Slashdot Mirror
After Six Days of Outages, BofA Claims It Hasn't Been Hacked
Lucas123 writes "After six days of spotty service and outages with its online and mobile sites, Bank of America today said it has not been the victim of a denial of service attack, hacking or malware. Yet, the bank has set up a new homepage that it says will help customers navigate to the proper online service. Internet monitoring service Keynote said the outage is unprecedented in banking. 'I don't think we've seen as significant and as long an outage with any bank. And I've been with Keynote for 16 years now,' said Shawn White, vice president of operations for web monitoring service Keynote Systems. In the meantime, a BofA spokeswoman continued to divulge what might be happening, saying 'We're not going to get into the technical details. We're not going to comment on the technicalities of what we do.' Speculation among experts has been that the site is under attack."
DDoS isnt technically hacking persay....
'a BofA spokeswoman continued to divulge what might be happening'
Divulging is the opposite of what they're doing.
that would be even scarier. Six days of spotty service for no good reason?
a BofA spokeswoman continued to divulge what might be happening
I don't think that word means what you think it means...
Thanks to the War on Drugs, it's easier to buy meth than it is to buy cold medicine!
I think we should all have an accoutn wioth a 2nd back - becuase what if your primary bank is taken down technologically and you need to pay bills... all my bills are electronic I get NO paperbills at this point....
Not hacked. Just getting to roll out the "new banking". After seeing the success of New Coke, Netflix, Google's extra scripts, and well... pretty much every script intensive website redesign from the past 10 years, they decided that was what they needed to revive their struggling company and bring customers back into the fold.
Oh, did I mention that the "coke" was freebased and smoked?
"We're not being attacked, we just are totally incompetent and can't keep our site up under normal conditions"
All Anonymous and Lulzsec have to do now is claim that they are the ones who have been 'attacking' the site, and Bank of America then looks like they are trying to cover up protests against their decision (to charge $5 a month) and they get even more negative publicity.
This along with the protests on Wall Street getting more coverage might be a good brew.
It's probably all the people trying to transfer their money out of BoA, they are getting overwhelmed.
Huh. I called the other day because I couldn't check my balance via Web or Android app, and their representative told me that it was due to their merging with some credit card company and needing to integrate the ability for those acquired customers into the system.
Oddly, they told me to disregard rumours of a hack before launching into their explanation with little prompting from me. I just said my app had been flaky lately.
Bastard operator from America?
-- Chaos, panic, pandemonium... My job here is done!
they should not used the lowest bid for outsourced team that redid the web page.
Too incompetent to even know they are under attack.
Is a bank run technically a physical financial "denial of service attack"?
"Science flies us to the moon. Religion flies us into buildings." - Victor Stenger
It's amazing what can be done with a tape vault, bulk eraser, and access to certain PIN numbers.
The preceding post was not a Slashvertisement.
While there are no current details, Chase used to regularly be unavailable right around the end of a month until the second week of the following month. I thought it was a conspiracy to induce more late charges from customers trying to pay bills at the time.
they should not used the lowest bid for...
Lowest bidder = default action = "best practice"
Not saying it's right, just saying...and let's not act like every other corporation not in the media today doesn't do the exact same thing.
Every time I have a complaint against a company, I know my best recourse is to go elsewhere. Many people think/say this, but reality is that the convenience (or in most cases the lack of inconvenience) of staying with some company goes a looong way to keep us from putting our money where our mouth is. My BofA accounts are my oldest because I was a naive 16 year old boy who didn't know anything about banking, so I went with the most convenient. Many years have passed and I have multiple credit union accounts with most of my money. The problem is, these credit unions don't have very good ATM/physical locations, especially outside of where I live. For this reason I have kept my BofA account, because there is one everywhere. FYI: Nobody, NOBODY should be using BofA savings/cd etc and thinking you're doing good with your money. They have the most abysmal APY of any bank I have ever seen. Get a credit union account, please. Their customer service is horrible, I have spent almost an hour on hold before. I have had problems with my debit card randomly being declined places, and magically working again (not a strip error or anything). I have had problems with their automatic shutoff protection flagging my accounts when I'm spending the exact same amounts of money at the exact same places I do every week, forcing me to call them and turn my accounts back on. They even bait-and-switched me on a credit card. They advertised some no maintenance fee card, I wanted a low limit card 'just in case', so I signed up for it. At the end of the year, I get charged a service fee on it. I called them up, asking why my no-fee card was charged one, and they said "details of the card can differ between the advertisement and the agreement you actually signed." So i check my the papers I signed, and sure enough, in the details there is a fee (which I skipped over because the advertisement for this exact card said otherwise, no stipulation) Shame on me for not being more careful, but a dirty trick regardless. Even through all that I have kept my old accounts for the 'convenience'. Now with the debit card fees and this recent outage, I am done. It has taken a long time, but they have tried their best to completely drive me off. So I ask all of you, stop and REALLY think if shitty service (from any company!) is worth their 'convenience'. I think if more people realy started voting with their wallets, we would stop getting abused so much by large corporations. Just take your business elsewhere.
Another major bank that shall remain nameless had a four-day outage in recent years. It was due to internal problems (messed up backups, bad SQL causing corrupted database, etc.). So it can happen although 6 days is really stretching it. I have also worked for a bank and seen systems hard down for close to a day (forcing me to fly across the country) due to a hardware failure that begat a human failure that begat a second hardware failure that begat a second human failure (lost backup media). So shit can happen even without hackers.
It just so happened that the trouble started right at the end of the month, when lots of people are trying to make mortgage payments. My mortgage with BofA specifies that I have to make my payments online, I am charged a service fee if I try to walk into a banking center and pay it. Luckily I was able to get in after about 10 minutes of trying, but I wonder if they've got the stones to try and charge folks service fees if they went to the bank because they couldn't log in online...
I have to agree with you on that point. Credit unions tend to treat their customers the best (at least their low end customers, under 200K cant speak for higher income levels) I have used probably 15 different institutions over the past 20 years now, and of them all, the credit unions have always been the most helpful. I used BoA and had them do the same with the acct. freezing, but with my local credit union, i have 24/7 video teller service, 24/7 online banking, not a lot of ATMs, which it the downfall, but higher rates than all the major banks on savings, i get paid for having a checking acct, granted around .9% but most banks charge for a checking, but i digress. If you are getting screwed, take your business elsewhere, its the only way to change things.
have you seen my sig? there are many others like it but none that are the same
The BofA installed some upgrades or patches (maybe both) over the weekend and had then had issues. I did a Google search on "bank of america outage upgrade" found this: http://www.wbtv.com/story/14162614/bank-of-america-website-goes-down-has Seems to make sense. Why the BofA spokesperson could not have said that more often that it was due to a upgrade problem is a bit amazing to me.
what we are seeing is the first online bank run.
B of A has delayed reports, and have 'ignored ' that last few day in reporting to the feds.
We are going down.
Anyone need a software programmer with extensive financial background?
http://www.google.com/finance?client=ob&q=NYSE:BAC
5 year shows them down from $50/share to $5. (90% value loss)
3 month shows them down from from $11 to $5. (50% value loss over 3 months)
1 Month Shows them down from 7.5 to $5. (33% value loss)
I'm going to make a guess here; their stock isn't worth my belly button lint and the market is asking for their cash back before bankruptcy wipes them out completely.
They outsource their data centers to a two letter company that starts with H and ends with P. I don't think they have but maybe two small ones left that they own. However, that two letter company doesn't manage their Arbor Networks DDoS mitigation equipment, or their WAFs, they do...which is probably where the issue comes in to play. One of the guys who works on their NetScalers used to be a BA for CountryWide. Don't get me wrong, he is smart, but not in the ways he needs to be in order to create rules to mitigate sql injection/XSS issues with their site. I wouldn't be surprised if his work isn't what caused the issues they are having. SUPER non-standard configuration, creating rules that take inordinate amounts of time to process, memory leaks in the NetScalers, and I could go on for days. The same goes for their IPS, Firewalls and most other things. They hire anyone with "Security" stamped somewhere on their resume, get them a laptop and send them back to their house to work on all that shit from home. All this with little to no introduction to the way they do things or giving any ideas on how the network is setup. They have reached new levels of stupid as shit there from an IT perspective. I feel bad for HP having to deal with the dipshitz they have there who are labeled "VP" or above.
And without giving up my sources, the possibilities are as follows in decreasing order:
1. Most likely they are just incompetent and unable to configure their equipment.
2. It's possible, although unlikely, that they are under attack but don't know about it because they haven't discovered it.
3. There is almost no possibility that they were attacked, detected the attack, and then denied it. They're just not that good.
WTF are you people on about? It's working fine for me. I just checked. I was able to pay my BoA mortgage this weekend, and my other bank says the payment's been debited just fine.
Supposed to be "lowest bidder to hit the spec". But who knows with these TBTF zombies.
Yes, not under attack like they are not a 'zombie bank'....everyone in the US should move to a public bank or a credit union. You have to ask yourself what value does BoA bring to your life.
to a nicer bunch of assholes.I hate the fucking bank!! Too big to FAIL my ass, they should have let it go down in flames, same with CITI bank. This lets institute a $5.00 monthly charge to let you use your money, cause the big bad government won't let us rape the merchants anymore. We gotta screw someone and now it is our suckers er I mean customers we are gonna screw. What a great fucking idea. But hey we can still afford to hand out billions, yep billions with a B, of bonus money to the guys who drove this place into the ground, er I mean made all those smart business decisions. In the past year they have paid out over 4 billion in bonus money. The purchase of country wide mortgage and merrill lynch were gonna make us billions, at least that's what we told the shareholders. Oh and lets not forget the 35,000 people who will be members of the unemployed, cause we just have to be able to keep giving ourselves those big bonus's. Yep couldn't have happened to a nicer bunch of scumbags. Maybe next time that fucking bank is on the verge of collapse the congress of baboons will just let if fail.
that's today's Bank of America. portfolio full of toilet paper, execs who aren't canning the weasels who got them into the mess they're in or reporting them to the authorities, bigwigs giving themselves fat handshakes while stiffing the public, illegally foreclosing on houses they can't prove they loaned against, and can't fix a creaky website in a week.
oh, boy, time to run out and put all my money there, ya betcha, Sven.
if this is supposed to be a new economy, how come they still want my old fashioned money?
It seems to me it may simply be all the people leaving BofA after they introduced the $5 monthly fee, per debit card. I've noticed that
Wells Fargo also seems to be much slower, and having issues with their web site now that they introduced a $3 monthly fee, per
debit card.
We are leaving Wells Fargo for this reason, among a few other reasons...
I had just figured the outage was due to the massive influx of traffic of people trying to close their accounts online or simply withdrawing as much money as possible before closing through a branch. Due, of course, to their $5 fee announcement a few days ago.
Wish it would continue for months.
Per account, per month?
If not, I hope it gets worse.
These big banks are useless. They started charging fee's for ATM card access? Seriously?
Go with Charles Schwab, they have a reasonable APY on checking accounts and will refund any ATM fees (they have no physical locations, so they have little overhead). Thanks, that's all I want.
I have a main CS account and another local "physical" account that I use as a backup.
Keep refreshing bofa.com and let me know when it comes up. I'll do the same.
At least some speculation in the media has been that some or all of BofA's system problems may be due to self-inflicted system load increase in the form of large number of online account inquiries and cancellations prompted by the debit card service fee.
Priceless.
Bank of America today said it has not been the victim of a denial of service attack, hacking or malware
So, instead of a victim they're announcing to the world they're incompetent. I'm not at all certain that's an improvement. It was a choice between the Devil and the Deep Blue Sea anyway. One way announces their security is sub-standard, the other that they just don't give a crap, which most of their customers already suspected anyway.
That's our life, the big wheel of shit. - The Fat Man, Blue Tango Salvage
Where the hell could you possibly find 7% per month guaranteed. People would put millions in that. Best I find online is 2% from a no-name place, and 1% from places like ING. Those are for savings too, not checking.
Nobody is willing to pay 7% with the central bank rate and economy as it is. If they are, then they are doing something illegal or risky (which with money in checking accounts would be illegal). To get 7% you'd need to be in corporate junk bonds, like Ca or worse. For those the historical rate of default is near 70%. Not the kind of thing you can but guaranteed money in.
One has not been able to "choose" the lender since the great depression. Banks face 2 issues. The first is that they need to be solvent. i.e. more assets then loans. The 2nd is liquidly. When banks run into problems they need to sell assets – such as your home loan. Here’s why.
I am going to use the movie “It’s a Wonder Life”. Lots of real work banking issues in that film. George Bailey, owner of a small bank, has a problem. He has a lot of short term loans (i.e. customer savings that can be withdrawn at any time) and lots of long term assets (i.e. home loans). When there is a run on the bank (customer’s withdrawal their savings) or the assets collapse (bad loans) Uncle Billy had to go the big bank and pledge his assets for cash.
This only kind of solved the issue. They have liquidity, but now they are leveraged to the hilt. Another bank run and their dead. The wise choice would be to become smaller and deleverage – but they can only do that if they can get rid of the home loans. Back then mortgages carried provisos that let the bank call in your home loan with 60 days notice. Fun!
The good news is that if your loan is sold to Vinnie the Loanshark he has to follow all of the rules in the mortgage contract and the various banking laws. Bad customer service yes – but now broken legs and no new fees.
In the U.S., banks can do anything they like. Lying, cheating, and over-charging customers is just part of their normal business activity.
.
They, and several other "too big to fail" banks are literally broke, and a run on them would make that all too obvious. While some people observe that their market cap (total stock value) is less than their "book value" we must remember that they got FASB rules suspended, and are marking all the bad mortgages on their books to a fantasy that they'll all pay off, rather than the market value which reflects their real worth. Honest books would show they have negative value.
.
Since they are only propped up by loans from the fed, and FDIC doesn't have the money to back up the guarantees, the government sure ain't going to say anything that would cause a bank run, except for a couple of senators that have already mentioned in session only an idiot would still have an account with any of them. Do you suppose they know things they don't tell us? Count on it -- their own stock portfolios beat the best unprivileged managers every year, and by fat margins (double digit %) -- insider trading is legal for congressmen.
.
Run, don't walk, if you're in one of the TBTF banks, find a local or a credit union. You've been warned. This won't end pretty. Some of them have bad paper exposure in the trillions, and it's not on the books because the rules were changed for the emergency. The bad stuff is still there....
Why guess when you can know? Measure!
Oliver's law of assumed responsibility: If you're seen fixing it, you will be blamed for breaking it.
Some place that provides, well, data, like say Bankrate:
http://www.bankrate.com/rates/safe-sound/memorandums-memos.aspx?fedid=480228
They seem to feel B of A is sound these days. So you'll have to forgive me if I'm not panicking because someone else is saying "The world is ending!"
The real issue is traffic, the article leads me to believe that the back end data is getting crushed by old records which don't usually get instantiated. They try to downplay it, but the real problem is the mass exodus. I bet the many old customers are going back though old statements and printing them in advance of a transfer. I've developed statements systems for another bank, they don't behave well when too many people rip through all of their old statements at once. There usually are even firewalls that might have capacity issues.
I can understand why they are trying to downplay this, as herd of customers preparing to leave is an embarrassment, but my 20/20 hindsight tells me that it should have been anticipated. Maybe it was a little, but I can't imagine that IT was brought in much before they announced what I see to be a bone-headed move to get out of retail banking.
Oh, yea, to stay on topic, sometimes people make mistakes. However, it's spelling issue, but a word choice, I don't think it's wrong. Odd maybe in it's use, but not wrong. Did you even look up Divulge before you before you commented, just to check the meaning. I did.
To disclose or reveal (something private, secret, or previously unknown).
The force that blew the Big Bang continues to accelerate.
Once upon a time many years ago, I worked for the company that remotely managed the BofA website. It was run on MS server software with no-name hardware and stuff would routinely fall over just from the east coast lunch hour internet traffic. They also had server rack/cabinet cooling issues. BofA knew about all of this and consistently choose not to implement fixes. Shortly thereafter BofA cancelled their contract and ran it themselves and continued to have the same issues. Hence I vote that they're doing it to themselves and they're not being hacked.
I guess the conversion off of OS/2 didn't go as well as planned.
The bank of america network is under attack literally millions of times a month. It has been for years and years. It is also possesses one of the top ten largest carrier networks in the world and they know how to manage it. This is not an attack. This is simply a technology failure that they are working to restore. EOM.
http://www.youtube.com/watch?v=Db_P0wHsSz0
Why do they get a swat team keeping people from withdrawing money?
Where exactly does it say that a bank won't eventually tuck tail and run with all the money, blaming some ingenius hack from some already known criminal organization or terrorist group?
When I was getting a new furnace (several thousand dollars) I got a half dozen bids, threw out the ones that seemed abnormally high or low, then evaluated the rest. Usually the lowest bidder is low for a reason. (Although to be fair, sometimes they're just more efficient.)
Oh shit, I thought it said the BofH was hacked!
Whew! Thankfully, though, that's not the case:
http://bofh.ntk.net/BOFH/
So if it's not hack or DDOS is it really Accenture or SAP?
You are crazy if you still trust your money to any american institution.
By 2012 to 2014, you will no longer be able to open an account as an american overseas (many americans have already had their accounts closed, including people just for having a US mailing address that are not us citizens), as the new laws go in to effect to penalize any bank internationally for not reporting the accounts of american citizens. Most have decided to just stop doing biz with americans.
Your options are limited however for a safe haven.
Try chile. They still have no debt, and 6 percent growth, massive resources (5 lkarest gold producer by 2015, lithium, copper, etc), small pop (mostly young with a fully funded private social security system).
Most importantly, they went through their own (real estate fueled )banking crisis of this sort in the 80's, and implemented the laws that shielded them from the financial crisis in ways that almost no other country in the world managed. like don't loan money to people without money.
Maybe if slashdot readers would reconize the fact that boa anounced that they were outsourcing most of the failed tech aquisitions and getting back to what they do best, basic banking, then a different idea about the outages may come into play. They are outsourceing much of the technology functions to companies that they previously had relationships with in better times. The result may include short term outages, but also may result in a better company after the transitions occur. but hey, feel free to blame boa over fee's that came about due to retailer lobby efforts and two of our favorite senators, and link outages to the outrage that must be occuring to hacking or denial of service attempts. Imo boa is finally doing right after the idiot bought countrywide and dragged the bank into near shambles.
I'm guessing that nobody told the web services group about the planned price increase for debit cards.
I was hoping (initially) the outage was from the account closures in response to their debit card monthly fee, now it appears to be an attack, most likely in response to their debit card fee's.
The other option is IT incompetence at the bank, which hurts worse? Being attacked by an outside entity or having incompetent help?
"If any question why we died, Tell them because our fathers lied."
they should not used the lowest bid for...
Lowest bidder + adequate specs + adequate testing = default action = "best practice"
Not saying it's right, just saying...and let's not act like every other corporation not in the media today doesn't do the exact same thing.
TFTFY
Spending money foolishly is often worse then spending money needlessly. Put another way, spending more is no guarantee of quality. Diligence is.
Really, I own a small business and take credit cards.
The restriction is what banks can charge the NEXT company down the procession down the line.
The merchant in many cases is NOT seeing the relief unless they change processors or threaten to
"Although this legislation was designed to provide business owners relief from card processing costs, some processors have publicly announced that they will keep the funds to bolster their own profits. The industry encountered a similar situation in 2003 with the Wal-Mart settlement that lowered debit interchange rates by approximately one-third. Rather than pass the savings through to their merchants, many processors kept the savings to boost their own profits."
http://www.marketwatch.com/story/heartland-payment-systemsr-credits-merchants-durbin-dollar-savings-from-debit-swipe-fee-reform-2011-10-03
Ixnay on the Ilechay.
We don't want a bunch of angsty slashbots down here.
some places (UK) merchants do charge more for credit cards -surcharges are legal
in the US, some merchants offer cash discounts. (I'm one)
every day http://en.wikipedia.org/wiki/Special:Random
On Tech News Today yesterday or the day before, a BoA employee in their chat room indicated it was an issue associated with end-of-quarter processing. I think it's rediculious to assume that just because a website experiences issues, it's an attack. Mine are all database issues personally.
I do security
Do not reboot the web server!!!!
Didn't you get my email?
help me i've cloned myself and can't remember which one I am
Oh, wait, having typed that, I realize I do have an account that's online only, and they sent me a debit card. It's been in a drawer since about 30 seconds after I got it in the mail.
I pay (almost everything) by credit card, then direct transfer the monthly payment from my bank.
If there's a problem with a charge on your card, would you rather (a) dispute the charge on your credit card, withholding payment until resolved, or (b) dispute the charge and try to get the debit card company to give you money back?
Would you rather (a) hand over to the minimum-wage drone a credit card with a line into the credit card company's account, or (b) hand over a debit card with a direct line into your account?
And checks? My wife pays by check maybe a couple of things a month to people who still for some reason can't take credit card or direct payment. I can't remember the last time I wrote a check.
ATM fees? I can't remember the last time I got caught short by an unexpected cash purchase or lack of planning that I had to hit an ATM other than at my home bank.
These sorts of fees are bad in that they hit poor people who can least afford it. Too poor to have a couple of weeks pay in their checking accounts, if they have an account at all. Too poor to have a "real" credit card, so they have a debit card or use checks. I don't like the idea that BoA (and other big banks) see little value in retaining such customers unless they can gouge them for direct fees, but I can understand how their cold, hard analyses come to this conclusion.
how is warren buffet (jimmy's daddy) going to get his guaranteed 6%/year?