What was your computer doing last Wednesday? Even if you were working on it, there’s a chance it was involved in a serious “denial-of-service” attack on the National Australia Bank and its online customers, who were left scratching their heads when the online banking service was brought to a virtual standstill.
According to NAB spokesperson Geoff Lynch, the attack was categorised as a “serious attempt” at breaching the bank’s defences. “In terms of impact, it reduced the viability of the website, which is an inconvenience to our customers that we take very seriously. We’re not aware of this attack affecting any other banks, and it didn’t seem to be a part of a larger more coordinated exercise.”
The matter has been referred to the Australian Federal Police, who, in regulation police-speak, told Crikey they “take the matter seriously” and are “working closely with NAB to see the matter resolved as quickly as possible.”
Ben Forsyth, an RMIT researcher currently working in the field of internet forensics, has a more entertaining theory – an attack of this nature could have been initiated by an individual using a horde of “zombie computers.”
“These attacks are often generated using a Trojan on unprotected home PCs which opens a backdoor to allow the machine to be controlled remotely. They are then used en masse to bombard the target network. Although this attack may not have been an attempt to steal money, it made the website unusable which in turn affects customers’ confidence.”
While Geoff Lynch is quick to point out that customers’ details and the bank’s funds were not accessed, there is still a cost to the bank – the perception of security. The Australian Consumers’ Association (ACA) is one organisation which believes the banks are falling short of properly protect their customers.
“Our general position on banks and internet security is that they’re not doing enough,” ACA spokesperson Indira Naidoo told Crikey. “We receive hundreds of complaints from customers about their experiences of online banking, even instances where they have lost money. Too much of the onus still remains with the users and not the service provider.”