DDoS Response: Communication Tips

Bank Attacks Highlight Areas for Improvement

By , October 31, 2012.
DDoS Response: Communication Tips

Denial of service attacks against large organizations shouldn't come as a surprise anymore, says attorney Ronald Raether, who says attack targets should be better prepared to communicate the incidents to the public.

See Also: OPM Breach Aftermath: How Your Agency Can Improve on Breach Prevention Programs

Recent DDoS attacks against U.S. financial institutions by the hacktivist group Izz ad-Din al-Qassam highlight the need for all organizations to better prepare for these incidents and to develop appropriate communications plans when dealing with the media and their customers, says Raether, an attorney specializing in technology-related issues, including breach response.

"I think that these companies should have been prepared for this type of event," Raether says in an interview with Information Security Media Group's Tom Field [transcript below]. "In fact, since at least as early as April of this year, the number of denial-of-service attacks on financial institutions has been increasing by 300 percent."

These attacks bring with them significant media interest, Raether says, so organizations should begin to use their relationships with the media as a vehicle to get their messages out to the public and to foster the communication around the attackers.

"From a company's perspective, it's much better that the story is about the hacktivists as opposed to about the financial institutions and the strengths or weaknesses of [their] security," Raether explains.

"Make sure that the story is communicated in a way that's beneficial to the financial institution," he says.

But organizations need to be sure not to provide the wrong message or to guarantee customers that their information is secure, Raether warns. "Denial-of-service attacks often are used as a smokescreen to hide something more nefarious," he says.

"When you have this type of security incident, I think the company needs to be prepared to deal with the hacktivists and media interest, but also to realize that there may be something bigger on the horizon - a breach - and be prepared to deal with that," he says.

In the interview, Raether also discusses:

  • Institutions' responses to recent attacks;
  • Anticipating hacktivist threats;
  • How to engage the media.

Raether is a partner at Faruki Ireland & Cox in Dayton, Ohio. His experience with technology-related issues spans an array of legal areas, including patent; antitrust; licensing and contracts; employment; trademark; domain name disputes; and federal and state privacy statutes. He has been involved in cases addressing compliance with statutes that regulate the use and disclosure of personal information and laws that concern the adequacy of securing against unauthorized access to personal information. Raether has successfully defended companies in more than 25 class actions.

Assessing Institutions' Response

TOM FIELD: You, like all of us, have been sitting back and seeing this string of DDoS attacks against financial institutions. From what you see, how do you assess at least the institution's public evidence of incident response?

RONALD RAETHER: Responding to a security incident is much trickier than dealing with a data breach. In a data breach, the law defines what the company has to communicate to the public. With a security incident, the companies are really balancing the need to provide guidance and support to its customers and clients versus providing the bad guys information that can do more harm than what the initial attack could pose on the company, and a denial-of-service attack is a great example of that.

What happens is that given the flood of packets and information, they try to shut down the company's website. That alone does not create harm other than the inconvenience from the user of that website. They can't get on and see the balance in their checking account. It's frustrating, but it doesn't cause financial harm to the consumer. But often times those denial-of-service attacks are used by the hacker to hide or cloud a more nefarious attack that they want to impose. Using that castle analogy that we've heard about and used in the past, I'm storming the front gate so I can draw your attention away from the back door. The companies are really in a bind in terms of if they provide too much information about the incident, then they only help the hackers in educating them as to how well their attack is going on, and whether it's time for them to try that back-door approach where on the other side, the consumer is frustrated because they can't get into their checking account.

Bank Response: Pros and Cons

Follow Jeffrey Roman on Twitter: @gen_sec

  • Print
  • Tweet Like LinkedIn share
Get permission to license our content for reuse in a myriad of ways.
ARTICLE Lenovo Patches Critical PC Flaws

Lenovo issues an emergency patch to fix flaws in the System Update software that it preinstalls on...

Latest Tweets and Mentions

ARTICLE Lenovo Patches Critical PC Flaws

Lenovo issues an emergency patch to fix flaws in the System Update software that it preinstalls on...

The ISMG Network