You remember Project Blitzkrieg, don't you?

Probably you don't, actually, and that is because the late 2012cyber-attack – said to be the brainchild of Russian criminalswho intended to cripple and loot the top 30 U.S. banks – amountedto a whole lot of bluffing. If it happened at all, nobody muchnoticed.

There is the thought to ponder as you contemplate what may ormay not happen on May 7, the day of a supposedly huge DDoS attackthat will be aimed at banks and others, according to a pressrelease posted by the hacker group Anonymous on Internet bulletinboard pastebin.

The language is obscene, the argument is unstructured, but itseems to say that come May 7 a DDoS attack will be unleashed thatwill bring the United States to its knees.

But note that deep down in the commentary is this line: “And tothe American people we suggest switching your bank accounts from abig bank to a local union.”

Is that an endorsement of the credit union movement? Impossibleto say.

Just as it is impossible to say if anything at all will occur onMay 7. “These are not people who operate in a framework of rules.They do not have to act on their announcements,” said DavidBritton, a DDoS expert with 41st Parameter, a Scottsdale, Ariz.,security company.

Exactly what Anonymous will do is unknown. But there nonethelessare facts that are known.

A first is this: DDoS has been a plague on the nation's biggestbanks, along with a few credit unions, for some months, but “the primary impacthas been down time. This has not disrupted our society in anymeaningful way,” said Hugh Smallwood, chief technology officer at Maryland CUSO OngoingOperations.

Yes, Patelco and University Federal Credit Union – to name two credit unionsknown to have suffered DDoS outages – were knocked offline forparts of a couple days. But that was that.

Many New Jersey, New York and Long Island credit unions were knocked offline forday after day by Hurricane Sandy.

Besides, noted Britton, “DDoS attacks are so widespread, everyorganization has been impacted. I'm not sure it has a stigma tohave suffered an attack.”

By now, just about every money center bank has been knockedoffline by DDoS for at least a few hours and if the giants fall,the message is that nobody is safe so there is no shame in a DDoSoutage.

Another fact: for credit unions that have not yet put in placeplans for responding to a DDoS attack, know that it is too late todo much to mitigate any attacks that might come on May 7.

What can be done, however, is “work with your ISP and Web hostto see what mitigation help they can provide,” said Ken Otsuka, a risk specialist with CUNA Mutual in Wisconsin.

He also stressed taking steps to ensure that member data staysafe throughout a DDoS attack (there have been reports thatsometimes, although uncommonly, DDoS is used as a diversion as fraud is committed).

Note, too, that credit unions with no, or sparsely used, onlinebanking need do nothing. Present day DDoS is aimed at paralyzingthe online portal, period. And it usually does nothing at all tothe mobile banking channel which, in most cases, will be fullyfunctional throughout a DDoS attack – a point that may interestmembers who want to perform digital transactions as an attacktranspires.

Then there is the biggest question which is what to do after May7, assuming there are in fact widespread outages in the U.S.?Pressure may grow for many credit unions to have in place at leastbare-bones defenses. “I think most bigger than $500 million inassets will decide they need protection,” said Smallwood.

He stressed that he was not suggesting that even those creditunions need the capability to deflect the high-volume attacks thathave lately been thrown at money center banks by al Qassam, a hacker group usually said to be allied with thegovernment of Iran. Those attacks are massive, and even top 10banks struggle to assemble the resources to ward them off.

But those $500 million and bigger credit unions had better getready to ward off lower grade DDoS because a 2013 reality is thatgarden-variety DDoS is becoming a fact of life.

The more press coverage there is, the more every cyber miscreantwill decide to throw a little DDoS at whatever institution annoyshim or her in the moment and that means protections probably willindeed be needed.

The good news: many vendors – including Smallwood's OngoingOperations – are scrambling to put together affordable DDoSpackages.

At what cost? Smallwood – who said Ongoing Operations' solutionis now in pilot – will probably cost in the $1,000 to $4,000 permonth range.

What about smaller credit unions, for which those amounts mayseem staggeringly large? “Some credit unions will decide to donothing about DDoS,” said Smallwood. “They will decide it is OK togo offline for a few hours and wait it out.”

Exactly that happens, frequently, in summer thunderstorms inmuch of the country – and nobody gets too agitated when the powergoes out for an hour here and there.

The same may become our response to DDoS.

Either way, we will know more – about DDoS threats and how werespond – come Tuesday, May 7

Also Rea

• Was May 7 Only a Test?
• May 8: Attacks But No Time to Let GuardDown
• Mixed Views in LinkedIn Poll on May 7Warning
• No Takedowns Reported Tuesday
• Anonymous May 7 Target List IncludesCUs
• Krebs: DHS Memo Says 'More Bark ThanBite'
• CO-OP Issues DDoS White Paper
• CUNA Explains Thinking BehindWarning
• Reactions Vary to May 7 Warning
• DDoS Attacks Often Fraud Diversions
• Mark Your Calendar (or Not) for May 7Attacks
• CUNA Issues May 7 DDoS Warning