The alert distributed to its members by the California andNevada Credit Union Leagues had to cause chills: “TakeReasonable Steps,' Bureau Says.”

The FBI's Cyber Division has issued a “private sector advisory”regarding a possible cyber-related threat to U.S.-based and foreignfinancial institution websites on or about Sept. 11, 2013.”

Exactly what does this mean for your credit union?

Is the threat in fact real – remembering that in May a threatened Anonymous blitzkrieg against financialinstitutions amounted to a big goose egg.

The California-Nevada Leagues said they had gotten the word fromthe California Department of Business Oversight, an agency thatoversees financial services.

That department confirmed to this reporter that it was thesource and it passed along exactly what it had distributed: “TheFBI Cyber Division has issued a Private Sector Advisory regarding apossible cyber-related threat to United States-based and foreignfinancial institutions on or about September 11, 2013. Although previous iterations of this effort have had limited if anyimpact to the targeted entities, the FBI encourages the privatesector to take reasonable steps to secure cyber infrastructure inlight of possible threats.”

Know this: The FBI also confirmed to this reporter that it infact had distributed an alert to financial institutions about apossible Sept. 11 attack. The Bureau offered no additionaldetails.

That lack of specificity complicates striking a preparednessposture, said multiple experts.

A vice president for security at a very large credit union infact shrugged off the warning: “My take on it this is very fewwould be so bold as to attack the US on the one day that wouldresult in a swift and complete reprisal. Political enemies of thestate, in my opinion, wouldn't touch this with a 10-foot pole andthe rest I don't believe could muster the resources to make a majorimpact. Am I the crazy one?” He requested anonymity becausehe is not authorized to speak for his institution.

Others take the threat more seriously. CUNA, through ExecutiveVice President Paul Gentile, had this to say: “CUNA believes cyber-security threatswill be an ongoing issue for credit unions and the entire financialsector. We urge credit unions to maintain a robust enterprise riskmanagement program that includes policies and procedures forcyber-security attacks.”

Exactly what form might the threat take? Most expertsappear to believe that if in fact anything materializes it probablywill come as a Distributed Denial of Service (DDoS)attack, although at least the very largest institutions have gottenhighly skilled at deflecting DDoS.

But DDoS is not the only possible attack vector. Recently, agroup calling itself the Syrian Electronic Army hacked into severallarge media websites – notably the Washington Post andCNN — by going in through a vulnerability in onlinewidgets provided by a third-party content company, Outbrain.

Exploiting that vulnerability, the hackers inserted redirects sothat when some users clicked on Washington Post content, forinstance, they found themselves at the Syrian Electronic Armywebsite.

The takeaway from this is that credit unions have to assurethemselves that not only is their site secure, so is any contentprovided by third parties.

But attacks may take still other forms. Tom Kellermann, vicepresident of cyber-security at Trend Micro, stressed in aninterview that there has been a “tremendous” improvement in cybercapabilities in the Middle East, making it difficult to predictexactly how they might attack.

He also said that potential bad actors are known to have beendoing substantial reconnaissance on the financial sector.

Kellermann's warning: take the FBI threat seriously becausethere are indeed plenty of serious threats out there.