WASHINGTON (1/14/13)--The National Security Agency's technical assistance to large U.S. banks fighting increased distributed denial of service attacks means DDoS attacks no longer are just a business issue. They are also a matter of national security. That raises flags for privacy advocates who don't want government and private business data intertwined, the Credit Union National Association has learned.
Government involvement with credit unions and banks is not new. Credit unions have worked for years with the Federal Bureau of Investigation and other agencies to fight fraud and monitor robbery trends. While credit unions work with security firms to block thieves and hackers, NSA's involvement ups the ante.
The DDoS attacks don't directly involve data theft that leads to fraud. However, they disrupt a key U.S. infrastructure: the financial system, said the American Banker (Jan. 11). The attacks not only stall service, they also distract financial institutions' security teams. Sophisticated cybercriminals taking advantage of the distraction can steal data and make fraudulent transactions.
The NSA collects intelligence so its technical abilities are beyond other government agencies, said the Banker. It sends a team to the bank to educate it on how an intrusion occurred, determine if anything was stolen and identify similar events elsewhere. The bank must share some data to help pinpoint an attack's "signature." This creates a privacy problem, said the Electronic Privacy Information Center.
Other government agencies monitoring the DDoS attacks include the FBI, the Treasury Department, the Homeland Security Department and the Justice Department. They provide advance warning of the attacks. For the past five years, banks have gained higher security clearances so the agencies can share information needed to fight the attacks.