Attacks/Breaches
10/22/2012
04:52 PM
50%
50%

Who Is Hacking U.S. Banks? 8 Facts

Hackers have labeled the bank website disruptions as grassroots-level reprisal for an anti-Islamic film. But is the Iranian government really backing the attacks?
Previous
5 of 8
Next


From the first days of the online banking attacks, hacktivists claimed to be leading a grassroots protest against the Innocence of Muslims film. Notably, a Sept. 18 blog post titled, "Come and support Prophet Muhammed on the Internet," urged to people to download attack tools--with download links to file-sharing websites provided--and use them to attack the Bank of America and New York Stock Exchange websites, in support of the Cyber fighters of Izz ad-din Al qassam.

According to Atif Mushtaq, a security researcher at FireEye, the blog asks people to participate in what is clearly an Anonymous-style, distributed DDoS attack. "They are asking people to download a RAR file containing an HTML file, and run it from their desktop," said Mushtaq. It's not clear, however, if anyone has actually downloaded or run the proffered attack tools. Even if they had, furthermore, they likely would have been an insignificant addition to the attacks' success, given the use of high-bandwidth servers to overwhelm banks' existing defenses. That suggests that the attackers enjoy substantial backing, and are much more well-organized than the typical grassroots endeavor.

"A blend of attack scripts and different techniques used in each campaign is another pointer to the likelihood that multiple, well-organized groups or individuals were behind these attacks," according to Prolexic president Stuart Scholly. The company has also found evidence that at least some of the servers used by bank attackers were compromised in May 2012, suggesting that Operation Ababil may have begun long before the release of the anti-Muslim film.

RECOMMENDED READING

Iran Denies Hacking American Banks, Censors Google

PNC Bank Hit By Crowdsourced Hacktivist Attacks

Bank Site Attacks Trigger Ongoing Outages, Customer Anger

Bank Hacks: 7 Misunderstood Facts

Hackers Launch New Wave Of U.S. Bank Attacks

U.S. Bank Hacks Expand; Regions Financial Hit

Bank Hacks: Iran Blame Game Intensifies

DOD: Hackers Breached U.S. Critical Infrastructure Control Systems

Previous
5 of 8
Next
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Leo Regulus
50%
50%
Leo Regulus,
User Rank: Apprentice
10/24/2012 | 4:52:32 PM
re: Who Is Hacking U.S. Banks? 8 Facts
Very disappointed in Editor's choice of article format. This has been extensively discussed in the past.
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-7912
Published: 2015-07-29
The get_option function in dhcp.c in dhcpcd before 6.2.0, as used in dhcpcd 5.x in Android before 5.1 and other products, does not validate the relationship between length fields and the amount of data, which allows remote DHCP servers to execute arbitrary code or cause a denial of service (memory c...

CVE-2014-7913
Published: 2015-07-29
The print_option function in dhcp-common.c in dhcpcd through 6.9.1, as used in dhcp.c in dhcpcd 5.x in Android before 5.1 and other products, misinterprets the return value of the snprintf function, which allows remote DHCP servers to execute arbitrary code or cause a denial of service (memory corru...

CVE-2015-2977
Published: 2015-07-29
Webservice-DIC yoyaku_v41 allows remote attackers to create arbitrary files, and consequently execute arbitrary code, via unspecified vectors.

CVE-2015-2978
Published: 2015-07-29
Webservice-DIC yoyaku_v41 allows remote attackers to bypass authentication and complete a conference-room reservation via unspecified vectors, as demonstrated by an "unintentional reservation."

CVE-2015-2979
Published: 2015-07-29
Webservice-DIC yoyaku_v41 allows remote attackers to execute arbitrary OS commands via unspecified vectors.

Dark Reading Radio
Archived Dark Reading Radio
What’s the future of the venerable firewall? We’ve invited two security industry leaders to make their case: Join us and bring your questions and opinions!