From Ellen Nakashima, Washington Post: Major U.S. banks have turned to the National Security Agency for help protecting their computer systems after a barrage of assaults that have disrupted their Web sites, according to industry officials.
The attacks on the sites, which started about a year ago but intensified in September, have grown increasingly sophisticated, officials said. The NSA has been asked to provide technical assistance to help banks further assess their systems and to better understand the attackers’ tactics.
The cooperation between the NSA and banks, industry officials say, underscores the government’s fears about the unprecedented assault against the financial sector and is part of a broader effort by the government to work with U.S. firms on cybersecurity. Nonetheless, the assistance is likely to dismay privacy advocates, who say that the world’s largest electronic spying agency has no business peering inside private companies’ systems, even if for the strict purpose of improving computer security.
U.S. intelligence officials said last year they believe the attacks against the banks and other companies have been carried out by Iran, although some experts have cautioned that it is difficult to accurately determine who is behind them. . . .
The cyber assaults against the banks are known as distributed denial-of-service, or DDoS, attacks, in which Web servers are overwhelmed with traffic, thus slowing their responsiveness or crashing them altogether. The disruptions — which typically last up to an hour or two at most — do not involve the theft of data, but they have interrupted online banking services and diverted security teams at a large number of financial institutions.
The banks whose Web sites have been disrupted include Bank of America, PNC Bank, Wells Fargo, Citigroup, HSBC and SunTrust. In recent weeks, attackers have targeted up to seven banks a day, but only on Tuesdays, Wednesdays and Thursdays.
For security experts at banks — already considered to be among the best at cybersecurity in the private sector — the attacks have been far more challenging than most DDoS incidents because the assailants have commandeered vastly more traffic to carry out the attacks. . . .
Although the NSA is known mostly for its collection of intelligence, its mission includes “information assurance” to secure both the military’s computer networks and other “national security systems.” The NSA for more than 20 years has helped companies that provide software to the Defense Department improve their security. . . .
[Former NSA official Richard] George said that, over the past decade, the agency has aided about 10 companies a year after their networks were compromised. . . .
Google obtained NSA help in 2010 after the tech giant found its computer networks compromised by hackers believed to be based in China. The request, made through DHS, was justified on the grounds that Google’s search engine is widely used on Defense Department computers, a former defense official said. . . .
The NSA is far from the only agency working to improve cybersecurity in the private sector.
The FBI has a joint cyber task force in Northern Virginia and a 24/7 hotline for industry to call for help, and the Treasury Department has a cyber unit closely monitoring threats. The Homeland Security Department, which runs a round-the-clock cybersecurity watch center in Arlington, is sharing alerts with industry and has banking and Internet company representatives on the premises. The Justice Department has set up a nationwide network of national security cyber specialists, which officials said would do more outreach to industry and serve as a forum to exchange information. . . .
In the case of banks, the government has begun providing officials with advance warning of a DDoS attack sometimes five or 10 minutes ahead of time. (photo: Jason Reed/Reuters)
Image: reuters%201%2012%2013%20banks%20NSA_0.jpg