American Express Joins List of Cyber attack Victims

And it’s getting pretty ugly… Thursday, American Express joined the likes of JPMorgan Chase, Bank of America and other victims of cyber attacks in the last six months, as their website was taken down for hours; leaving their customers unable to access online account information. These types attacks targeting U.S. financial institutions began last September and have cost these corporations millions of dollars.

A group calling itself the Izz ad-Din al-Qassam Cyber Fighters has claimed responsibility for the previous attacks, claiming retaliation for the Anti-Islamic video posted on You-Tube during the fall of 2012. U.S. Government officials speculate the group is affiliated with the Iranian Government but has been unable to produce any solid evidence to validate their suspicions.

Regardless of who is executing the attacks, their intentions are clear: To disable financial operations in the United States. And so far, they have been somewhat successful at least for a few hours at a time.
For some time now, experts have suspected the primary motive was espionage, but based on more recent attacks, it seems that destruction and paralysis of financial networks and systems are the attackers’ main goal.

“The attacks have changed from espionage to destruction,” Alan Paller, director of research at the SANS Institute, a cybersecurity training organization told the New York Times. “Nations are actively testing how far they can go before we will respond.”

According to the Times article,  this was a hot topic at a White House meeting this month which included President Obama and other business leaders, including the executives from JPMorgan Chase, Bank of America, Exxon Mobil, AT&T and others.

The President’s goal was to further convince the private sector that federal legislation allowing the government more oversight of how companies protect “critical infrastructure,” would be beneficial. Private sector opposition killed a bill last year trying to do just that.

“But I think we heard a new tone at this latest meeting,” an Obama aide told the New York Times. “Six months of unrelenting attacks have changed some views.”

Such a conundrum. Would increased legislation solve the problem? Without it will the attacks get worse, leaving our economy vulnerable? Is this the government’s issue or one that can be handled by the financial industry itself? How far do we let the attackers push the envelope before we find out?