Skip to main content

Banks seek NSA help amid attacks on their computer systems


By Ellen Nakashima,

Major U.S. banks have turned to the National Security Agency for help protecting their computer systems after a barrage of assaults that have disrupted their Web sites, according to industry officials.

The attacks on the sites, which started about a year ago but intensified in September, have grown increasingly sophisticated, officials said. The NSA, the world’s largest electronic spying agency, has been asked to provide technical assistance to help banks further assess their systems and to better understand the attackers’ tactics.

The cooperation between the NSA and banks, industry officials say, underscores the government’s fears about the unprecedented assault against the financial sector and is part of a broader effort by the government to work with U.S. firms on cybersecurity. Nonetheless, the assistance is likely to dismay privacy advocates, who say that the NSA has no business peering inside private companies’ systems, even if for the strict purpose of improving computer security.

U.S. intelligence officials said last year they believe the attacks against the banks and other companies have been carried out by Iran, although some experts have cautioned that it is difficult to accurately determine who is behind them.

“If you look at their actions, they’re taking this very seriously. The government is stepping up to the plate,” said one bank official, who like most interviewed for this article spoke on the condition of anonymity because he was not authorized to speak for the record.

The NSA declined to comment for this article beyond a statement saying that the agency provides assistance “in full compliance with all applicable laws and regulations.”

DDoS attacks

The cyber assaults against the banks are known as distributed denial-of-service, or DDoS, attacks, in which Web servers are overwhelmed with traffic, thus slowing their responsiveness or crashing them altogether. The disruptions — which typically last up to an hour or two at most — do not involve the theft of data, but they have interrupted online banking services and diverted security teams at a large number of financial institutions.

The banks whose Web sites have been disrupted include Bank of America, PNC Bank, Wells Fargo, Citigroup, HSBC and SunTrust. In recent weeks, attackers have targeted up to seven banks a day, but only on Tuesdays, Wednesdays and Thursdays.

For security experts at banks — already considered to be among the best at cybersecurity in the private sector — the attacks have been far more challenging than most DDoS incidents because the assailants have commandeered vastly more traffic to carry out the attacks.

The government’s willingness to engage “is emblematic of how these cyber-related risks are evolving,” the bank official said. “Agencies like the NSA have tremendous expertise for very sophisticated types of information-security programs.”

Although the NSA is known mostly for its collection of foreign intelligence, its mission includes “information assurance” to secure both the military’s computer networks and other “national security systems.” For more than 20 years, the NSA has helped companies that provide software to the Defense Department improve their security.

In general, it can provide assistance to private-sector companies when their systems are seen as critical to national security, said Richard George, a former computer security official at the NSA. The request must come from a government agency, such as the Treasury Department or the Department of Homeland Security, that has authority to work with the company.

“We can certainly help them analyze the situation,” said George, who is now at Johns Hopkins University’s Applied Physics Laboratory. “One thing we can do is ‘red team’ their solution. If their tech guys say, ‘This is what we plan to do,’ we can look at that and say, ‘Is it effective?’ ”

Google obtained NSA help in 2010 after the tech giant found its computer networks compromised by hackers believed to be based in China. The request, made through DHS, was justified on the grounds that Google’s search engine is widely used on Defense Department computers, a former defense official said.

George said the agency’s assistance usually entails a small team — say, six people — inspecting a company’s system to help the firm understand how an intrusion happened, what if anything was stolen, and whether similar events have happened at other firms.

The team can advise a company on how to repair its system and strengthen and test its defenses to prevent repeat occurrences. Some company data may be shared to help derive a “signature” of the attack, former officials said.

The access to information is among the issues that concern critics.

“The dual mission of the NSA, to promote security and to pursue surveillance, creates an intractable privacy problem,” said Marc Rotenberg, executive director of the Electronic Privacy Information Center.

Former NSA officials say privacy concerns are overblown and note that requests for NSA assistance are denied when there is no national security interest at stake. George said that, over the past decade, the agency has aided about 10 companies a year after their networks were compromised.

“If NSA is involved [with the banks], it’s because they would love to see what’s happening on the victim’s side,” a second former defense official said. “There’s probably more for the government to learn than to give.”

A silver lining

For the government, the recent DDoS incidents, while disturbing, have had a silver lining: They have given impetus to further collaboration with the private sector.

The Obama administration has sought to improve such cooperation, in the hopes of improving the nation’s cybersecurity. Last fall, the White House was calling Internet providers and asking them, “What are you seeing?” one Internet company official said. “Gradually, that evolved to ‘How can we help?’ ”

The NSA is far from the only agency working to improve cybersecurity in the private sector.

The FBI has a joint cyber task force in Northern Virginia and a 24/7 hotline for industry to call for help, and Treasury has a cyber unit closely monitoring threats. The Homeland Security Department, which runs a round-the-clock cybersecurity watch center in Arlington, is sharing alerts with industry and has banking and Internet company representatives on the premises. The Justice Department has set up a nationwide network of national security cyber specialists, which officials said would do more outreach to industry and serve as a forum to exchange information.

The FBI is concerned about recent cyber events, said Richard McFeely, the bureau’s executive assistant director of the Criminal, Cyber, Response and Services Branch. “We need to make sure that we’re responsive around the clock on it.”

In the case of banks, the government has begun providing officials with advance warning of a DDoS attack sometimes five or 10 minutes ahead of time.

The ability to share information between the FBI and the banks has been eased by the granting of more than 250 classified-level security clearances to bank officials in the past five years, industry officials said.

“What we’ve seen is a much more refined ability to receive information from the NSA and other agencies,” the bank official said.

Comments

Popular posts from this blog

Why States Still Use Barrel Bombs

Smoke ascends after a Syrian military helicopter allegedly dropped a barrel bomb over the city of Daraya on Jan. 31.(FADI DIRANI/AFP/Getty Images) Summary Barrel bombs are not especially effective weapons. They are often poorly constructed; they fail to detonate more often than other devices constructed for a similar purpose; and their lack of precision means they can have a disproportionate effect on civilian populations. However, combatants continue to use barrel bombs in conflicts, including in recent and ongoing conflicts in Africa and the Middle East, and they are ideally suited to the requirements of resource-poor states. Analysis Barrel bombs are improvised devices that contain explosive filling and shrapnel packed into a container, often in a cylindrical shape such as a barrel. The devices continue to be dropped on towns all over Syria . Indeed, there have been several documented cases of their use in Iraq over the past months, and residents of the city of Mosul, which was re

Russia Looks East for New Oil Markets

Click to Enlarge In the final years of the Soviet Union, Soviet leader Mikhail Gorbachev began orienting his foreign policy toward Asia in response to a rising Japan. Putin has also piloted a much-touted pivot to Asia, coinciding with renewed U.S. interest in the area. A good expression of intent was Russia's hosting of the Asia-Pacific Economic Cooperation summit in 2012 in Vladivostok, near Russia's borders with China and North Korea. Although its efforts in Asia have been limited by more direct interests in Russia's periphery and in Europe, Moscow recently has been able to look more to the east. Part of this renewed interest involves finding new export markets for Russian hydrocarbons. Russia's economy relies on energy exports, particularly crude oil and natural gas exported via pipeline to the West. However, Western Europe is diversifying its energy sources as new supplies come online out of a desire to reduce its dependence on Russian energy supplies . This has

LONDON POLICE INDIRECTLY ENCOURAGE CRIMINALS TO ATTACK RUSSIAN DIPLOMATIC PROPERTY

ILLUSTRATIVE IMAGE A few days ago an unknown perpetrator trespassed on the territory of the Russian Trade Delegation in London, causing damage to the property and the vehicles belonging to the trade delegation , Russian Foreign Ministry Spokeswoman Maria Zakharova said during the September 12 press briefing. The diplomat revealed the response by the London police was discouraging. Police told that the case does not have any prospects and is likely to be closed. This was made despite the fact that the British law enforcement was provided with video surveillance tapes and detailed information shedding light on the incident. By this byehavior, British law inforcements indirectly encourage criminals to continue attacks on Russian diplomatic property in the UK. Zakharova’s statement on “Trespassing on the Russian Trade Mission premises in London” ( source ): During our briefings, we have repeatedly discussed compliance with the Vienna Convention on Diplomatic Relations, specif