Magazine article American Banker

Banks Vulnerable to Same Type of Attack That Hit Times Website

Magazine article American Banker

Banks Vulnerable to Same Type of Attack That Hit Times Website

Article excerpt

Byline: Sean Sposito, Penny Crosman

Banks have good reason to pay attention to the cyberattack that hit the New York Times, Twitter and Huffington Post websites yesterday and apparently resumed on the Times site today -- they are vulnerable to the same type of assault.

The Syrian Electronic Army, which backs Syria's President Bashar al-Assad, has taken credit for the attack, in which it broke into the computers of the websites' domain registrar, Melbourne IT. (A domain name registrar redirects visitors from a site's user-friendly public URL, such as www.nytimes.com, to the hidden, numerical IP address of the actual website server.) Once there, the Syrian Electronic Army gained access to registry records and changed contact details and domain name servers for the sites, redirecting visitors to the group's own sites. The attack began as U.S. officials were debating a military strike on Syria in reaction to its government's use of chemical weapons against its own people.

"If your registrar uses single-factor authentication, you are just as vulnerable" as the New York Times is, says Robert E. Lee, security business partner at Intuit. "If that [registrar] gets pilfered, every single domain name that is associated with that username and password is vulnerable to that same attack."

Melbourne IT has several bank clients, including Union Bank in San Francisco. Union Bank did not immediately respond to a request for comment.

"It could happen to bank websites since the same underlying issue (relying on a third party as its domain name registrar) exists for them as well," says Joram Borenstein, vice president of NICE Actimize, a provider of risk and compliance software to banks. "If your third party vendor isn't sufficiently secure, you might as well assume a problem will eventually arise on your doorstep."

Melbourne IT did not respond to a request for comment, but did explain the attack in an email to customers: "The credentials of a Melbourne IT reseller (username and password) were used to access a reseller account on Melbourne IT's systems. …

Search by... Author
Show... All Results Primary Sources Peer-reviewed

Oops!

An unknown error has occurred. Please click the button below to reload the page. If the problem persists, please try again in a little while.