Attacks/Breaches
9/28/2012
09:59 AM
Connect Directly
RSS
E-Mail
50%
50%

PNC Bank Hit By Crowdsourced Hacktivist Attacks

Financial services website disrupted by DDoS attacks launched to protest anti-Muslim film, following similar attacks against Wells Fargo, U.S. Bank, and Bank of America.

After attacking the websites of Wells Fargo and U.S. Bank earlier this week, Muslim hacktivists Thursday also claimed credit for disrupting the PNC Financial Services Group website.

The attacks were carried out under the banner of "Operation Ababil," which last week disrupted the websites of Bank of America and JPMorgan Chase. This week's banking attacks--against Wells Fargo Tuesday, U.S. Bank Wednesday, and PNC Bank Thursday--had been previewed in a Pastebin post uploaded by a hacktivist group calling itself Cyber fighters of Izz ad-din Al qassam.

Likewise, a Thursday post to the Hilf-Ol-Fozoul blog--which has promoted Operation Ababil and shared links to distributed denial-of-service (DDoS) tools--credited the Cyber fighters of Izz ad-din Al qassam with having organized the recent banking website attacks.

[ Could an international agreement stop international cyber warfare? The Case For A Cyber Arms Treaty. ]

PNC didn't immediately respond to an emailed request for comment about the attacks. But PNC spokesman Fred Solomon told Threatpost Thursday that "traffic to our sites is heavy today and it's of a similar pattern to that seen by other banks of late."

The Cyber fighters of Izz ad-din Al qassam have said that the attacks against U.S. financial services websites are being launched in retaliation for the release of the Innocence of Muslims film that mocks the founder of Islam. A 14-minute clip of the film, uploaded to YouTube by its director, a man going by the name Sam Bacile, helped trigger numerous riots across the Middle East.

But former U.S. government officials, speaking anonymously, have accused the Iranian government of being behind the attacks against financial institutions, which they said began about a year ago. The Iranian government, however, has denied any involvement.

Meanwhile, Dmitri Alperovich, CTO of security firm CrowdStrike, doesn't think the attacks are just about protesting online, not least because the name of the group involved is the same as the military branch of Hamas. "I don't buy that their motivation is in response to the video; this group has been carrying out attacks for months," he told Threatpost. "Their motivation is to send a message that this is what they're capable of."

Regardless of whoever's organizing the financial website DDoS attacks, the campaign appears to be crowdsourced and receiving grassroots-level support, according to Atif Mushtaq, a security researcher at FireEye. "When I heard about this DDoS, the first things I wanted to find was the nature of the DDoS attack," said Mushtaq via email. "Like, is it being done using some botnet, or is it a community based action? If it is being done using some botnet, then who is operating this botnet--is it a simple 'pay for DDOS' scenario where attacker(s) rent a botnet to attack someone, or [have] attackers built their own botnet?"

According to Mushtaq, "it's most likely a community-based action, not a botnet," based in part on a September 18 post on the blog titled "Come and support Prophet Muhammed on the Internet," which urged to people to download attack tools--via included file-sharing websites--and use them to attack the Bank of America and New York Stock Exchange websites, in support of the Cyber fighters of Izz ad-din Al qassam. "They are asking people to download a RAR file containing an HTML file, and run it from their desktop," said Mushtaq. "From this point onwards DDoS will be handled by these scripts alone."

If protesting online is the goal of the attacks, what might convince the hacktivists involved to wrap up their campaign? A post to the Hilf-Ol-Fozoul blog called on U.S. authorities to "punish the cast and crew, the publisher included," of Innocence of Muslims film, at which time it said "this story will end."

The U.S. government has already been moving to distance itself from the film. Earlier this week, in an address to the United Nations General Assembly, President Barack Obama criticized the video as being "crude and disgusting" and reiterated that the U.S. government had no hand in creating it. "It is an insult not only to Muslims, but to America as well," he said, but noted that the film was likewise protected by U.S. law. "I know there are some who ask why don't we just ban such a video. The answer is enshrined in our laws. Our Constitution protects the right to practice free speech."

Thursday, however, the alleged filmmaker behind the Innocence of the Muslims was arrested in Los Angeles. Authorities have accused the man, Nakoula Basseley Nakoula, of violating the terms of his 2010 conviction for banking fraud. According to news reports, during his case law enforcement officials alleged that Nakoula had opened credit card and bank accounts using other people's names, written checks in other people's names, and then attempted to deposit those checks and withdraw the money.

After pleading guilty to a bank fraud charge, Nakoula served 21 months in prison, and was released in June 2011. But as part of his probation, he's barred from using a computer unless under supervision. Authorities said they suspect that Nakoula--a Christian who's originally from Egypt--said he was Sam Bacile when speaking with news media about the film.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Andrew Hornback
50%
50%
Andrew Hornback,
User Rank: Apprentice
10/1/2012 | 1:08:42 AM
re: PNC Bank Hit By Crowdsourced Hacktivist Attacks
This looks to be more a case of "Oh look, now we have a reason to rally behind in order to cover our real cause" as opposed to simply getting a bunch of folks together to attack a website.

I have to wonder though - at what point does this kind of "protest" (as they call it) cross the line from being a Freedom of Speech thing into cyber attack territory?

Also, what this group is really showing that they're doing is that they can waste resources - it takes power to both generate this "attack" and transmit it to their targets. Not that I'm an expert in Islam, but isn't there something involved in that faith that says that humanity has to take care of the Earth that they've been given? Is wasting resources in the name of your religious beliefs really the best way to do that?

From a tech standpoint - the idea behind this is somewhat laughable. Let's enlist everyone within ear shot to join a group in order to attack a target. Given that you're using a digital means in order to do that, not only is it deflectable with the appropriate countermeasures, but it also will help those whom you are attacking to determine just who you are and remove your anonymity - anything in the digital domain can be traced with enough effort.

Andrew Hornback
InformationWeek Contributor
Register for Dark Reading Newsletters
Partner Perspectives
What's This?
In a digital world inundated with advanced security threats, Intel Security seeks to transform how we live and work to keep our information secure. Through hardware and software development, Intel Security delivers robust solutions that integrate security into every layer of every digital device. In combining the security expertise of McAfee with the innovation, performance, and trust of Intel, this vision becomes a reality.

As we rely on technology to enhance our everyday and business life, we must too consider the security of the intellectual property and confidential data that is housed on these devices. As we increase the number of devices we use, we increase the number of gateways and opportunity for security threats. Intel Security takes the “security connected” approach to ensure that every device is secure, and that all security solutions are seamlessly integrated.
Featured Writers
White Papers
Cartoon
Current Issue
Dark Reading's October Tech Digest
Fast data analysis can stymie attacks and strengthen enterprise security. Does your team have the data smarts?
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2012-5242
Published: 2014-10-21
Directory traversal vulnerability in functions/suggest.php in Banana Dance B.2.6 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the name parameter in a get_template action.

CVE-2012-5243
Published: 2014-10-21
functions/suggest.php in Banana Dance B.2.6 and earlier allows remote attackers to read arbitrary database information via a crafted request.

CVE-2012-5702
Published: 2014-10-21
Multiple cross-site scripting (XSS) vulnerabilities in dotProject before 2.1.7 allow remote attackers to inject arbitrary web script or HTML via the (1) callback parameter in a color_selector action, (2) field parameter in a date_format action, or (3) company_name parameter in an addedit action to i...

CVE-2013-7406
Published: 2014-10-21
SQL injection vulnerability in the MRBS module for Drupal allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

CVE-2014-2531
Published: 2014-10-21
SQL injection vulnerability in xhr.php in InterWorx Web Control Panel (aka InterWorx Hosting Control Panel and InterWorx-CP) before 5.0.14 build 577 allows remote authenticated users to execute arbitrary SQL commands via the i parameter in a search action to the (1) NodeWorx , (2) SiteWorx, or (3) R...

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Follow Dark Reading editors into the field as they talk with noted experts from the security world.