Attacks/Breaches
10/22/2012
04:52 PM
50%
50%

Who Is Hacking U.S. Banks? 8 Facts

Hackers have labeled the bank website disruptions as grassroots-level reprisal for an anti-Islamic film. But is the Iranian government really backing the attacks?
Previous
5 of 8
Next


From the first days of the online banking attacks, hacktivists claimed to be leading a grassroots protest against the Innocence of Muslims film. Notably, a Sept. 18 blog post titled, "Come and support Prophet Muhammed on the Internet," urged to people to download attack tools--with download links to file-sharing websites provided--and use them to attack the Bank of America and New York Stock Exchange websites, in support of the Cyber fighters of Izz ad-din Al qassam.

According to Atif Mushtaq, a security researcher at FireEye, the blog asks people to participate in what is clearly an Anonymous-style, distributed DDoS attack. "They are asking people to download a RAR file containing an HTML file, and run it from their desktop," said Mushtaq. It's not clear, however, if anyone has actually downloaded or run the proffered attack tools. Even if they had, furthermore, they likely would have been an insignificant addition to the attacks' success, given the use of high-bandwidth servers to overwhelm banks' existing defenses. That suggests that the attackers enjoy substantial backing, and are much more well-organized than the typical grassroots endeavor.

"A blend of attack scripts and different techniques used in each campaign is another pointer to the likelihood that multiple, well-organized groups or individuals were behind these attacks," according to Prolexic president Stuart Scholly. The company has also found evidence that at least some of the servers used by bank attackers were compromised in May 2012, suggesting that Operation Ababil may have begun long before the release of the anti-Muslim film.

RECOMMENDED READING

Iran Denies Hacking American Banks, Censors Google

PNC Bank Hit By Crowdsourced Hacktivist Attacks

Bank Site Attacks Trigger Ongoing Outages, Customer Anger

Bank Hacks: 7 Misunderstood Facts

Hackers Launch New Wave Of U.S. Bank Attacks

U.S. Bank Hacks Expand; Regions Financial Hit

Bank Hacks: Iran Blame Game Intensifies

DOD: Hackers Breached U.S. Critical Infrastructure Control Systems

Previous
5 of 8
Next
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Leo Regulus
50%
50%
Leo Regulus,
User Rank: Apprentice
10/24/2012 | 4:52:32 PM
re: Who Is Hacking U.S. Banks? 8 Facts
Very disappointed in Editor's choice of article format. This has been extensively discussed in the past.
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Five Emerging Security Threats - And What You Can Learn From Them
At Black Hat USA, researchers unveiled some nasty vulnerabilities. Is your organization ready?
Flash Poll
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-7445
Published: 2015-10-15
The Direct Rendering Manager (DRM) subsystem in the Linux kernel through 4.x mishandles requests for Graphics Execution Manager (GEM) objects, which allows context-dependent attackers to cause a denial of service (memory consumption) via an application that processes graphics data, as demonstrated b...

CVE-2015-4948
Published: 2015-10-15
netstat in IBM AIX 5.3, 6.1, and 7.1 and VIOS 2.2.x, when a fibre channel adapter is used, allows local users to gain privileges via unspecified vectors.

CVE-2015-5660
Published: 2015-10-15
Cross-site request forgery (CSRF) vulnerability in eXtplorer before 2.1.8 allows remote attackers to hijack the authentication of arbitrary users for requests that execute PHP code.

CVE-2015-6003
Published: 2015-10-15
Directory traversal vulnerability in QNAP QTS before 4.1.4 build 0910 and 4.2.x before 4.2.0 RC2 build 0910, when AFP is enabled, allows remote attackers to read or write to arbitrary files by leveraging access to an OS X (1) user or (2) guest account.

CVE-2015-6333
Published: 2015-10-15
Cisco Application Policy Infrastructure Controller (APIC) 1.1j allows local users to gain privileges via vectors involving addition of an SSH key, aka Bug ID CSCuw46076.

Dark Reading Radio
Archived Dark Reading Radio
Join Dark Reading community editor Marilyn Cohodas and her guest, David Shearer, (ISC)2 Chief Executive Officer, as they discuss issues that keep IT security professionals up at night, including results from the recent 2016 Black Hat Attendee Survey.