What Caused Citi's Outage?

Site Down on Same Day Napolitano Addresses Bank Attacks
What Caused Citi's Outage?

Citigroup on Oct. 31 experienced an online and mobile outage that lasted less than an hour, but it's not clear whether it was caused by a distributed denial of service attack.

In recent weeks, 10 leading U.S. banks have experienced outages tied to DDoS attacks allegedly waged by the hacktivist group Izz ad-din al-Qassam.

See Also: 10 Incredible Ways You Can Be Hacked Through Email & How To Stop The Bad Guys

Citigroup spokesman Brent Andrew said during the evening of Oct. 31 that the interruptions were being reviewed. "Earlier today, Citi experienced interruption in the availability of some of its websites and mobile apps," he acknowledged. "The sites and apps are now fully functional."

Fraud Behind Attacks?

Meanwhile, that same day, at an event sponsored by The Washington Post, Homeland Security Secretary Janet Napolitano acknowledged that "financial institutions are actively under attack." When asked whether hackers are stealing information or money from banks, Napolitano answered, "yes," and then quickly added, "I really don't want to go into that per se. All I want to say is that there are active matters going on with financial institutions."

Despite institutions' ongoing claims that a href="https://www.bankinfosecurity.com/fraud-c-148">fraud is not behind the DDoS attacks, some experts suggest the attacks and patterns suggest otherwise.

Jason Malo, a financial security and fraud research director at CEB TowerGroup, says DDoS attacks are often used to distract organizations from detecting fraud taking place in the background.

"Take a look at Sony," he says. "They got hit with a DDoS attack, and then right after that they got compromised. No one knows if it's tied, but they were so distracted by the DDoS attack, they lost track of what was going on."

Mike Smith, a security evangelist with technology vendor Akamai, says the automation behind the recent DDoS attacks suggests fraud has to be the catalyst.

"They are looking for targets that have footprints on employees' desktops," Smith says. Automated server attacks have allowed attackers to increase their attack numbers, he adds. The more targets they hit, the more information they can scan from each target's network.

During her Oct. 31 interview, Napolitano said the Department of Homeland Security was working with the financial services industry, as well as other critical infrastructure sectors, to address known vulnerabilities.

Citi Outage Linked to Infrastructure?

On the surface, the Citi outage seems more likely to be linked to infrastructural and connectivity issues brought by Hurricane Sandy than a targeted DDoS, says DDoS John Walker, who also serves as the chairman of ISACA's Security Advisory Group in London.

Interdependencies between network - especially cellular networks - and service providers mean when one provider goes down, others are likely to be affected, Walker says. "That definitely only complicates outage concerns during natural disasters," he says.

But Walker says those interdependencies likely only impacted mobile banking, not the online outage. Cyberattack activity often picks up during a disaster, he adds; so even if the Citi outage is not linked to the DDoS hits, it's likely the result of some other nefarious attack.

"When disasters ... occur, it would seem to be an obvious time to add pressure in an already stressed hot-spot," Walker says.

Based on research he is conducting for Nottingham Trent University's Computing and Informatics department, Walker says global Internet traffic patterns collected since Sandy suggest cyberattacks against the U.S. have increased.

"Whilst Sandy was happening, the vectors of attack increased" in the Midwest and along the East Coast, Walker says.

Walker also says traffic collected Oct. 31 shows higher concentrations of Internet activity/traffic along the East Coast, suggesting attackers want to hit institutions that are struggling to recover from the storm.

But Izz ad-din al-Qassam has been quiet since Oct. 23, when the group announced Pastebin that it was halting attacks in honor of Eid al-Adha, a Muslim three-day holiday.

The Attacks So Far

Since mid-September, 10 banks have been the targets of DDoS attacks - online attacks that flood websites with overwhelming amounts of traffic - allegedly waged by the hacktivist group Izz ad-din al-Qassam. The group claims to be waging its cyberwar against the banks because of outrage over a YouTube movie trailer that it deems anti-Islam.

So far, Bank of America, JPMorgan Chase, Wells Fargo, PNC, U.S. Bank, CapitalOne, HSBC, SunTrust, Regions and BB&T have been hit.

Industry experts say it could be several days before the cause of the Citi outage is determined.

"I couldn't even hazard a guess as to what could have caused an outage for Citi," says Matt Wilson, a strategic technologist and resident DDoS expert at VeriSign, which specializes in website and domain-naming security. "There are literally thousands of possible reasons for an outage. Anyone suggesting that it's DDoS or tied to any particular external event is literally guessing unless Citi verifies it."


About the Author

Tracy Kitten

Tracy Kitten

Director of Global Events Content and Executive Editor, BankInfoSecurity & CUInfoSecurity

A veteran journalist with more than 20 years' experience, Kitten has covered the financial sector for the last 13 years. Before joining Information Security Media Group in 2010, where she now serves as director of global events content and executive editor of BankInfoSecurity and CUInfoSecurity, she covered the financial self-service industry as the senior editor of ATMmarketplace, part of Networld Media. Kitten has been a regular speaker at domestic and international conferences, and was the keynote at ATMIA's U.S. and Canadian conferences in 2009. She has been quoted by CNN.com, ABC News, Bankrate.com and MSN Money.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.co.uk, you agree to our use of cookies.