Attacks/Breaches
1/29/2013
12:43 PM
50%
50%

Bank DDoS Attackers Claim Victory Regarding Film

One copy of widely viewed film that attacks the founder of Islam has been excised from YouTube. But who removed it, and will all copies be pulled?

Who Is Hacking U.S. Banks? 8 Facts
Who Is Hacking U.S. Banks? 8 Facts
(click image for larger view and for slideshow)
The group behind a series of distributed denial of service (DDoS) attacks that have disrupted U.S. banks' websites for four months is claiming a partial victory.

In a Pastebin post uploaded Tuesday, the Izz ad-Din al-Qassam Cyber Fighters said that the main copy of a film that mocks the founder of Islam had been removed from YouTube, where it had racked up 17.1 million views.

"The al-Qassam cyber fighters lauds this positive measure of YouTube and on this basis suspends his operation and plans to give a time to Google and U.S. government to remove the other copies of film as well," according to the post. "During the suspension of Operation Ababil, no attack to U.S. banks would take place by al-Qassam cyber fighters."

[ Want the latest on online bank attacks? Read Bank Attacker Iran Ties Questioned By Security Pros. ]

The group previously promised to continue its attacks pending the "erasing of that nasty movie," or for at least the next year. The movie in question is "Innocence of Muslims," a film that mocks the founder of Islam. A 13-minute clip of the film was uploaded to YouTube in September, and blamed for triggering riots across the Middle East after clips of the film were featured in local newscasts.

The al-Qassam cyber fighters have blamed both the United States and the "Zionist Regime" both for creating the film and then failing to remove it upon being threatened. In reality, many copies of the film have been uploaded to YouTube, which is owned by Google. As a private company, Google is largely free to legally follow any terms of service that it sets, and had previously declined to remove the video on public safety grounds, at least in the United States. But Google did block the film in countries with large Muslim populations -- including Egypt, India and Libya -- to comply with local laws or avoid offending users. "What's OK in one country can be offensive elsewhere," said a statement released by Google in September. "This video -- which is widely available on the Web -- is clearly within our guidelines and so will stay on YouTube."

Other copies of the film, however, now trigger this warning screen: "The following content has been identified by the YouTube community as being potentially offensive or inappropriate. Viewer discretion is advised." Users are given the option to continue to the film, or cancel their request.

But the removal of the main copy of Innocents of the Muslims -- the related link now resolves to a page that says, "This video has been removed by the user" -- begs the question: Who requested its removal? Google, which owns YouTube, declined to verify if the video had been removed by the account holder, who had been listed as "Sam Becile."

Previous
1 of 2
Next
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
PJS880
50%
50%
PJS880,
User Rank: Ninja
2/3/2013 | 6:01:51 PM
re: Bank DDoS Attackers Claim Victory Regarding Film
What sort of false victory is the Izz ad-Din al-Qassam Cyber Fighters, which by the way needs to do something about about that mouthful, I donGt see any victory here? Are they referring to GoogleGs block in high Muslim populated areas, as to not cause riots amongst those nations? I have not watched the film, but if it was on the web once, it still is there somewhere I am sure. Last time I checked we donGt follow terrorist advice on what is appropriate and what is not.

Paul Sprague
InformationWeek Contributor
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
Security Operations and IT Operations: Finding the Path to Collaboration
A wide gulf has emerged between SOC and NOC teams that's keeping both of them from assuring the confidentiality, integrity, and availability of IT systems. Here's how experts think it should be bridged.
Flash Poll
New Best Practices for Secure App Development
New Best Practices for Secure App Development
The transition from DevOps to SecDevOps is combining with the move toward cloud computing to create new challenges - and new opportunities - for the information security team. Download this report, to learn about the new best practices for secure application development.
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-0290
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

CVE-2016-10369
Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

CVE-2016-8202
Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

CVE-2016-8209
Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

CVE-2017-0890
Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.

Dark Reading Radio
Archived Dark Reading Radio
In past years, security researchers have discovered ways to hack cars, medical devices, automated teller machines, and many other targets. Dark Reading Executive Editor Kelly Jackson Higgins hosts researcher Samy Kamkar and Levi Gundert, vice president of threat intelligence at Recorded Future, to discuss some of 2016's most unusual and creative hacks by white hats, and what these new vulnerabilities might mean for the coming year.