Why DDoS attacks continue to bedevil financial firms

• Distributed Denial of Service attacks overwhelms defenses%2C disrupts consumer web services
• Charles Schwab becomes third firm hit this month%2C behing Amex and Wells Fargo
• Botnets used to boost intensity of nuisance requests

SEATTLE – The Distributed Denial of Service, or DDoS, campaigns that disrupted Charles Schwab & Co.'s consumer website on Tuesday and Wednesday appears to be part of the same campaign that commenced last fall to systematically harass U.S. financial institutions.

Schwab capers appear to be orchestrated by the same group responsible for similar attacks on American Express and Wells Fargo earlier this monrth, as well as the temporary crippling of the consumer websites of JP Morgan Chase, Bank of America, Citibank and SunTrust last fall, says Paul Ferguson, vice president of threat intelligence at security firm Internet Identity.

Last September, U.S. Sen. Joe Lieberman, I-Conn., accused Iran of targeting the American financial system in retaliation for U.S. sanctions on Iran intended to deter that nation's nuclear program.

Internet traffic patterns show that DDoS attacks, especially against U.S. financial sector, are reaching unprecedented levels of intensity, says Scott Hammack, CEO of Prolexic, a Hollywood, Fla. – based company that helps organizations deflect DDoS attacks,.

DDoS attacks are crafted to make a website inaccessible to the intended users, usually by inundating the targeted site with nuisance requests issued from tens of thousands of infected PCs, networked together and under the command of a single controller. Such a network of obedient machines is known as a botnet.

Botnets are the main engines circulating badness on the Internet. Criminals use them to spread scams, steal data, hijack online accounts and conduct cybersyping. DDoS attacks are carried out by botnets to extort cash or make an ideological point. With respect to the continuing wave of DDoS attacks against financial companies, Mattack says the perpetrators have been operating with impunity.

"This is being driven by people hiding behind borders. The International police and the FBI cannot get to them because they are in countries we can't get into," says Hammack. "More than anything, they're trying embarrass a lot of the largest U.S.-based financial companies – and they're doing a pretty good job of it."

The operatives bedeviling U.S. financial companies are using a distinctive tactic. They've managed to infect and take over control of webservers that serve up the webpages of legit, innocuous websites, says Ferguson.

Spammers, by contrast, often use infected home PCs to spread e-mail advertising. While doing this, they may also send out spam carrying viral attachments or luring recipients to click to infected webpages. This helps them infect more PCs and replenish their botnets, says Ferguson.

The headlines resulting from the Schwab attack only hint at the day-to-day level of DDoS attacks, security experts say.

Banks and corporations are spending millions to fend off attacks, and sophisticated DDoS attacks are routinely detected and blocked. Earlier this month, for instance, Prolexic deflected a gargantuan DDoS attack against a major financial institution. Nuisance traffic directed at the target was measured at 160 gigabytes-per-second, 120 million- packet-per-second onslaught -- the largest, most intense DDoS attack Prolexic has observed in 10 years of operation.

In the face of corporations and government agencies pouring resources into defending DDoS attacks, the perpetrators are proving to be highly motivated and endlessly innovative. "I think you're going to see more of the same, probably for quite some time, " says Hammack. "This all has to do with the bad guys increasing the frequency and intensity of denial-of-service attacks to create chaos and to make the world less stable."