Security experts say the outages stem from one of the biggest cyberattacks they’ve ever seen. These “denial of service” attacks — huge amounts of traffic directed at a website to make it crash — were the largest ever recorded by a wide margin, according to two researchers.
Banks get hit by cyberattackers all the time and typically have some of the best defenses against them. This time, they were outgunned.
“The volume of traffic sent to these sites is frankly unprecedented,” said Dmitri Alperovitch, co-founder of CrowdStrike, a security firm that has been investigating the attacks. “It’s 10 to 20 times the volume that we normally see, and twice the previous record for a denial of service attack.”
To carry out the cyberattacks, the attackers got hold of thousands of high-powered application servers and pointed them all at the targeted banks. That overwhelmed Bank of America and Chase’s Web servers on Sept. 19, Wells Fargo and U.S. Bank on Wednesday and PNC on Thursday. Fred Solomon, a spokesman for PNC, confirmed that a high volume of traffic on Thursday was affecting users’ ability to access the website, but he declined to go into more detail.
Talking heads are of course trying to pin the blame on someone and naturally groups are stepping up to claim credit. The reality is, pretty much everyone hates the banksters. It’s a universal reviling.