Just because no apparent DDoS attacks hit credit unions Wednesday doesn’t mean hackers didn’t progress toward their goal of crippling U.S. financial services targets, said Brian McGinley, CEO of data risk management firm IDT911 Consulting.
While McGinley stressed it was purely speculation on his part, he said when criminals – especially hackers from the group Anonymous – say there are going to do something, sooner or later it usually happens.
“This could have been a test to see what would happen so they could plan their real attack,” he said.
McGinley likened cyber warfare to a game of chess, in which U.S. targets react to warnings by taking precautionary measures. In response, hackers could use information about defensive methods used on Tuesday to develop a countermove.
“It almost plays out as a dialogue between the good guys and the bad guys … there’s gamesmanship going on in the cyber world as it relates to criminal activity,” he said.
- May 8: No Attacks But No Time to Let Guard Down
- Mixed Views in LinkedIn Poll on May 7 Warning
- No Takedowns Reported Tuesday
- Anonymous May 7 Target List Includes CUs
- Krebs: DHS Memo Says ‘More Bark Than Bite’
- Threat of the Week: May 7, Ready or Not
- CO-OP Issues DDoS White Paper
- CUNA Explains Thinking Behind Warning
- Reactions Vary to May 7 Warning
- DDoS Attacks Often Fraud Diversions
- Mark Your Calendar (or Not) for May 7 Attacks
- CUNA Issues May 7 DDoS Warning
None of IDT911 Consulting’s clients experienced any hacking attempts out of the ordinary Tuesday, McGinley said, adding that the attacks weren’t thwarted, they just never came.
He said he had heard what other IT security experts have told news outlets or posted on blogs, that it’s likely suspected Iran-based hacker groups like the al-Qassam Cyber Fighters, which have claimed responsibility for attacks on banks and some large credit unions, did not participate in the threatened May 7 attacks.
While the May 7 attacks appear to have been unorganized and broad based, the Iranian Cyber Fighters tend to be “more controlled and measured,” he said.
CUNA Spokesman Pat Keefe said his trade association, which was the first to alert credit unions to the May 7 attacks, said CUNA was relieved there were few, if any, attacks.
“We had acknowledged from the beginning that there certainly was the possibility that no threat would, in fact, materialize,” Keefe said.
“But we continue to strongly believe maintaining the trust of members in the security of their credit unions is worth the effort of advising credit unions of risks to them and their members. In fact, if our cautions to credit unions played any role in diminishing a threat, so much the better,” Keefe said.