Attacks/Breaches
12/13/2012
12:00 PM
50%
50%

Bank Attackers Promise To Resume DDoS Takedowns

Silent for six weeks, the Cyber fighters of Izz ad-din Al qassam hacktivist group have promised to resume targeting banks, in protest of a movie that mocks the founder of Islam.

Who Is Hacking U.S. Banks? 8 Facts
Who Is Hacking U.S. Banks? 8 Facts
(click image for larger view and for slideshow)
The U.S. bank attackers are back.

The hacktivist group calling itself the Cyber fighters of Izz ad-din Al qassam this week broke six weeks of silence to announce the second phase of its Operation Ababil distributed denial of service (DDoS) attacks against banks.

"The goals under attacks of this week are including: U.S. Bancorp, JPMorgan Chase&co, Bank of America, PNC Financial Fervices (sic) Group, SunTrust Banks, Inc.," said a post uploaded Monday to the group's Pastebin account.

In the previous attacks, which stretched for more than a month, the attackers disrupted the websites of some of Wall Street's biggest financial institutions, including Bank of America, BB&T, JPMorgan Chase, Capital One, HSBC, New York Stock Exchange, Regions Financial, SunTrust, U.S. Bank and Wells Fargo. Despite the attackers previewing the sites to be attacked, as well as the days and times, the bank websites seemed unable to handle the sheer scale of the attacks.

[ Read Hackers Rob $400,000 From Washington Town. ]

The attackers have promised more of the same, and then some. "In new phase, the wideness and the number of attacks will increase explicitly; and offenders and subsequently their governmental supporters will not be able to imagine and forecast the widespread and greatness of these attacks," the group claimed in its post.

According to the Sitedown website, which tracks website outages, Bank of America Tuesday appeared to begin suffering an unusual number of sites outages, with many customers reporting that the bank's website had been unreachable for hours, if not days. Likewise, customers of the PNC Financial Services Group Tuesday began reporting difficulties accessing that website.

Fred Solomon, VP of corporate communications for PNC, said via email that the bank's customers have recently experienced some disruptions. "PNC customers experienced slower access to online banking on Tuesday and Wednesday due to an unusual volume of electronic traffic at our Internet connection," he said. But he declined to comment on whether that traffic had been caused by DDoS attacks.

Bank of America spokesman Mark T. Pipitone said via email that the bank's website is operating normally. "We have experienced no outages. We’re aware of the reports of possible cyberattacks and we’re monitoring our systems, which are fully operational," he said.

A U.S. Bancorp spokesman didn't immediately respond to an emailed request for comment on the hacktivist threat, or whether it has seen DDoS attacks against its websites increase this week. When asked similar questions, meanwhile, a spokesman for JPMorgan Chase, reached by phone, declined to comment, as did a spokesman for SunTrust Bank, via email.

The bank attackers made their last attack-related pronouncement in October, when they announced that they'd be pausing their attacks in honor of the Muslim Eid al-Adha holiday, which in 2012 ran from the evening of Oct. 25 to the evening of Oct. 26. Since then, the attackers appear to have conducted interviews with multiple media outlets, one of which was apparently reprinted by private intelligence firm Flashpoint Partners.

In their Monday Pastebin post, the bank attackers said they were restarting their attack campaign for the same reason as they'd begun it: To protest the Innocence of the Muslims film that mocks the founder of Islam. A 14-minute clip of the film was earlier this year uploaded to YouTube by its director, who resides in the United States, and it reportedly sparked a number of riots across the Middle East.

U.S. officials have blamed the Iranian government for sponsoring the DDoS attacks against U.S. banks. But the Cyber fighters of Izz ad-din Al qassam have disputed having ties with any government, and hinted that its members hail from multiple countries.

The group reiterated that assertion in its Monday Pastebin post, in which it reprinted in full the answers it said it had provided to American Banker, amongst other media outlets. "No government or organization is sponsoring us and we do not wait for any sponsor as well," said the group.

Note: Story updated to add Bank of America statement.

Stay ahead of the eCommerce technology curve. Watch our webcast, Next Generation e-Commerce Strategies for B2B Sales and Marketing, to learn the strategies and tactics you can use to more efficiently give your clients what they want, keep them happy and increase sales. Register now.

Comment  | 
Print  | 
More Insights
Comments
Threaded  |  Newest First  |  Oldest First
Deirdre Blake
50%
50%
Deirdre Blake,
User Rank: Apprentice
12/14/2012 | 4:48:12 PM
re: Bank Attackers Promise To Resume DDoS Takedowns
Just in time for the holidays!
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Flash Poll
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-9605
Published: 2015-09-04
WebUpgrade in Netsweeper before 3.1.10, 4.0.x before 4.0.9, and 4.1.x before 4.1.2 allows remote attackers to bypass authentication and create a system backup tarball, restart the server, or stop the filters on the server via a ' (single quote) character in the login and password parameters to webup...

CVE-2015-5612
Published: 2015-09-04
Cross-site scripting (XSS) vulnerability in October CMS build 271 and earlier allows remote attackers to inject arbitrary web script or HTML via the caption tag of a profile image.

CVE-2015-5688
Published: 2015-09-04
Directory traversal vulnerability in lib/app/index.js in Geddy before 13.0.8 for Node.js allows remote attackers to read arbitrary files via a ..%2f (dot dot encoded slash) in the PATH_INFO to the default URI.

CVE-2015-6807
Published: 2015-09-04
Cross-site scripting (XSS) vulnerability in the Mass Contact module 6.x-1.x before 6.x-1.6 and 7.x-1.x before 7.x-1.1 for Drupal allows remote authenticated users with the "administer mass contact" permission to inject arbitrary web script or HTML via a category label.

CVE-2015-6808
Published: 2015-09-04
Cross-site scripting (XSS) vulnerability in the Spotlight module 7.x-1.x before 7.x-1.5 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via a node title.

Dark Reading Radio
Archived Dark Reading Radio
Another Black Hat is in the books and Dark Reading was there. Join the editors as they share their top stories, biggest lessons, and best conversations from the premier security conference.