Banks gird for cyber attacks

It's a war game, Wall Street style.

Banks large and small are girding for an elaborate drill Thursday that will test how they would fare if hackers unleashed a powerful and coordinated attack against them.

The exercise is called "Quantum Dawn 2."

Cyberattacks on the banking industry are growing more frequent and sophisticated, and the list of assailants is ever-changing: crime bosses who want money, "hacktivists" who want to make statements, foreign governments that want to spy on U.S. companies.

Jamie Dimon, CEO of the country's biggest bank, JPMorgan Chase, acknowledged that attacks are becoming more complex and dangerous.

"Now you're talking about state-sanctioned folks, hundreds of programmers," he said in a call with reporters this spring, "taking over not just PCs but servers and mainframes."

JPMorgan and peers such as Bank of America, Citigroup, and Wells Fargo signed up for Thursday's drill, organized by Wall Street's biggest trade group, the Securities Industry and Financial Markets Association.

About 50 banks, organizations, and government agencies will participate, including the Treasury Department, the Department of Homeland Security, the Securities and Exchange Commission, and the FBI.

Bank employees will be blasted throughout the day with bits of information that could indicate an encroaching hacker attack. They will monitor a simulated stock exchange for irregular trading and will be pressed to figure out what's going on and how to react while sharing information with regulators and each other.

As the name suggests, this isn't the first Quantum Dawn. The original drill was in November 2011, and it attracted scant attention and only about half as many participants. But that was before a wave of cyberattacks last fall, when big banks were forced to temporarily shut down their websites after attackers bombarded them with traffic - akin to overwhelming a phone line with too many calls.

Software giant Symantec calculates that cyberattacks against U.S. businesses jumped 42 percent last year.

Big banks have started listing cyberattacks as a potential risk factor in filings for regulators and investors. The Office of the Comptroller of the Currency, which regulates national banks, recently held a call with community bankers to warn them that they're not free from danger either: Since September, attacks have increasingly been aimed at businesses with fewer than 250 employees, the OCC says.

Banks downplay the risk of hackers tapping into any individual customer's account.

For most, that will never happen, the banks say, and even if it did, the customer wouldn't be responsible. Customers would have to go through certain steps to get their money back, such as filing a claim, showing that they weren't negligently tossing their account information around and giving the bank time to investigate. But federal regulations protect retail customers from being held accountable when money is removed from their accounts without permission.