Officially, Bank of America says they have not been hacked. However, during last weekend Bank of America (BofA) was waving the white flag of surrender with their online banking notification below. They have also not chosen to put out a press release about their week long problems.
It is clear now that BofA is suffering from symptoms of a distributed denial of service (DDoS) attack. A brief explanation of a DDoS is an army of computers that are controlled by an individual or group. That army of computers is aimed at a particular website’s IP address and they just keep asking if this is the correct IP address. It is like a tsunami battering against your front door. The only sure defense against a DDoS is to wait until the perpetrator tires and goes away.
What started this DDoS? Bank of America simply tacked $5 a month onto its checking account holders who use debit cards for purchases. Suddenly their stock drops and their website doesn’t work.
Now, the best effort for BofA online banking websites is a notice about running slow.
$5 a month won’t even pay for a fast food meal at a drive up window. However, for a single mom with two kids barely surviving on part time jobs, $60 a year can mean not seeing a doctor with a sick kid. This site will help you figure out what it costs to live in most American cities. That $60 makes a difference.
All week, guesses about Bank of America’s problems have been popping up on the Internet. Everyone is speculating about who is giving BoA grief on their website. Is it a simple problem with an upgrade of their software? Or is it a lone hacker like the one that defaced 730,000 websites a few weeks ago?
If BoA is suffering from a DDoS, more than a few people have very little sympathy. The US Congress and the President have suggested customers look for a credit union or another bank to avoid BofA’s new monthly fees. However, BofA isn’t the only financial institution considering such fees. Perhaps BofA’s troubles will give others pause.
BSN* spoke with a corporate security expert about how to protect against a DDoS. He said the financial industry is an easy target because they ask people to come to their websites. Thus, their security systems have to decide who is a good-guy customer, versus a bad-guy member of the DDoS army. He said that Bank of America acted arrogantly towards their customers and may have underestimated their reaction. Our expert had this sage advice: "Possibly BoA will learn what the "New Coke" marketing failure taught us – a bright idea sometimes ends up costing a company customers and money."