Attacks/Breaches
10/11/2012
12:55 PM
50%
50%

Hackers Launch New Wave Of U.S. Bank Attacks

Hacker group disrupts Capital One, SunTrust websites, compares its campaign against anti-Muslim movie to Kate Middleton's suit against a French magazine.

The hackers behind recent disruptions of U.S. bank websites this week launched a new wave of attacks.

The attacks were previewed Monday in a Pastebin post from Izz ad-Din al-Qassam Cyber Fighters, which promised to attack Capital One (Tues.), SunTrust Banks (Wed.), and Regions Financial (Thurs.), beginning at 2 p.m. British Time each day, and lasting for eight hours.

The group said it was continuing the "attack to your financial centers" as ongoing retaliation for the release of the Innocence of Muslims film that attacked the founder of Islam, an excerpt of which was posted last month to YouTube. The group also questioned why the film had been allowed to remain online, and contrasted the legal handling of the film with a lawsuit filed by the U.K's duke and duchess of Cambridge--the latter, formerly known as Kate Middleton.

"For instance, at the same time with the Queen of England family's complaint against an insulting photo published in the French magazines the photo was removed immediately. But you did not care about the demands of Muslims and called the fighter groups' activities terrorist attacks," it said in the Pastebin post.

[ The malware market puts everyone at risk. See Weaponized Bugs: Time For Digital Arms Control. ]

Capital One Wednesday confirmed that its website had been attacked, but suffered only disruptions. "We have no reason to believe that customer and account information is at risk," spokeswoman Tatiana Stead told CNBC. "As always, protecting customer information is a top priority." Likewise, SunTrust Wednesday confirmed that its site had been disrupted by attackers.

Meanwhile, Regions Financial told Bloomberg Wednesday that it had prepared for the forecasted Thursday attacks against its site. "We are aware that the group claiming responsibility for these attacks has identified Regions as one of its targets," said a spokeswoman. "We take online security seriously and are taking every measure to protect the company and our customers." Come Thursday, however, the bank's website appeared to be at least intermittently unavailable.

Previous attacks launched under the "Izz ad-Din al-Qassam Cyber Fighters" banner have disrupted the websites of Bank of America, JPMorgan Chase, PNC, U.S. Bank, and Wells Fargo. To date, the group or groups involved appear to have been launching distributed denial-of-service (DDoS) attacks to cause the disruptions, via compromised servers.

Some former U.S. government officials, in anonymous interviews, have accused the Iranian government of being behind the U.S. bank attacks, which they say began a year ago, and involved fraudulent wire transfers. But in their Pastebin post, the hackers appeared to dispute such criticism. "It is necessary to mention that the Izz ad-Din al-Qassam group has no relation with recent Trojan-based attacks which aims the people's electronic money transfers. Our activities are only against the insulting movie mentioned above," it said.

That came as an apparent, direct reply to the FBI, the Financial Services Information Sharing and Analysis Center, and the Internet Crime Complaint Center, which recently issued a joint warning that attackers wielding spam, keyloggers, and remote access Trojans (RATs) were targeting banking employees, and using stolen access credentials to execute fraudulent wire transfers of up to $900,000 at a time, moving the money into foreign accounts.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Mathew
50%
50%
Mathew,
User Rank: Apprentice
10/16/2012 | 11:51:19 AM
re: Hackers Launch New Wave Of U.S. Bank Attacks
Interestingly, none of the attacked sites were able to block or prevent the attacks, despite the prior warning. Meaning that the scale of the attacks was quite substantial. And just one of the ways that this doesn't sound like good old anarchic hacktivism, but rather something with a bit more backing/organization.
PJS880
50%
50%
PJS880,
User Rank: Ninja
10/16/2012 | 7:32:26 AM
re: Hackers Launch New Wave Of U.S. Bank Attacks
If you are going to attack a major baking corporation such as Capital One you might not want to announce it. I am sure Capital One was on full defense during the stated times that the attacks were to occur, and alleviated the attack all together. The reason for the attacks is about as ridiculous as announcing the attacks themselves. I have not watched the movie The Innocence of Muslims film, so I can't comment about the content, but I have not to date witnessed a movie that made me want to up and start attacking foreign banks in the name of the film. Huh? That doesn't even make sense, anyway maybe next time they won't announce the attacks.

Paul Sprague
InformationWeek Contributor
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
Security Operations and IT Operations: Finding the Path to Collaboration
A wide gulf has emerged between SOC and NOC teams that's keeping both of them from assuring the confidentiality, integrity, and availability of IT systems. Here's how experts think it should be bridged.
Flash Poll
New Best Practices for Secure App Development
New Best Practices for Secure App Development
The transition from DevOps to SecDevOps is combining with the move toward cloud computing to create new challenges - and new opportunities - for the information security team. Download this report, to learn about the new best practices for secure application development.
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-0290
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

CVE-2016-10369
Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

CVE-2016-8202
Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

CVE-2016-8209
Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

CVE-2017-0890
Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.

Dark Reading Radio
Archived Dark Reading Radio
In past years, security researchers have discovered ways to hack cars, medical devices, automated teller machines, and many other targets. Dark Reading Executive Editor Kelly Jackson Higgins hosts researcher Samy Kamkar and Levi Gundert, vice president of threat intelligence at Recorded Future, to discuss some of 2016's most unusual and creative hacks by white hats, and what these new vulnerabilities might mean for the coming year.