Attacks/Breaches
10/24/2012
11:53 AM
Connect Directly
RSS
E-Mail
50%
50%
Repost This

U.S. Bank Hackers Promise DDoS Pause

In the sixth week since the launch of "Operation Ababil" attacks against Wall Street banks, online post says hacktivists are taking time off for a Muslim holiday.

Muslim Hacktivists Target U.S. Banks: 8 Facts
Muslim Hacktivists Target U.S. Banks: 8 Facts
(click image for larger view and for slideshow)
After six weeks of attacks, the Muslim hacktivist group that's knocked the websites of some of Wall Street's biggest banks offline announced that it's taking a holiday.

A Tuesday Pastebin post from the Izz ad-Din al-Qassam Cyber Fighters hacktivist group said that in honor of the Muslim Eid al-Adha holiday, which in 2012 runs from the evening of Oct. 25 to the evening of Oct. 26, they're planning a break. "To commemorate this breezy and blessing day, we will stop our attack operations during the next days," according to the group's statement. "Instead, we are going to have an interview with one of the American media and press about our ideas and positions." The group then solicited offers via a provided email address (alqassamcyberfighter@myway.com).

Last week, as part of what they've dubbed "Operation Ababil," the attackers launched distributed denial of service (DDoS) attacks that disrupted the websites of BB&T, HSBC, and Capital One--the lattermost site for the second time. Before that, previous attacks by the group had disrupted the websites of many of Wall Street's biggest financial institutions, including Bank of America, JPMorgan Chase, New York Stock Exchange, Regions Financial, SunTrust, U.S. Bank, and Wells Fargo.

[ The feds are looking for new ways to keep diplomatic employees safe. See After Benghazi, State Dept. Seeks Diplomat Tracking Technologies. ]

The hacktivists reiterated that their DDoS attacks have been launched in retaliation for the "organized insulting to the Prophet of Islam done by some arrogant western governments," by which the group was referring to the YouTube release of a clip of Innocence of Muslims, a film that attacks the founder of Islam, and which has been attributed to an Egyptian-born U.S. resident who is Christian. The hacktivist group has continually called for western governments to excise the film from the Internet.

The group also repeated that it's had no part in recent wire-transfer fraud campaigns. U.S. government officials, in anonymous media interviews, have accused Iran of orchestrating the attacks, and also said they've traced the Izz ad-Din al-Qassam Cyber Fighters attacks to a group of fewer than 100 information security specialists based at Iranian universities and technology companies.

"We have already stressed that the attacks launch only to prevent banking services temporarily throughout the day & there is no stealing or handling of money in our agenda," said the Izz ad-Din al-Qassam Cyber Fighters in their Pastebin post. "So if others have done such actions we don't assume any responsibility for it. Every day we are giving a compulsive break to all employees of one of the banks & its customers."

The group also disparaged a recent speech made by Defense Secretary Leon Panetta, in which he referred to the ongoing bank website disruptions, and warned that such attacks could become the norm or easily be extended to disrupt critical infrastructure systems in the United States. In response, the Izz ad-Din al-Qassam Cyber Fighters said that "Mr. Panetta has noted in his remarks to the potential cyber threats such as attacking on Power & Water Infrastructures, running off trains from the tracks & etc. On our opinion, these Panetta's remarks are for distracting the public opinion & in support of the owners of the bank's capital."

"So please stop these nonsense and just order the officials to remove the insulting video from Internet," the group said.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
PJS880
50%
50%
PJS880,
User Rank: Apprentice
10/30/2012 | 5:17:20 PM
re: U.S. Bank Hackers Promise DDoS Pause
What? Are you serious? This is absolutist the funniest thing I have read today. The hackers are taking a holiday break and not going to work for a day? Here is an idea why don't we have our cyber defense team reverse attack this group? Why are they day after day attacking sites and getting away with it? Stop this group and make a statement out of them. As far as the rest of the world is concerned how does this look toward our financial security if a group is knowingly attacking financial sites and getting away with day after day? I thought we were good let's see why we have all these security officials in place can really do anything about it. This day off would be a great day to start!

Paul Sprague
InformationWeek Contributor
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2012-0360
Published: 2014-04-23
Memory leak in Cisco IOS before 15.1(1)SY, when IKEv2 debugging is enabled, allows remote attackers to cause a denial of service (memory consumption) via crafted packets, aka Bug ID CSCtn22376.

CVE-2012-1317
Published: 2014-04-23
The multicast implementation in Cisco IOS before 15.1(1)SY allows remote attackers to cause a denial of service (Route Processor crash) by sending packets at a high rate, aka Bug ID CSCts37717.

CVE-2012-1366
Published: 2014-04-23
Cisco IOS before 15.1(1)SY on ASR 1000 devices, when Multicast Listener Discovery (MLD) tracking is enabled for IPv6, allows remote attackers to cause a denial of service (device reload) via crafted MLD packets, aka Bug ID CSCtz28544.

CVE-2012-3062
Published: 2014-04-23
Cisco IOS before 15.1(1)SY, when Multicast Listener Discovery (MLD) snooping is enabled, allows remote attackers to cause a denial of service (CPU consumption or device crash) via MLD packets on a network that contains many IPv6 hosts, aka Bug ID CSCtr88193.

CVE-2012-3918
Published: 2014-04-23
Cisco IOS before 15.3(1)T on Cisco 2900 devices, when a VWIC2-2MFT-T1/E1 card is configured for TDM/HDLC mode, allows remote attackers to cause a denial of service (serial-interface outage) via certain Frame Relay traffic, aka Bug ID CSCub13317.

Best of the Web