you'll be dead of old age before you finish up infecting enough of them to launch a DDoS attack. Linux achieves that... for now.
Ilsa
(61,697 posts)Ilsa
(61,697 posts)It's a hassle for both consumers and the banks, and I'm certain the banks' IT people had to work around the clock until it was resolved. These attacks, like viruses, cost millions.
I wouldn't expect the banks themselves to publicize the problem, but I was surprised that news outlets, including tv media, didn't cover it better.
Fawke Em
(11,366 posts)It's part of many of the regulatory regulations as part of remediation.
They are required to inform as many customers in as short amount of time as possible, which is usually the media, to stop-gap losses.