Attacks/Breaches
10/22/2012
04:52 PM
Connect Directly
RSS
E-Mail
50%
50%

Who Is Hacking U.S. Banks? 8 Facts

Hackers have labeled the bank website disruptions as grassroots-level reprisal for an anti-Islamic film. But is the Iranian government really backing the attacks?
Previous
5 of 8
Next


From the first days of the online banking attacks, hacktivists claimed to be leading a grassroots protest against the Innocence of Muslims film. Notably, a Sept. 18 blog post titled, "Come and support Prophet Muhammed on the Internet," urged to people to download attack tools--with download links to file-sharing websites provided--and use them to attack the Bank of America and New York Stock Exchange websites, in support of the Cyber fighters of Izz ad-din Al qassam.

According to Atif Mushtaq, a security researcher at FireEye, the blog asks people to participate in what is clearly an Anonymous-style, distributed DDoS attack. "They are asking people to download a RAR file containing an HTML file, and run it from their desktop," said Mushtaq. It's not clear, however, if anyone has actually downloaded or run the proffered attack tools. Even if they had, furthermore, they likely would have been an insignificant addition to the attacks' success, given the use of high-bandwidth servers to overwhelm banks' existing defenses. That suggests that the attackers enjoy substantial backing, and are much more well-organized than the typical grassroots endeavor.

"A blend of attack scripts and different techniques used in each campaign is another pointer to the likelihood that multiple, well-organized groups or individuals were behind these attacks," according to Prolexic president Stuart Scholly. The company has also found evidence that at least some of the servers used by bank attackers were compromised in May 2012, suggesting that Operation Ababil may have begun long before the release of the anti-Muslim film.

RECOMMENDED READING

Iran Denies Hacking American Banks, Censors Google

PNC Bank Hit By Crowdsourced Hacktivist Attacks

Bank Site Attacks Trigger Ongoing Outages, Customer Anger

Bank Hacks: 7 Misunderstood Facts

Hackers Launch New Wave Of U.S. Bank Attacks

U.S. Bank Hacks Expand; Regions Financial Hit

Bank Hacks: Iran Blame Game Intensifies

DOD: Hackers Breached U.S. Critical Infrastructure Control Systems

Previous
5 of 8
Next
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Leo Regulus
50%
50%
Leo Regulus,
User Rank: Apprentice
10/24/2012 | 4:52:32 PM
re: Who Is Hacking U.S. Banks? 8 Facts
Very disappointed in Editor's choice of article format. This has been extensively discussed in the past.
Register for Dark Reading Newsletters
Partner Perspectives
What's This?
In a digital world inundated with advanced security threats, Intel Security seeks to transform how we live and work to keep our information secure. Through hardware and software development, Intel Security delivers robust solutions that integrate security into every layer of every digital device. In combining the security expertise of McAfee with the innovation, performance, and trust of Intel, this vision becomes a reality.

As we rely on technology to enhance our everyday and business life, we must too consider the security of the intellectual property and confidential data that is housed on these devices. As we increase the number of devices we use, we increase the number of gateways and opportunity for security threats. Intel Security takes the “security connected” approach to ensure that every device is secure, and that all security solutions are seamlessly integrated.
Featured Writers
White Papers
Cartoon
Current Issue
Dark Reading's October Tech Digest
Fast data analysis can stymie attacks and strengthen enterprise security. Does your team have the data smarts?
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-7052
Published: 2014-10-19
The sahab-alkher.com (aka com.tapatalk.sahabalkhercomvb) application 2.4.9.7 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

CVE-2014-7056
Published: 2014-10-19
The Yeast Infection (aka com.wyeastinfectionapp) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

CVE-2014-7070
Published: 2014-10-19
The Air War Hero (aka com.dev.airwar) application 3.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

CVE-2014-7075
Published: 2014-10-19
The HAPPY (aka com.tw.knowhowdesign.sinfonghuei) application 2.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

CVE-2014-7079
Published: 2014-10-19
The Romeo and Juliet (aka jp.co.cybird.appli.android.rjs) application 1.0.6 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Follow Dark Reading editors into the field as they talk with noted experts from the security world.