It's one thing if you can't check the weather on
; it's another if you can't get out of a plummeting stock position in the 10 or 15 minutes that online brokerages have made standard.
That's the essence of the problem
faced Wednesday morning when some customers weren't able to access the Web site because of a concerted effort by so-called hackers to shut it down.
Despite the assault, online brokerage executives are saying the hacking to this point is more a nuisance than a security breach and suggest that remedies will be enabled more quickly if copycats emerge in the following days.
Unlike other targets such as Yahoo! or
, the attack on E*Trade stung deeper because suddenly it wasn't just online shopping that was vulnerable, but the most urgent form of e-commerce, stock trading. Like the others, E*Trade is among the largest and most visible in its popular Net space, with about 2 million accounts.
The reality, however, is that while the ability to manage online accounts was hurt, the assets and data in those accounts lay undisturbed. E*Trade says no account information was compromised by the onslaught of hits to the network, a hacker tactic that, as everyone now knows, goes by the name of a service-denial attack.
"It looked like they went after some pretty high-profile companies. Yahoo! was the first one and they have a very strong, very visible brand, just like E*Trade," said E*Trade spokesman Patrick DiChiro.
Executives at two other online brokerages say they'll be able to make changes quickly to prevent or minimize shutdowns if hackers start hitting their computer systems in a similar fashion.
"The fix is straightforward," says one online brokerage executive who requested anonymity. By using filters, the company can recognize that it's gotten, say, more than 100 page views within a second from the same source, and then deny access.
Within 10 minutes of hearing about E*Trade's problems, his brokerage had narrowed the parameters on the filters so that the technology would sort out any sort of similar attack. (The executive asked that the online brokerage's name be withheld for fear of targeting by such hackers.)
The brokerages can easily put contingency plans in place to cut down the time it takes to fix the problem, agrees
Chief Technology Officer Peter Stern. Datek suspected it may have suffered inadvertently from a service-denial attack Wednesday, but later ruled that out. In addition, he emphasized, a service-denial attack is far from being a true hack of the system, which is a lot more difficult to do.
"It's no more hacking than calling up the bank teller over and over again and hanging up on them is stealing money from the bank," Stern says. "It's not like anybody has any opportunity to steal any money."
Online brokerages use a combination of encryption, authentication and firewalls to control their sites; this is technology purchased either from outside firms or built internally, explains one industry consultant. Since e-brokers first came on the scene in the mid-1990s, security has been of the utmost concern for them, said one industry consultant.
"It's so hard to get in because security-abled technology is so impressive," explains Dan Burke, a consultant at
. It can be custom installations of an off-the-shelf product, something developed in-house, or a combination of both, he notes. "Security is job one for the online brokerages. It has to be." Gomez doesn't disclose its clients.
But controlling security also means controlling how many people have the keys to the kingdom and changing passwords so ex-employees can't get back in, explains Wayne Arden, vice president of sales and marketing for
Kingland Systems Corp.
, which builds Web sites for financial services companies. "It's not just the technology, it's the processes
put in place by the online brokerages."