Attacks/Breaches
10/11/2012
12:55 PM
Connect Directly
RSS
E-Mail
50%
50%

Hackers Launch New Wave Of U.S. Bank Attacks

Hacker group disrupts Capital One, SunTrust websites, compares its campaign against anti-Muslim movie to Kate Middleton's suit against a French magazine.

The hackers behind recent disruptions of U.S. bank websites this week launched a new wave of attacks.

The attacks were previewed Monday in a Pastebin post from Izz ad-Din al-Qassam Cyber Fighters, which promised to attack Capital One (Tues.), SunTrust Banks (Wed.), and Regions Financial (Thurs.), beginning at 2 p.m. British Time each day, and lasting for eight hours.

The group said it was continuing the "attack to your financial centers" as ongoing retaliation for the release of the Innocence of Muslims film that attacked the founder of Islam, an excerpt of which was posted last month to YouTube. The group also questioned why the film had been allowed to remain online, and contrasted the legal handling of the film with a lawsuit filed by the U.K's duke and duchess of Cambridge--the latter, formerly known as Kate Middleton.

"For instance, at the same time with the Queen of England family's complaint against an insulting photo published in the French magazines the photo was removed immediately. But you did not care about the demands of Muslims and called the fighter groups' activities terrorist attacks," it said in the Pastebin post.

[ The malware market puts everyone at risk. See Weaponized Bugs: Time For Digital Arms Control. ]

Capital One Wednesday confirmed that its website had been attacked, but suffered only disruptions. "We have no reason to believe that customer and account information is at risk," spokeswoman Tatiana Stead told CNBC. "As always, protecting customer information is a top priority." Likewise, SunTrust Wednesday confirmed that its site had been disrupted by attackers.

Meanwhile, Regions Financial told Bloomberg Wednesday that it had prepared for the forecasted Thursday attacks against its site. "We are aware that the group claiming responsibility for these attacks has identified Regions as one of its targets," said a spokeswoman. "We take online security seriously and are taking every measure to protect the company and our customers." Come Thursday, however, the bank's website appeared to be at least intermittently unavailable.

Previous attacks launched under the "Izz ad-Din al-Qassam Cyber Fighters" banner have disrupted the websites of Bank of America, JPMorgan Chase, PNC, U.S. Bank, and Wells Fargo. To date, the group or groups involved appear to have been launching distributed denial-of-service (DDoS) attacks to cause the disruptions, via compromised servers.

Some former U.S. government officials, in anonymous interviews, have accused the Iranian government of being behind the U.S. bank attacks, which they say began a year ago, and involved fraudulent wire transfers. But in their Pastebin post, the hackers appeared to dispute such criticism. "It is necessary to mention that the Izz ad-Din al-Qassam group has no relation with recent Trojan-based attacks which aims the people's electronic money transfers. Our activities are only against the insulting movie mentioned above," it said.

That came as an apparent, direct reply to the FBI, the Financial Services Information Sharing and Analysis Center, and the Internet Crime Complaint Center, which recently issued a joint warning that attackers wielding spam, keyloggers, and remote access Trojans (RATs) were targeting banking employees, and using stolen access credentials to execute fraudulent wire transfers of up to $900,000 at a time, moving the money into foreign accounts.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Mathew
50%
50%
Mathew,
User Rank: Apprentice
10/16/2012 | 11:51:19 AM
re: Hackers Launch New Wave Of U.S. Bank Attacks
Interestingly, none of the attacked sites were able to block or prevent the attacks, despite the prior warning. Meaning that the scale of the attacks was quite substantial. And just one of the ways that this doesn't sound like good old anarchic hacktivism, but rather something with a bit more backing/organization.
PJS880
50%
50%
PJS880,
User Rank: Ninja
10/16/2012 | 7:32:26 AM
re: Hackers Launch New Wave Of U.S. Bank Attacks
If you are going to attack a major baking corporation such as Capital One you might not want to announce it. I am sure Capital One was on full defense during the stated times that the attacks were to occur, and alleviated the attack all together. The reason for the attacks is about as ridiculous as announcing the attacks themselves. I have not watched the movie The Innocence of Muslims film, so I can't comment about the content, but I have not to date witnessed a movie that made me want to up and start attacking foreign banks in the name of the film. Huh? That doesn't even make sense, anyway maybe next time they won't announce the attacks.

Paul Sprague
InformationWeek Contributor
Register for Dark Reading Newsletters
White Papers
Flash Poll
Current Issue
Cartoon
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-6117
Published: 2014-07-11
Dahua DVR 2.608.0000.0 and 2.608.GV00.0 allows remote attackers to bypass authentication and obtain sensitive information including user credentials, change user passwords, clear log files, and perform other actions via a request to TCP port 37777.

CVE-2014-0174
Published: 2014-07-11
Cumin (aka MRG Management Console), as used in Red Hat Enterprise MRG 2.5, does not include the HTTPOnly flag in a Set-Cookie header for the session cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie.

CVE-2014-3485
Published: 2014-07-11
The REST API in the ovirt-engine in oVirt, as used in Red Hat Enterprise Virtualization (rhevm) 3.4, allows remote authenticated users to read arbitrary files and have other unspecified impact via unknown vectors, related to an XML External Entity (XXE) issue.

CVE-2014-3499
Published: 2014-07-11
Docker 1.0.0 uses world-readable and world-writable permissions on the management socket, which allows local users to gain privileges via unspecified vectors.

CVE-2014-3503
Published: 2014-07-11
Apache Syncope 1.1.x before 1.1.8 uses weak random values to generate passwords, which makes it easier for remote attackers to guess the password via a brute force attack.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Marilyn Cohodas and her guests look at the evolving nature of the relationship between CIO and CSO.