Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Attacks/Breaches

Bank Attackers Promise To Resume DDoS Takedowns

Silent for six weeks, the Cyber fighters of Izz ad-din Al qassam hacktivist group have promised to resume targeting banks, in protest of a movie that mocks the founder of Islam.

Who Is Hacking U.S. Banks? 8 Facts
Who Is Hacking U.S. Banks? 8 Facts
(click image for larger view and for slideshow)
The U.S. bank attackers are back.

The hacktivist group calling itself the Cyber fighters of Izz ad-din Al qassam this week broke six weeks of silence to announce the second phase of its Operation Ababil distributed denial of service (DDoS) attacks against banks.

"The goals under attacks of this week are including: U.S. Bancorp, JPMorgan Chase&co, Bank of America, PNC Financial Fervices (sic) Group, SunTrust Banks, Inc.," said a post uploaded Monday to the group's Pastebin account.

In the previous attacks, which stretched for more than a month, the attackers disrupted the websites of some of Wall Street's biggest financial institutions, including Bank of America, BB&T, JPMorgan Chase, Capital One, HSBC, New York Stock Exchange, Regions Financial, SunTrust, U.S. Bank and Wells Fargo. Despite the attackers previewing the sites to be attacked, as well as the days and times, the bank websites seemed unable to handle the sheer scale of the attacks.

[ Read Hackers Rob $400,000 From Washington Town. ]

The attackers have promised more of the same, and then some. "In new phase, the wideness and the number of attacks will increase explicitly; and offenders and subsequently their governmental supporters will not be able to imagine and forecast the widespread and greatness of these attacks," the group claimed in its post.

According to the Sitedown website, which tracks website outages, Bank of America Tuesday appeared to begin suffering an unusual number of sites outages, with many customers reporting that the bank's website had been unreachable for hours, if not days. Likewise, customers of the PNC Financial Services Group Tuesday began reporting difficulties accessing that website.

Fred Solomon, VP of corporate communications for PNC, said via email that the bank's customers have recently experienced some disruptions. "PNC customers experienced slower access to online banking on Tuesday and Wednesday due to an unusual volume of electronic traffic at our Internet connection," he said. But he declined to comment on whether that traffic had been caused by DDoS attacks.

Bank of America spokesman Mark T. Pipitone said via email that the bank's website is operating normally. "We have experienced no outages. We’re aware of the reports of possible cyberattacks and we’re monitoring our systems, which are fully operational," he said.

A U.S. Bancorp spokesman didn't immediately respond to an emailed request for comment on the hacktivist threat, or whether it has seen DDoS attacks against its websites increase this week. When asked similar questions, meanwhile, a spokesman for JPMorgan Chase, reached by phone, declined to comment, as did a spokesman for SunTrust Bank, via email.

The bank attackers made their last attack-related pronouncement in October, when they announced that they'd be pausing their attacks in honor of the Muslim Eid al-Adha holiday, which in 2012 ran from the evening of Oct. 25 to the evening of Oct. 26. Since then, the attackers appear to have conducted interviews with multiple media outlets, one of which was apparently reprinted by private intelligence firm Flashpoint Partners.

In their Monday Pastebin post, the bank attackers said they were restarting their attack campaign for the same reason as they'd begun it: To protest the Innocence of the Muslims film that mocks the founder of Islam. A 14-minute clip of the film was earlier this year uploaded to YouTube by its director, who resides in the United States, and it reportedly sparked a number of riots across the Middle East.

U.S. officials have blamed the Iranian government for sponsoring the DDoS attacks against U.S. banks. But the Cyber fighters of Izz ad-din Al qassam have disputed having ties with any government, and hinted that its members hail from multiple countries.

The group reiterated that assertion in its Monday Pastebin post, in which it reprinted in full the answers it said it had provided to American Banker, amongst other media outlets. "No government or organization is sponsoring us and we do not wait for any sponsor as well," said the group.

Note: Story updated to add Bank of America statement.

Stay ahead of the eCommerce technology curve. Watch our webcast, Next Generation e-Commerce Strategies for B2B Sales and Marketing, to learn the strategies and tactics you can use to more efficiently give your clients what they want, keep them happy and increase sales. Register now.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Deirdre Blake
50%
50%
Deirdre Blake,
User Rank: Apprentice
12/14/2012 | 4:48:12 PM
re: Bank Attackers Promise To Resume DDoS Takedowns
Just in time for the holidays!
Data Privacy Protections for the Most Vulnerable -- Children
Dimitri Sirota, Founder & CEO of BigID,  10/17/2019
Sodinokibi Ransomware: Where Attackers' Money Goes
Kelly Sheridan, Staff Editor, Dark Reading,  10/15/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
7 Threats & Disruptive Forces Changing the Face of Cybersecurity
This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
Flash Poll
2019 Online Malware and Threats
2019 Online Malware and Threats
As cyberattacks become more frequent and more sophisticated, enterprise security teams are under unprecedented pressure to respond. Is your organization ready?
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-18214
PUBLISHED: 2019-10-19
The Video_Converter app 0.1.0 for Nextcloud allows denial of service (CPU and memory consumption) via multiple concurrent conversions because many FFmpeg processes may be running at once. (The workload is not queued for serial execution.)
CVE-2019-18202
PUBLISHED: 2019-10-19
Information Disclosure is possible on WAGO Series PFC100 and PFC200 devices before FW12 due to improper access control. A remote attacker can check for the existence of paths and file names via crafted HTTP requests.
CVE-2019-18209
PUBLISHED: 2019-10-19
templates/pad.html in Etherpad-Lite 1.7.5 has XSS when the browser does not encode the path of the URL, as demonstrated by Internet Explorer.
CVE-2019-18198
PUBLISHED: 2019-10-18
In the Linux kernel before 5.3.4, a reference count usage error in the fib6_rule_suppress() function in the fib6 suppression feature of net/ipv6/fib6_rules.c, when handling the FIB_LOOKUP_NOREF flag, can be exploited by a local attacker to corrupt memory, aka CID-ca7a03c41753.
CVE-2019-18197
PUBLISHED: 2019-10-18
In xsltCopyText in transform.c in libxslt 1.1.33, a pointer variable isn't reset under certain circumstances. If the relevant memory area happened to be freed and reused in a certain way, a bounds check could fail and memory outside a buffer could be written to, or uninitialized data could be disclo...