For the past two weeks, an unknown attacker or group of attackers has disrupted access to the websites of five major American banks: Bank of America, JPMorgan Chase, Wells Fargo, U.S. Bank and PNC Bank.
Many customers have had trouble reaching the sites to check their account balances or move money around, thanks to what appears to be a series of coordinated attacks.
It’s not clear exactly who’s behind the disruptions, despite the claims of a previously unknown Islamist group, or even what sort of methods they’re using, but here’s what we do know.
What’s really happening?
Someone’s flooding the Web servers of the banks’ websites with tons of useless requests for information that can’t be fulfilled, overwhelming the servers. Experts call this a distributed denial-of-service (DDoS) attack.
As a tactic, it’s crude but temporarily effective; it doesn’t crash the servers, get into databases or cause lasting damage, but it does make the sites hard to reach by clogging the pipes.
Graham Cluley, senior technology consultant at the British anti-virus company Sophos, once likened a DDoS attack to “15 fat men trying to get through a revolving door at the same time.”