Attacks/Breaches
10/22/2012
04:52 PM
Connect Directly
RSS
E-Mail
50%
50%
Repost This

Who Is Hacking U.S. Banks? 8 Facts

Hackers have labeled the bank website disruptions as grassroots-level reprisal for an anti-Islamic film. But is the Iranian government really backing the attacks?
Previous
5 of 8
Next


From the first days of the online banking attacks, hacktivists claimed to be leading a grassroots protest against the Innocence of Muslims film. Notably, a Sept. 18 blog post titled, "Come and support Prophet Muhammed on the Internet," urged to people to download attack tools--with download links to file-sharing websites provided--and use them to attack the Bank of America and New York Stock Exchange websites, in support of the Cyber fighters of Izz ad-din Al qassam.

According to Atif Mushtaq, a security researcher at FireEye, the blog asks people to participate in what is clearly an Anonymous-style, distributed DDoS attack. "They are asking people to download a RAR file containing an HTML file, and run it from their desktop," said Mushtaq. It's not clear, however, if anyone has actually downloaded or run the proffered attack tools. Even if they had, furthermore, they likely would have been an insignificant addition to the attacks' success, given the use of high-bandwidth servers to overwhelm banks' existing defenses. That suggests that the attackers enjoy substantial backing, and are much more well-organized than the typical grassroots endeavor.

"A blend of attack scripts and different techniques used in each campaign is another pointer to the likelihood that multiple, well-organized groups or individuals were behind these attacks," according to Prolexic president Stuart Scholly. The company has also found evidence that at least some of the servers used by bank attackers were compromised in May 2012, suggesting that Operation Ababil may have begun long before the release of the anti-Muslim film.

RECOMMENDED READING

Iran Denies Hacking American Banks, Censors Google

PNC Bank Hit By Crowdsourced Hacktivist Attacks

Bank Site Attacks Trigger Ongoing Outages, Customer Anger

Bank Hacks: 7 Misunderstood Facts

Hackers Launch New Wave Of U.S. Bank Attacks

U.S. Bank Hacks Expand; Regions Financial Hit

Bank Hacks: Iran Blame Game Intensifies

DOD: Hackers Breached U.S. Critical Infrastructure Control Systems

Previous
5 of 8
Next
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Leo Regulus
50%
50%
Leo Regulus,
User Rank: Apprentice
10/24/2012 | 4:52:32 PM
re: Who Is Hacking U.S. Banks? 8 Facts
Very disappointed in Editor's choice of article format. This has been extensively discussed in the past.
Register for Dark Reading Newsletters
White Papers
Flash Poll
Current Issue
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2011-0460
Published: 2014-04-16
The init script in kbd, possibly 1.14.1 and earlier, allows local users to overwrite arbitrary files via a symlink attack on /dev/shm/defkeymap.map.

CVE-2011-0993
Published: 2014-04-16
SUSE Lifecycle Management Server before 1.1 uses world readable postgres credentials, which allows local users to obtain sensitive information via unspecified vectors.

CVE-2011-3180
Published: 2014-04-16
kiwi before 4.98.08, as used in SUSE Studio Onsite 1.2 before 1.2.1 and SUSE Studio Extension for System z 1.2 before 1.2.1, allows attackers to execute arbitrary commands via shell metacharacters in the path of an overlay file, related to chown.

CVE-2011-4089
Published: 2014-04-16
The bzexe command in bzip2 1.0.5 and earlier generates compressed executables that do not properly handle temporary files during extraction, which allows local users to execute arbitrary code by precreating a temporary directory.

CVE-2011-4192
Published: 2014-04-16
kiwi before 4.85.1, as used in SUSE Studio Onsite 1.2 before 1.2.1 and SUSE Studio Extension for System z 1.2 before 1.2.1, allows attackers to execute arbitrary commands as demonstrated by "double quotes in kiwi_oemtitle of .profile."

Best of the Web