On June 20, 2011, well regarded techie site zdnet.com wrote a report that various activist hacker groups — most notably Anonymous — would begin Operation Anti-Security by targeting banks. Not long after, Anonymous announced their support for the then budding Occupy Wall Street movement.
Over the past few weeks Bank of America’s website has been ailing. Frequent reports of people not being able to log-in, or the website being entirely unavailable, have surfaced. Bank of America blames the problems on a “systems upgrade” gone bad.
Sure. We’re supposed to take Bank of America — the same bank that’s lured a countless number of homeowners into foreclosure through dual-track, bad-faith mortgage modifications — at their word.
I’ve been a computer programmer my whole life. I was sent to learn to program on mainframes over thirty years ago. I grew up in Bloomington, IN, where Indiana University is located. They’d let me practice programming at night, when others weren’t using their computers, so as a child I’d trudge through the snow to practice what’s become my lifelong passion and work at night, going to school during the day.
I’ve built and sold computer programs to large Fortune 500 companies. Currently, I’m working on two companies: Legalprise, which provides litigation support for lawyers, and Nastiaco, which will allow the public to quickly collaborate and search for fraud in large volumes of public records.
I don’t know if the instability at Bank of America’s website is the work of their own incompetence or the work of hackers. I do know that, either way, as an experienced computer engineer, out of a sense of precaution, I’d recommend people move their money until the instability ends. If you absolutely adore BOA (and their $5/month debit-card fees), you can return once the technical issues are entirely resolved. If the bank is telling the truth you lose nothing — you’re slightly inconvenienced — by moving your money. If the bank is lying, if they’re under attack and not admitting it to the public, then you’re better off parking your money somewhere else.
If an attack is underway the goal might not be site instability, but site unavailability, or wholesale data corruption; that is, logging in one day to find your banking records hopelessly corrupted; your money vanished into the black-hole of cyberspace, reliant on the same call center dolts who work through modifications to find it. Normally the FDIC intervenes in bank failures so people’s money is available. However, Bank of America wouldn’t fail; they’d simply have had a tech meltdown.
Why would BOA lie? This is a bank whose CEO has expressed his view they have “right to make a profit.” Not a right to earn a profit, and not a right to compete, but rather some sort of divine entitlement to make money, no matter how poorly they manage their business. Disclosing that a rag-tag group of renegades was successfully attacking the core benefit the bank sells: an ability to protect — that is, to bank — money would likely cause a run on assets, putting their sacrosanct “right” to earn profits at risk.
It’d be reckless to fail to disclose they were under attack, but this is a bank that failed to disclose to investors that AIG was about to sue them for $10 billion, an event that caused the bank to lose more than 20% of its stock value in one day. This is the bank that first invested in then purchased Countrywide, and Merrill Lynch. This is a bank that vowed to fight “hand-to-hand” on foreclosures, after taking tens of billions of government money. In short, there’s a serious credibility gap. Get real: these people trusted and supported Countrywide founder Angelo Mozilo.
Finally, there’s the question of why Anonymous wouldn’t simply say they were responsible for BOA’s travails. But the answer to that is easy: they haven’t yet succeeded. Much like Steve Jobs and Apple do not release product information until a product is finished, if an attack is underway it’s probably not yet finished. If there is an attack, why wait to see what their end game is?
For full disclosure I do have a short position in Bank of America’s stock. That is, I’ve bet with my own money that their stock value will fall. In the past I didn’t purchase bank stocks, since I often write about them, but it seemed dumb to not “put my money where my mouth is,” and I don’t plan to change my position anytime soon. I think BOA is run by incompetent, reckless bankers. Regardless of what’s causing their technical problems, they’re bound to eventually fail. I’m also not a member of and I’ve never communicated with Anonymous. I admire some of their work, and I’m ideologically aligned with many goals, but I think they could produce the same or better results without illegal hacking.
In summary, there absolutely is no smoking gun, no solid evidence, that hacker activists, hacktivists, are behind the BOA tech problems. But a technical meltdown a few months after an announcement that an attack was in the making, timed to coincide with public protests supported by the hacktivists, levied against the largest of the Too-Big-To-Fail banks, which appears to be ongoing, seems like more than enough to cause a reasonably cautious person to raise their eyebrows then move their money.
It’s illegal to shout fire in a crowded theater. But it’s reckless to not raise a concern in that same crowded theater when you smell smoke, know that the theater owner has a history of not disclosing problems, and can’t afford to refund tickets.
olenick – at – legalprise.com