Should RBC be Outsourcing to Foreign Workers at this Time? Was TD Bank Hacked by the Qassam Fighters? Why do they Dislike the Kingdom of Saudi Arabia?

The Qassam Cyber Fighters claim they are attacking banks.  What do we know about this?




Is now a good time to be outsourcing IT functions?

***UPDATE 12April 2013:  The Qassam fighters say their next targets will be Key Bank and HSBC.  Their statement reads:

The cyber attacks against the U.S. bank are continuing. The Key bank and HSBC bank have gotten out of reach according to what the users and customers of the banks have been reported and can’t offer any services.
The best way for stopping the cyber attacks against the U.S. banks is removing the insulting film.

One victim of these attacks may be TD Bank which has a significant American presence in addition to its operations in Canada.  Spoke persons for TD and Keybank (American affiliate) have confirmed they were the victims of a DDOS cyber attack during the early afternoon of 21 March 2013.  The attacks were brute force and aimed at bank servers. Customers were affected by reduced service levels, but the attack did not appear to target customer’s accounts.  This is just one of many cyber attacks against large banks which have occurred lately. Whether this will affect other banks such as RBC or BMO is unclear.  RBC's involvement with the foreign workers scandal has shown that banks are still outsourcing IT functions at a time when they should be retrenching.


Logo from www.creditcarpayment.net
 

TD Bank is not saying much, but the likely suspects in this case are the Izz ad-Din al-Qassam Cyber Fighters Brigade.  They have launched a series of successful DDOS attacks against American banks recently and may be expanding outwards.  The Qassam Cyber Fighers have made generic claims on pastebin.com claiming they are responsible for these  DDOS attacks.  See an example of a pastebin claim below.

A Few Words of Explanation about the Terms

What is a DDOS Attack?:  The term DDOS stands for distributed denial-of-service.  Think of it this way. Imagine you want to pull a prank on someone or disrupt their business.  You get 100 of your friends to all call the victim’s phone number at the same time.  Your friends don’t call just once. They dial the same phone number as fast as they can repeatedly for an hour – thus rendering your victim's phone number inaccessible to both him and any legitimate incoming calls trying to reach him. In short, by overwhelming the capabilities of the single phone line, your render it effectively inoperable, even though no damage is done and all the equipment keeps working.  The victim’s likely response is to take the phone off the hook and give up trying to call anyone or answer the ringing.

 

A DDOS cyber attack works much the same way.  You and your circle of colleagues try to render your victim’s computer system inoperable by overwhelming it with large number of inputs.  If a critical mass of inputs can be reached, the victim’s website or public facing services will collapse under the sheer volume of inputs.

Who Are the Qassam Cyber Fighters Brigade?  This self declared group of activist hackers (hacktivists) announced their campaign of attacks against banks on pastebin.com in the fall of 2012. They claim their activities are a response to the posting of a YouTube video by the American Pastor Terry Jones.  The video – The Innocence of Muslims – was regarded by many Muslims as both insulting and full of false information.  The Qassam Cyber Fighters have demanded the withdrawal of the video. They target bank operations, believing that this will cost the banks money during periods of shutdowns and this in turn will cause the banks to pressure the government to find a way of getting the issue resolved. The attacks have in fact been successful in that the video has been withdrawn from YouTube. The video does keep popping up on the Internet as others continue to distribute it. Mostly likely, the money and personal that support this effort can be traced back to Iran.

In addition to a dislike of American banks, it would also appear that the Qassam fighters have a strong dislike of the Kingdom of Saudi Arabia.  This would appear to support the idea that Qassam has an Iranian base rather than a Palestinian one.  The Palestinians are not likely to bite the hand that feeds (i.e. KSA).

 

Hmmm, is it possible that high politics are involved and not just concerns about one video?

What is Pastebin?  Pastebin.com is a website where you can store large or small amounts of text data online for extended periods of time. However, it has become a popular spot for hackers to announce their hacking exploits. Typically, when a hacker has obtained material from the inside of a company or from an email system, they will post the stolen material online as proof of their success. For example, when Anonymous hacked into the American private intelligence collection company STRATFOR in December of 2011, they posted customer's names, credit card numbers and security codes to prove that they had been successful in their massive hacking effort.  My name was included, so I am aware of the effectiveness of the system. 

Analysis

In our modern world, we are critically dependent on banking systems. This is especially true of the payments and settlements servers that transact and balance off all the ATM, credit card, debit card and other financial transactions every day. Without these servers, the financial system and the economy would grind to a halt in 24 to 48 hours.  In short, your debit card won’t work, your credit card won't work and neither would the ATMs.  Imagine how rapidly civil order might decline if the systems do not recover quickly.  With RBC looking like they have outsourced IT functions overseas and to foreign workers, this raises questions about the stability of their systems.

 

What do the bankers themselves and those responsible for security think about the threat? One valuable insight into the views of the super rich and the political elites is the Davos Foundation annual meeting. This gathering of the super elites has expressed serious concerns about the stability of their own systems.  At the 2012 meeting they discussed cyber attacks and the “Dark Side of Connectivity.”  Their thought on this?  

The critical infrastructure  that underpins our daily lives increasingly depends on hyperconnected online systems. While significant resources have historically been needed to cause devastating consequences for geopolitical or corporate powers, it is increasingly possible for skilled individuals to do so remotely and anonymously through networked computer systems. As power shifts from the physical to the virtual world, a new paradigm for ensuring a healthy digital space must emerge.

They further add:

 

There are no proven secure systems, only systems whose faults have not yet been discovered, so trying to overcome “hackability” may be as hopeless as denying gravity. Instead, the goal should be finding ways for well-intentioned individuals to identify those faults and deploy remedies to end-users before would-be cyber criminals can discover and exploit them. (emphasis added)

When the super elites are concerned about such problems and openly say so, maybe the rest of us should take this seriously as well. 

This is economics for the rest of us!

-------

 

For one pastebin.com example see: http://pastebin.com/EEWQhA0j

 

For more on the “The Dark Side of Connectivity” see page 24 of the PDF report. It can be seen by going to the Davos Forum site at http://www.weforum.org/reports/global-risks-2012-seventh-edition

Or go directly to the PDF version at:

http://www3.weforum.org/docs/WEF_GlobalRisks_Report_2012.pdf