Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Attacks/Breaches

Bank Attackers Promise To Resume DDoS Takedowns

Silent for six weeks, the Cyber fighters of Izz ad-din Al qassam hacktivist group have promised to resume targeting banks, in protest of a movie that mocks the founder of Islam.

Who Is Hacking U.S. Banks? 8 Facts
Who Is Hacking U.S. Banks? 8 Facts
(click image for larger view and for slideshow)
The U.S. bank attackers are back.

The hacktivist group calling itself the Cyber fighters of Izz ad-din Al qassam this week broke six weeks of silence to announce the second phase of its Operation Ababil distributed denial of service (DDoS) attacks against banks.

"The goals under attacks of this week are including: U.S. Bancorp, JPMorgan Chase&co, Bank of America, PNC Financial Fervices (sic) Group, SunTrust Banks, Inc.," said a post uploaded Monday to the group's Pastebin account.

In the previous attacks, which stretched for more than a month, the attackers disrupted the websites of some of Wall Street's biggest financial institutions, including Bank of America, BB&T, JPMorgan Chase, Capital One, HSBC, New York Stock Exchange, Regions Financial, SunTrust, U.S. Bank and Wells Fargo. Despite the attackers previewing the sites to be attacked, as well as the days and times, the bank websites seemed unable to handle the sheer scale of the attacks.

[ Read Hackers Rob $400,000 From Washington Town. ]

The attackers have promised more of the same, and then some. "In new phase, the wideness and the number of attacks will increase explicitly; and offenders and subsequently their governmental supporters will not be able to imagine and forecast the widespread and greatness of these attacks," the group claimed in its post.

According to the Sitedown website, which tracks website outages, Bank of America Tuesday appeared to begin suffering an unusual number of sites outages, with many customers reporting that the bank's website had been unreachable for hours, if not days. Likewise, customers of the PNC Financial Services Group Tuesday began reporting difficulties accessing that website.

Fred Solomon, VP of corporate communications for PNC, said via email that the bank's customers have recently experienced some disruptions. "PNC customers experienced slower access to online banking on Tuesday and Wednesday due to an unusual volume of electronic traffic at our Internet connection," he said. But he declined to comment on whether that traffic had been caused by DDoS attacks.

Bank of America spokesman Mark T. Pipitone said via email that the bank's website is operating normally. "We have experienced no outages. We’re aware of the reports of possible cyberattacks and we’re monitoring our systems, which are fully operational," he said.

A U.S. Bancorp spokesman didn't immediately respond to an emailed request for comment on the hacktivist threat, or whether it has seen DDoS attacks against its websites increase this week. When asked similar questions, meanwhile, a spokesman for JPMorgan Chase, reached by phone, declined to comment, as did a spokesman for SunTrust Bank, via email.

The bank attackers made their last attack-related pronouncement in October, when they announced that they'd be pausing their attacks in honor of the Muslim Eid al-Adha holiday, which in 2012 ran from the evening of Oct. 25 to the evening of Oct. 26. Since then, the attackers appear to have conducted interviews with multiple media outlets, one of which was apparently reprinted by private intelligence firm Flashpoint Partners.

In their Monday Pastebin post, the bank attackers said they were restarting their attack campaign for the same reason as they'd begun it: To protest the Innocence of the Muslims film that mocks the founder of Islam. A 14-minute clip of the film was earlier this year uploaded to YouTube by its director, who resides in the United States, and it reportedly sparked a number of riots across the Middle East.

U.S. officials have blamed the Iranian government for sponsoring the DDoS attacks against U.S. banks. But the Cyber fighters of Izz ad-din Al qassam have disputed having ties with any government, and hinted that its members hail from multiple countries.

The group reiterated that assertion in its Monday Pastebin post, in which it reprinted in full the answers it said it had provided to American Banker, amongst other media outlets. "No government or organization is sponsoring us and we do not wait for any sponsor as well," said the group.

Note: Story updated to add Bank of America statement.

Stay ahead of the eCommerce technology curve. Watch our webcast, Next Generation e-Commerce Strategies for B2B Sales and Marketing, to learn the strategies and tactics you can use to more efficiently give your clients what they want, keep them happy and increase sales. Register now.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Deirdre Blake
50%
50%
Deirdre Blake,
User Rank: Apprentice
12/14/2012 | 4:48:12 PM
re: Bank Attackers Promise To Resume DDoS Takedowns
Just in time for the holidays!
GitHub Named in Capital One Breach Lawsuit
Dark Reading Staff 8/14/2019
The Mainframe Is Seeing a Resurgence. Is Security Keeping Pace?
Ray Overby, Co-Founder & President at Key Resources, Inc.,  8/15/2019
The Flaw in Vulnerability Management: It's Time to Get Real
Jim Souders, Chief Executive Officer at Adaptiva,  8/15/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
7 Threats & Disruptive Forces Changing the Face of Cybersecurity
This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
Flash Poll
The State of IT Operations and Cybersecurity Operations
The State of IT Operations and Cybersecurity Operations
Your enterprise's cyber risk may depend upon the relationship between the IT team and the security team. Heres some insight on what's working and what isn't in the data center.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-5034
PUBLISHED: 2019-08-20
An exploitable information disclosure vulnerability exists in the Weave Legacy Pairing functionality of Nest Cam IQ Indoor version 4620002. A set of specially crafted weave packets can cause an out of bounds read, resulting in information disclosure. An attacker can send packets to trigger this vuln...
CVE-2019-5035
PUBLISHED: 2019-08-20
An exploitable information disclosure vulnerability exists in the Weave PASE pairing functionality of the Nest Cam IQ Indoor, version 4620002. A set of specially crafted weave packets can brute force a pairing code, resulting in greater Weave access and potentially full device control. An attacker c...
CVE-2019-5036
PUBLISHED: 2019-08-20
An exploitable denial-of-service vulnerability exists in the Weave error reporting functionality of the Nest Cam IQ Indoor, version 4620002. A specially crafted weave packets can cause an arbitrary Weave Exchange Session to close, resulting in a denial of service. An attacker can send a specially cr...
CVE-2019-8103
PUBLISHED: 2019-08-20
Adobe Acrobat and Reader versions, 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2017.011.30142 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have an out-of-bounds read vulnerability. Successful exploitation ...
CVE-2019-8104
PUBLISHED: 2019-08-20
Adobe Acrobat and Reader versions, 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2017.011.30142 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have an out-of-bounds read vulnerability. Successful exploitation ...