

Major banks hit with biggest cyberattacks in history - maayank
http://money.cnn.com/2012/09/27/technology/bank-cyberattacks/

======
JoachimSchipper
This is not remotely as dangerous as e.g. the cyberattacks on Google [1], the
cyberattacks on RSA Labs (and Lockheed) [2], or the cyberattack on Iran's
centrifuges (allegedly; [3]) - it's just Yet Another DDoS. The chief national-
security danger is that some bank will pay up and that this money will be used
for evil.

Given those facts, "biggest cyberattack in history" is rather overblown. (It
_may_ be the biggest DDoS in history, but DDoS just aren't that dangerous.)

[1] <http://en.wikipedia.org/wiki/Operation_Aurora>

[2] [http://www.scmagazine.com/rsa-confirms-lockheed-hack-
linked-...](http://www.scmagazine.com/rsa-confirms-lockheed-hack-linked-to-
securid-breach/article/204744/)

[3] <http://en.wikipedia.org/wiki/Stuxnet>

~~~
ihsw
Attacking data access is just as serious as attacking data confidentially or
attacking data integrity. They all deserve equal consideration regarding data
security.

EDIT: In this case the websites targeted aren't high-value or critical,
however the value of data access shouldn't be downplayed.

~~~
crpatino
No, it is not. It is not the same to prevent you from accessing your
information (however high-value or critical it might be) than having the very
same information being actively used against you in unforeseeable ways.

Besides, this statement runs against the core principles of Risk Management,
which recognizes the need to prioritize the use of scarce resources to protect
the most salient risk according to a utility function that combines but the
likeliness and the adverse consequences of each potential incident.

~~~
sophacles
Not necessarily - There are many times integrity and access are far more
important than confidentiality - control systems for example. For sensor
streams, availability may even be more important than integrity. There are
already algorithms in place in control systems to deal with bad or weird data
from those sensors because sensors go funky all the time. having the tampered
data is still a form of information that _the sensor is still there_ , a
surprisingly useful bit of data itself.

There is a lot of research in control system security about balancing
extremely high availability requirements against bad data and commands coming
in -- trying to answer the question "how do we run compromised" because
sometimes you have to, at least for a limited time, to prevent bigger systemic
damage.

------
digitalengineer
Sigh. Never waist a good crisis eh? "Sen. Joe Lieberman said that he believed
the attacks were launched by Iran".

~~~
archgoon
Which I find to be bizarre. There is very little reason in doing these sorts
of attacks _unless_ you plan on taking credit for it. You can't say "maybe
it's a test run" because this potentially gives enough warning to your targets
to bolster their defenses.

------
jere
>No data was stolen from the banks, and their transactional systems -- like
their ATM networks -- remained unaffected. The aim of the attacks was simply
to temporarily knock down the banks' public-facing websites.

------
jgrahamc
It doesn't take a 'state actor' to launch a DDoS attack. Money buys a botnet.
CloudFlare CEO Matthew Prince was on Bloomberg TV the other day discussing
these recent attacks: [http://www.bloomberg.com/video/wells-fargo-is-latest-
bank-hi...](http://www.bloomberg.com/video/wells-fargo-is-latest-bank-hit-by-
cyber-attacks-2iNWFDdAT2iBdsGmQPxzoQ.html)

------
tptacek
Cyberattacks? What? No! The digital equivalent of a sit-in!

------
wwwtyro
For the sake of our heart rates, you might point out that it was a DOS attack,
next time. ;)

------
Tipzntrix
Why does the article have in large letters "How hackers can access your credit
card" with a video, when that has nothing to do with this attack?

