Attacks/Breaches
10/24/2012
11:53 AM
50%
50%

U.S. Bank Hackers Promise DDoS Pause

In the sixth week since the launch of "Operation Ababil" attacks against Wall Street banks, online post says hacktivists are taking time off for a Muslim holiday.

Muslim Hacktivists Target U.S. Banks: 8 Facts
Muslim Hacktivists Target U.S. Banks: 8 Facts
(click image for larger view and for slideshow)
After six weeks of attacks, the Muslim hacktivist group that's knocked the websites of some of Wall Street's biggest banks offline announced that it's taking a holiday.

A Tuesday Pastebin post from the Izz ad-Din al-Qassam Cyber Fighters hacktivist group said that in honor of the Muslim Eid al-Adha holiday, which in 2012 runs from the evening of Oct. 25 to the evening of Oct. 26, they're planning a break. "To commemorate this breezy and blessing day, we will stop our attack operations during the next days," according to the group's statement. "Instead, we are going to have an interview with one of the American media and press about our ideas and positions." The group then solicited offers via a provided email address (alqassamcyberfighter@myway.com).

Last week, as part of what they've dubbed "Operation Ababil," the attackers launched distributed denial of service (DDoS) attacks that disrupted the websites of BB&T, HSBC, and Capital One--the lattermost site for the second time. Before that, previous attacks by the group had disrupted the websites of many of Wall Street's biggest financial institutions, including Bank of America, JPMorgan Chase, New York Stock Exchange, Regions Financial, SunTrust, U.S. Bank, and Wells Fargo.

[ The feds are looking for new ways to keep diplomatic employees safe. See After Benghazi, State Dept. Seeks Diplomat Tracking Technologies. ]

The hacktivists reiterated that their DDoS attacks have been launched in retaliation for the "organized insulting to the Prophet of Islam done by some arrogant western governments," by which the group was referring to the YouTube release of a clip of Innocence of Muslims, a film that attacks the founder of Islam, and which has been attributed to an Egyptian-born U.S. resident who is Christian. The hacktivist group has continually called for western governments to excise the film from the Internet.

The group also repeated that it's had no part in recent wire-transfer fraud campaigns. U.S. government officials, in anonymous media interviews, have accused Iran of orchestrating the attacks, and also said they've traced the Izz ad-Din al-Qassam Cyber Fighters attacks to a group of fewer than 100 information security specialists based at Iranian universities and technology companies.

"We have already stressed that the attacks launch only to prevent banking services temporarily throughout the day & there is no stealing or handling of money in our agenda," said the Izz ad-Din al-Qassam Cyber Fighters in their Pastebin post. "So if others have done such actions we don't assume any responsibility for it. Every day we are giving a compulsive break to all employees of one of the banks & its customers."

The group also disparaged a recent speech made by Defense Secretary Leon Panetta, in which he referred to the ongoing bank website disruptions, and warned that such attacks could become the norm or easily be extended to disrupt critical infrastructure systems in the United States. In response, the Izz ad-Din al-Qassam Cyber Fighters said that "Mr. Panetta has noted in his remarks to the potential cyber threats such as attacking on Power & Water Infrastructures, running off trains from the tracks & etc. On our opinion, these Panetta's remarks are for distracting the public opinion & in support of the owners of the bank's capital."

"So please stop these nonsense and just order the officials to remove the insulting video from Internet," the group said.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
PJS880
50%
50%
PJS880,
User Rank: Ninja
10/30/2012 | 5:17:20 PM
re: U.S. Bank Hackers Promise DDoS Pause
What? Are you serious? This is absolutist the funniest thing I have read today. The hackers are taking a holiday break and not going to work for a day? Here is an idea why don't we have our cyber defense team reverse attack this group? Why are they day after day attacking sites and getting away with it? Stop this group and make a statement out of them. As far as the rest of the world is concerned how does this look toward our financial security if a group is knowingly attacking financial sites and getting away with day after day? I thought we were good let's see why we have all these security officials in place can really do anything about it. This day off would be a great day to start!

Paul Sprague
InformationWeek Contributor
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Dark Reading Tech Digest, Dec. 19, 2014
Software-defined networking can be a net plus for security. The key: Work with the network team to implement gradually, test as you go, and take the opportunity to overhaul your security strategy.
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-2208
Published: 2014-12-28
CRLF injection vulnerability in the LightProcess protocol implementation in hphp/util/light-process.cpp in Facebook HipHop Virtual Machine (HHVM) before 2.4.2 allows remote attackers to execute arbitrary commands by entering a \n (newline) character before the end of a string.

CVE-2014-2209
Published: 2014-12-28
Facebook HipHop Virtual Machine (HHVM) before 3.1.0 does not drop supplemental group memberships within hphp/util/capability.cpp and hphp/util/light-process.cpp, which allows remote attackers to bypass intended access restrictions by leveraging group permissions for a file or directory.

CVE-2014-5386
Published: 2014-12-28
The mcrypt_create_iv function in hphp/runtime/ext/mcrypt/ext_mcrypt.cpp in Facebook HipHop Virtual Machine (HHVM) before 3.3.0 does not seed the random number generator, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by leveraging the use of a single initial...

CVE-2014-6123
Published: 2014-12-28
IBM Rational AppScan Source 8.0 through 8.0.0.2 and 8.5 through 8.5.0.1 and Security AppScan Source 8.6 through 8.6.0.2, 8.7 through 8.7.0.1, 8.8, 9.0 through 9.0.0.1, and 9.0.1 allow local users to obtain sensitive credential information by reading installation logs.

CVE-2014-6160
Published: 2014-12-28
IBM WebSphere Service Registry and Repository (WSRR) 8.5 before 8.5.0.1, when Chrome and WebSEAL are used, does not properly process ServiceRegistryDashboard logout actions, which allows remote attackers to bypass intended access restrictions by leveraging an unattended workstation.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Join us Wednesday, Dec. 17 at 1 p.m. Eastern Time to hear what employers are really looking for in a chief information security officer -- it may not be what you think.