Attacks/Breaches
10/24/2012
11:53 AM
50%
50%

U.S. Bank Hackers Promise DDoS Pause

In the sixth week since the launch of "Operation Ababil" attacks against Wall Street banks, online post says hacktivists are taking time off for a Muslim holiday.

Muslim Hacktivists Target U.S. Banks: 8 Facts
Muslim Hacktivists Target U.S. Banks: 8 Facts
(click image for larger view and for slideshow)
After six weeks of attacks, the Muslim hacktivist group that's knocked the websites of some of Wall Street's biggest banks offline announced that it's taking a holiday.

A Tuesday Pastebin post from the Izz ad-Din al-Qassam Cyber Fighters hacktivist group said that in honor of the Muslim Eid al-Adha holiday, which in 2012 runs from the evening of Oct. 25 to the evening of Oct. 26, they're planning a break. "To commemorate this breezy and blessing day, we will stop our attack operations during the next days," according to the group's statement. "Instead, we are going to have an interview with one of the American media and press about our ideas and positions." The group then solicited offers via a provided email address (alqassamcyberfighter@myway.com).

Last week, as part of what they've dubbed "Operation Ababil," the attackers launched distributed denial of service (DDoS) attacks that disrupted the websites of BB&T, HSBC, and Capital One--the lattermost site for the second time. Before that, previous attacks by the group had disrupted the websites of many of Wall Street's biggest financial institutions, including Bank of America, JPMorgan Chase, New York Stock Exchange, Regions Financial, SunTrust, U.S. Bank, and Wells Fargo.

[ The feds are looking for new ways to keep diplomatic employees safe. See After Benghazi, State Dept. Seeks Diplomat Tracking Technologies. ]

The hacktivists reiterated that their DDoS attacks have been launched in retaliation for the "organized insulting to the Prophet of Islam done by some arrogant western governments," by which the group was referring to the YouTube release of a clip of Innocence of Muslims, a film that attacks the founder of Islam, and which has been attributed to an Egyptian-born U.S. resident who is Christian. The hacktivist group has continually called for western governments to excise the film from the Internet.

The group also repeated that it's had no part in recent wire-transfer fraud campaigns. U.S. government officials, in anonymous media interviews, have accused Iran of orchestrating the attacks, and also said they've traced the Izz ad-Din al-Qassam Cyber Fighters attacks to a group of fewer than 100 information security specialists based at Iranian universities and technology companies.

"We have already stressed that the attacks launch only to prevent banking services temporarily throughout the day & there is no stealing or handling of money in our agenda," said the Izz ad-Din al-Qassam Cyber Fighters in their Pastebin post. "So if others have done such actions we don't assume any responsibility for it. Every day we are giving a compulsive break to all employees of one of the banks & its customers."

The group also disparaged a recent speech made by Defense Secretary Leon Panetta, in which he referred to the ongoing bank website disruptions, and warned that such attacks could become the norm or easily be extended to disrupt critical infrastructure systems in the United States. In response, the Izz ad-Din al-Qassam Cyber Fighters said that "Mr. Panetta has noted in his remarks to the potential cyber threats such as attacking on Power & Water Infrastructures, running off trains from the tracks & etc. On our opinion, these Panetta's remarks are for distracting the public opinion & in support of the owners of the bank's capital."

"So please stop these nonsense and just order the officials to remove the insulting video from Internet," the group said.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
PJS880
50%
50%
PJS880,
User Rank: Ninja
10/30/2012 | 5:17:20 PM
re: U.S. Bank Hackers Promise DDoS Pause
What? Are you serious? This is absolutist the funniest thing I have read today. The hackers are taking a holiday break and not going to work for a day? Here is an idea why don't we have our cyber defense team reverse attack this group? Why are they day after day attacking sites and getting away with it? Stop this group and make a statement out of them. As far as the rest of the world is concerned how does this look toward our financial security if a group is knowingly attacking financial sites and getting away with day after day? I thought we were good let's see why we have all these security officials in place can really do anything about it. This day off would be a great day to start!

Paul Sprague
InformationWeek Contributor
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Dark Reading, January 2015
To find and fix exploits aimed directly at your business, stop waiting for alerts and become a proactive hunter.
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-7402
Published: 2014-12-17
Multiple unspecified vulnerabilities in request.c in c-icap 0.2.x allow remote attackers to cause a denial of service (crash) via a crafted ICAP request.

CVE-2014-5437
Published: 2014-12-17
Multiple cross-site request forgery (CSRF) vulnerabilities in ARRIS Touchstone TG862G/CT Telephony Gateway with firmware 7.6.59S.CT and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) enable remote management via a request to remote_management.php,...

CVE-2014-5438
Published: 2014-12-17
Cross-site scripting (XSS) vulnerability in ARRIS Touchstone TG862G/CT Telephony Gateway with firmware 7.6.59S.CT and earlier allows remote authenticated users to inject arbitrary web script or HTML via the computer_name parameter to connected_devices_computers_edit.php.

CVE-2014-7170
Published: 2014-12-17
Race condition in Puppet Server 0.2.0 allows local users to obtain sensitive information by accessing it in between package installation or upgrade and the start of the service.

CVE-2014-7285
Published: 2014-12-17
The management console on the Symantec Web Gateway (SWG) appliance before 5.2.2 allows remote authenticated users to execute arbitrary OS commands by injecting command strings into unspecified PHP scripts.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Join us Wednesday, Dec. 17 at 1 p.m. Eastern Time to hear what employers are really looking for in a chief information security officer -- it may not be what you think.