Attacks/Breaches
1/29/2013
12:43 PM
Connect Directly
RSS
E-Mail
50%
50%

Bank DDoS Attackers Claim Victory Regarding Film

One copy of widely viewed film that attacks the founder of Islam has been excised from YouTube. But who removed it, and will all copies be pulled?

Who Is Hacking U.S. Banks? 8 Facts
Who Is Hacking U.S. Banks? 8 Facts
(click image for larger view and for slideshow)
The group behind a series of distributed denial of service (DDoS) attacks that have disrupted U.S. banks' websites for four months is claiming a partial victory.

In a Pastebin post uploaded Tuesday, the Izz ad-Din al-Qassam Cyber Fighters said that the main copy of a film that mocks the founder of Islam had been removed from YouTube, where it had racked up 17.1 million views.

"The al-Qassam cyber fighters lauds this positive measure of YouTube and on this basis suspends his operation and plans to give a time to Google and U.S. government to remove the other copies of film as well," according to the post. "During the suspension of Operation Ababil, no attack to U.S. banks would take place by al-Qassam cyber fighters."

[ Want the latest on online bank attacks? Read Bank Attacker Iran Ties Questioned By Security Pros. ]

The group previously promised to continue its attacks pending the "erasing of that nasty movie," or for at least the next year. The movie in question is "Innocence of Muslims," a film that mocks the founder of Islam. A 13-minute clip of the film was uploaded to YouTube in September, and blamed for triggering riots across the Middle East after clips of the film were featured in local newscasts.

The al-Qassam cyber fighters have blamed both the United States and the "Zionist Regime" both for creating the film and then failing to remove it upon being threatened. In reality, many copies of the film have been uploaded to YouTube, which is owned by Google. As a private company, Google is largely free to legally follow any terms of service that it sets, and had previously declined to remove the video on public safety grounds, at least in the United States. But Google did block the film in countries with large Muslim populations -- including Egypt, India and Libya -- to comply with local laws or avoid offending users. "What's OK in one country can be offensive elsewhere," said a statement released by Google in September. "This video -- which is widely available on the Web -- is clearly within our guidelines and so will stay on YouTube."

Other copies of the film, however, now trigger this warning screen: "The following content has been identified by the YouTube community as being potentially offensive or inappropriate. Viewer discretion is advised." Users are given the option to continue to the film, or cancel their request.

But the removal of the main copy of Innocents of the Muslims -- the related link now resolves to a page that says, "This video has been removed by the user" -- begs the question: Who requested its removal? Google, which owns YouTube, declined to verify if the video had been removed by the account holder, who had been listed as "Sam Becile."

Previous
1 of 2
Next
Comment  | 
Print  | 
More Insights
Comments
Oldest First  |  Newest First  |  Threaded View
PJS880
50%
50%
PJS880,
User Rank: Ninja
2/3/2013 | 6:01:51 PM
re: Bank DDoS Attackers Claim Victory Regarding Film
What sort of false victory is the Izz ad-Din al-Qassam Cyber Fighters, which by the way needs to do something about about that mouthful, I donG«÷t see any victory here? Are they referring to GoogleG«÷s block in high Muslim populated areas, as to not cause riots amongst those nations? I have not watched the film, but if it was on the web once, it still is there somewhere I am sure. Last time I checked we donG«÷t follow terrorist advice on what is appropriate and what is not.

Paul Sprague
InformationWeek Contributor
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Dark Reading Must Reads - September 25, 2014
Dark Reading's new Must Reads is a compendium of our best recent coverage of identity and access management. Learn about access control in the age of HTML5, how to improve authentication, why Active Directory is dead, and more.
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2003-1598
Published: 2014-10-01
SQL injection vulnerability in log.header.php in WordPress 0.7 and earlier allows remote attackers to execute arbitrary SQL commands via the posts variable.

CVE-2011-4624
Published: 2014-10-01
Cross-site scripting (XSS) vulnerability in facebook.php in the GRAND FlAGallery plugin (flash-album-gallery) before 1.57 for WordPress allows remote attackers to inject arbitrary web script or HTML via the i parameter.

CVE-2012-0811
Published: 2014-10-01
Multiple SQL injection vulnerabilities in Postfix Admin (aka postfixadmin) before 2.3.5 allow remote authenticated users to execute arbitrary SQL commands via (1) the pw parameter to the pacrypt function, when mysql_encrypt is configured, or (2) unspecified vectors that are used in backup files gene...

CVE-2014-2640
Published: 2014-10-01
Cross-site scripting (XSS) vulnerability in HP System Management Homepage (SMH) before 7.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CVE-2014-2641
Published: 2014-10-01
Cross-site request forgery (CSRF) vulnerability in HP System Management Homepage (SMH) before 7.4 allows remote authenticated users to hijack the authentication of unspecified victims via unknown vectors.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Chris Hadnagy, who hosts the annual Social Engineering Capture the Flag Contest at DEF CON, will discuss the latest trends attackers are using.