Cyber Security Institute

§ Current Worries

Top 3 Worries

  • Regulations
  • Old Firewall Configurations
  • Security Awareness

§ Listening

For the best information

  • The underground
  • Audible
  • Executive Excellence
  • Music (to keep me sane)

§ Watching

For early warnings

  • 150 Security Websites
  • AP Newsfeeds
  • Vendors

Tuesday, May 07, 2013

Anonymous May 7 Target List Includes 12 Large Credit Unions

The hacker group OpUSA, which is working with hackers Anonymous to launch distributed denial of service attacks against government and financial institution websites Tuesday, released of list of targeted institutions that includes 12 credit unions.


Other credit union sites listed on the OpUSA post on Pastebin include the $54 billion Navy FCU of Vienna, Va., the $27 billion State Employees’ Credit Union of Raleigh, N.C., the $12 billion Boeing Employees Credit Union of Tukwila, Wash., the $9.8 billion SchoolsFirst FCU of Santa Ana, Calif., the $8.2 billion The Golden 1 Credit Union of Sacramento, Calif., the $5.4 billion Suncoast Schools FCU of Tampa, Fla., the $5.6 billion American Airlines FCU of Fort Worth, Texas, the $8.3 billion Alliant Credit Union of Chicago, the $7.2 billion Security Service FCU of San Antonio, Texas, the $6.2 billion San Diego County Credit Union of San Diego and the $5.8 billion America First FCU of Riverdale, Utah. John Magill, CUNA executive vice president of governmental affairs, said during a Monday morning press call he has spoken to NCUA staff members about the attack, and they said the regulator is aware of the target list and has contacted the 12 credit unions.

Kevin Prince, chief technology officer at the Santa Ana, Calif.-based technology management firm Compushare, said the attack could be impactful, but added nobody knows how it could play out. Compushare has worked on an FBI task force for a long time combating Anonymous cyberattacks, and Prince said the bureau “is having a hard time doing anything about it.”

Prince, who was a guest on CUNA’s call, recently released a white paper that reassures small financial institutions they’re not likely targets, but nonetheless provides ways to prepare in case they are, or simply worry they may be.

Instead, Prince advised, credit unions should work with their internet service provider to stop the attack “upstream” before it gets to the credit union’s website or online banking service.

Because most credit unions don’t host their own online banking site, working instead with a third party provider or core processor, their prep time would be better spent reviewing third party due diligence than attempting to shore up their own connections, he said.

The white paper, titled “DDoS Attacks: How Real Are the Risks for Community Financial Institutions”, is available to be downloaded on Compushare’s website.


Posted on 05/07