Attacks/Breaches
12/13/2012
12:00 PM
50%
50%

Bank Attackers Promise To Resume DDoS Takedowns

Silent for six weeks, the Cyber fighters of Izz ad-din Al qassam hacktivist group have promised to resume targeting banks, in protest of a movie that mocks the founder of Islam.

Who Is Hacking U.S. Banks? 8 Facts
Who Is Hacking U.S. Banks? 8 Facts
(click image for larger view and for slideshow)
The U.S. bank attackers are back.

The hacktivist group calling itself the Cyber fighters of Izz ad-din Al qassam this week broke six weeks of silence to announce the second phase of its Operation Ababil distributed denial of service (DDoS) attacks against banks.

"The goals under attacks of this week are including: U.S. Bancorp, JPMorgan Chase&co, Bank of America, PNC Financial Fervices (sic) Group, SunTrust Banks, Inc.," said a post uploaded Monday to the group's Pastebin account.

In the previous attacks, which stretched for more than a month, the attackers disrupted the websites of some of Wall Street's biggest financial institutions, including Bank of America, BB&T, JPMorgan Chase, Capital One, HSBC, New York Stock Exchange, Regions Financial, SunTrust, U.S. Bank and Wells Fargo. Despite the attackers previewing the sites to be attacked, as well as the days and times, the bank websites seemed unable to handle the sheer scale of the attacks.

[ Read Hackers Rob $400,000 From Washington Town. ]

The attackers have promised more of the same, and then some. "In new phase, the wideness and the number of attacks will increase explicitly; and offenders and subsequently their governmental supporters will not be able to imagine and forecast the widespread and greatness of these attacks," the group claimed in its post.

According to the Sitedown website, which tracks website outages, Bank of America Tuesday appeared to begin suffering an unusual number of sites outages, with many customers reporting that the bank's website had been unreachable for hours, if not days. Likewise, customers of the PNC Financial Services Group Tuesday began reporting difficulties accessing that website.

Fred Solomon, VP of corporate communications for PNC, said via email that the bank's customers have recently experienced some disruptions. "PNC customers experienced slower access to online banking on Tuesday and Wednesday due to an unusual volume of electronic traffic at our Internet connection," he said. But he declined to comment on whether that traffic had been caused by DDoS attacks.

Bank of America spokesman Mark T. Pipitone said via email that the bank's website is operating normally. "We have experienced no outages. We’re aware of the reports of possible cyberattacks and we’re monitoring our systems, which are fully operational," he said.

A U.S. Bancorp spokesman didn't immediately respond to an emailed request for comment on the hacktivist threat, or whether it has seen DDoS attacks against its websites increase this week. When asked similar questions, meanwhile, a spokesman for JPMorgan Chase, reached by phone, declined to comment, as did a spokesman for SunTrust Bank, via email.

The bank attackers made their last attack-related pronouncement in October, when they announced that they'd be pausing their attacks in honor of the Muslim Eid al-Adha holiday, which in 2012 ran from the evening of Oct. 25 to the evening of Oct. 26. Since then, the attackers appear to have conducted interviews with multiple media outlets, one of which was apparently reprinted by private intelligence firm Flashpoint Partners.

In their Monday Pastebin post, the bank attackers said they were restarting their attack campaign for the same reason as they'd begun it: To protest the Innocence of the Muslims film that mocks the founder of Islam. A 14-minute clip of the film was earlier this year uploaded to YouTube by its director, who resides in the United States, and it reportedly sparked a number of riots across the Middle East.

U.S. officials have blamed the Iranian government for sponsoring the DDoS attacks against U.S. banks. But the Cyber fighters of Izz ad-din Al qassam have disputed having ties with any government, and hinted that its members hail from multiple countries.

The group reiterated that assertion in its Monday Pastebin post, in which it reprinted in full the answers it said it had provided to American Banker, amongst other media outlets. "No government or organization is sponsoring us and we do not wait for any sponsor as well," said the group.

Note: Story updated to add Bank of America statement.

Stay ahead of the eCommerce technology curve. Watch our webcast, Next Generation e-Commerce Strategies for B2B Sales and Marketing, to learn the strategies and tactics you can use to more efficiently give your clients what they want, keep them happy and increase sales. Register now.

Comment  | 
Print  | 
More Insights
Comments
Threaded  |  Newest First  |  Oldest First
Deirdre Blake
50%
50%
Deirdre Blake,
User Rank: Apprentice
12/14/2012 | 4:48:12 PM
re: Bank Attackers Promise To Resume DDoS Takedowns
Just in time for the holidays!
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Dark Reading December Tech Digest
Experts weigh in on the pros and cons of end-user security training.
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-1421
Published: 2014-11-25
mountall 1.54, as used in Ubuntu 14.10, does not properly handle the umask when using the mount utility, which allows local users to bypass intended access restrictions via unspecified vectors.

CVE-2014-3605
Published: 2014-11-25
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-6407. Reason: This candidate is a reservation duplicate of CVE-2014-6407. Notes: All CVE users should reference CVE-2014-6407 instead of this candidate. All references and descriptions in this candidate have been removed to pre...

CVE-2014-6093
Published: 2014-11-25
Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 7.0.x before 7.0.0.2 CF29, 8.0.x through 8.0.0.1 CF14, and 8.5.x before 8.5.0 CF02 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.

CVE-2014-6196
Published: 2014-11-25
Cross-site scripting (XSS) vulnerability in IBM Web Experience Factory (WEF) 6.1.5 through 8.5.0.1, as used in WebSphere Dashboard Framework (WDF) and Lotus Widget Factory (LWF), allows remote attackers to inject arbitrary web script or HTML by leveraging a Dojo builder error in an unspecified WebSp...

CVE-2014-7247
Published: 2014-11-25
Unspecified vulnerability in JustSystems Ichitaro 2008 through 2011; Ichitaro Government 6, 7, 2008, 2009, and 2010; Ichitaro Pro; Ichitaro Pro 2; Ichitaro 2011 Sou; Ichitaro 2012 Shou; Ichitaro 2013 Gen; and Ichitaro 2014 Tetsu allows remote attackers to execute arbitrary code via a crafted file.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Now that the holiday season is about to begin both online and in stores, will this be yet another season of nonstop gifting to cybercriminals?