Attacks/Breaches
10/11/2012
12:55 PM
50%
50%

Hackers Launch New Wave Of U.S. Bank Attacks

Hacker group disrupts Capital One, SunTrust websites, compares its campaign against anti-Muslim movie to Kate Middleton's suit against a French magazine.

The hackers behind recent disruptions of U.S. bank websites this week launched a new wave of attacks.

The attacks were previewed Monday in a Pastebin post from Izz ad-Din al-Qassam Cyber Fighters, which promised to attack Capital One (Tues.), SunTrust Banks (Wed.), and Regions Financial (Thurs.), beginning at 2 p.m. British Time each day, and lasting for eight hours.

The group said it was continuing the "attack to your financial centers" as ongoing retaliation for the release of the Innocence of Muslims film that attacked the founder of Islam, an excerpt of which was posted last month to YouTube. The group also questioned why the film had been allowed to remain online, and contrasted the legal handling of the film with a lawsuit filed by the U.K's duke and duchess of Cambridge--the latter, formerly known as Kate Middleton.

"For instance, at the same time with the Queen of England family's complaint against an insulting photo published in the French magazines the photo was removed immediately. But you did not care about the demands of Muslims and called the fighter groups' activities terrorist attacks," it said in the Pastebin post.

[ The malware market puts everyone at risk. See Weaponized Bugs: Time For Digital Arms Control. ]

Capital One Wednesday confirmed that its website had been attacked, but suffered only disruptions. "We have no reason to believe that customer and account information is at risk," spokeswoman Tatiana Stead told CNBC. "As always, protecting customer information is a top priority." Likewise, SunTrust Wednesday confirmed that its site had been disrupted by attackers.

Meanwhile, Regions Financial told Bloomberg Wednesday that it had prepared for the forecasted Thursday attacks against its site. "We are aware that the group claiming responsibility for these attacks has identified Regions as one of its targets," said a spokeswoman. "We take online security seriously and are taking every measure to protect the company and our customers." Come Thursday, however, the bank's website appeared to be at least intermittently unavailable.

Previous attacks launched under the "Izz ad-Din al-Qassam Cyber Fighters" banner have disrupted the websites of Bank of America, JPMorgan Chase, PNC, U.S. Bank, and Wells Fargo. To date, the group or groups involved appear to have been launching distributed denial-of-service (DDoS) attacks to cause the disruptions, via compromised servers.

Some former U.S. government officials, in anonymous interviews, have accused the Iranian government of being behind the U.S. bank attacks, which they say began a year ago, and involved fraudulent wire transfers. But in their Pastebin post, the hackers appeared to dispute such criticism. "It is necessary to mention that the Izz ad-Din al-Qassam group has no relation with recent Trojan-based attacks which aims the people's electronic money transfers. Our activities are only against the insulting movie mentioned above," it said.

That came as an apparent, direct reply to the FBI, the Financial Services Information Sharing and Analysis Center, and the Internet Crime Complaint Center, which recently issued a joint warning that attackers wielding spam, keyloggers, and remote access Trojans (RATs) were targeting banking employees, and using stolen access credentials to execute fraudulent wire transfers of up to $900,000 at a time, moving the money into foreign accounts.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Mathew
50%
50%
Mathew,
User Rank: Apprentice
10/16/2012 | 11:51:19 AM
re: Hackers Launch New Wave Of U.S. Bank Attacks
Interestingly, none of the attacked sites were able to block or prevent the attacks, despite the prior warning. Meaning that the scale of the attacks was quite substantial. And just one of the ways that this doesn't sound like good old anarchic hacktivism, but rather something with a bit more backing/organization.
PJS880
50%
50%
PJS880,
User Rank: Ninja
10/16/2012 | 7:32:26 AM
re: Hackers Launch New Wave Of U.S. Bank Attacks
If you are going to attack a major baking corporation such as Capital One you might not want to announce it. I am sure Capital One was on full defense during the stated times that the attacks were to occur, and alleviated the attack all together. The reason for the attacks is about as ridiculous as announcing the attacks themselves. I have not watched the movie The Innocence of Muslims film, so I can't comment about the content, but I have not to date witnessed a movie that made me want to up and start attacking foreign banks in the name of the film. Huh? That doesn't even make sense, anyway maybe next time they won't announce the attacks.

Paul Sprague
InformationWeek Contributor
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Five Emerging Security Threats - And What You Can Learn From Them
At Black Hat USA, researchers unveiled some nasty vulnerabilities. Is your organization ready?
Flash Poll
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-7445
Published: 2015-10-15
The Direct Rendering Manager (DRM) subsystem in the Linux kernel through 4.x mishandles requests for Graphics Execution Manager (GEM) objects, which allows context-dependent attackers to cause a denial of service (memory consumption) via an application that processes graphics data, as demonstrated b...

CVE-2015-4948
Published: 2015-10-15
netstat in IBM AIX 5.3, 6.1, and 7.1 and VIOS 2.2.x, when a fibre channel adapter is used, allows local users to gain privileges via unspecified vectors.

CVE-2015-5660
Published: 2015-10-15
Cross-site request forgery (CSRF) vulnerability in eXtplorer before 2.1.8 allows remote attackers to hijack the authentication of arbitrary users for requests that execute PHP code.

CVE-2015-6003
Published: 2015-10-15
Directory traversal vulnerability in QNAP QTS before 4.1.4 build 0910 and 4.2.x before 4.2.0 RC2 build 0910, when AFP is enabled, allows remote attackers to read or write to arbitrary files by leveraging access to an OS X (1) user or (2) guest account.

CVE-2015-6333
Published: 2015-10-15
Cisco Application Policy Infrastructure Controller (APIC) 1.1j allows local users to gain privileges via vectors involving addition of an SSH key, aka Bug ID CSCuw46076.

Dark Reading Radio
Archived Dark Reading Radio
Cybercrime has become a well-organized business, complete with job specialization, funding, and online customer service. Dark Reading editors speak to cybercrime experts on the evolution of the cybercrime economy and the nature of today's attackers.