JPMorgan Chase website downed by DoS attack
Attack comes as US committee told ‘cyber threat more worrying than terrorism’
Chase.com, the consumer site of US financial conglomerate JPMorgan Chase & Co was hit by a denial-of-service attack yesterday, online media reported.
The attack took the public site offline as US intelligence officials announced that the cyber threat represented a greater concern to national security than terrorism. The annual briefing in which the concerns were disclosed was given to the US Senate Intelligence Committee and included testimony from Director of National Intelligence James Clapper.
In September hacktivist group Izz ad-Din al-Qassam Cyber Fighters pledged to target US banks with DoS strikes, which work by flooding a Web server with more resource requests than it can handle. A Reuters report confirmed that attempts to log into the Chase.com site failed and according to JPMorgan spokesman Michael Fusco IT staff were still working to restore operations until late yesterday.
Last week Florida-based DoS-protection specialist Prolexic announced its involvement in the "mitigation" of a similar attack on an unnamed US utility company's website and online payment system on February 17.
"[The systems were] brought down for 48 hours by a combination Layer 4 DDoS attack," Prolexic said in a statement.
"During that time, more than 155,000 customers could not pay bills online or by phone. In addition, employees could not receive external e-mails."
"Utilities is another vertical market that is likely to be victimised in the coming months as attackers look beyond daily targets like e-commerce and financial services," said Stuart Scholly, president, Prolexic.
"Attackers are targeting network infrastructures to cause collateral damage to other shared resources, so organisations must think about their different areas of vulnerability beyond website URLs."
According to Proexic, detection and mitigation of the attack proved difficult because it targete the backend IP addresses of the public-facing infrastructure.
While it is not clear if Izz ad-Din al-Qassam was involved in this attack or in the JPMorgan Chase incident, the escalation of incursions may explain the strength of language in intelligence briefings as governments and public agencies grasp the depth and breadth of the cyber threat.
JPMorgan, Bank of America Corp and Citigroup Inc, have all reported attacks in recent months and admitted that they expect more in the future.