Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Attacks/Breaches

Muslim Hacktivists Take Credit For U.S. Bank Attack

A hacktivist group is apparently following through on its vow to attack financial institutions in retaliation for anti-Muslim film.

Muslim hacktivists are apparently following through on their promise to disrupt a number of financial services websites, with U.S. Bank being the most recent target.

A spokeswoman for U.S. Bancorp, which operates U.S. Bank, confirmed that its site had been attacked Wednesday. "The attacks yesterday caused intermittent delays for some consumers visiting our website, but neither our website nor our mobile application were offline at any time. In addition, we can assure customers that their data and funds are secure," she said.

She also emphasized that while website access was intermittent, no customer data or funds had been compromised. "These issues are related to unusual and coordinated high traffic volume designed to slow down the system--similar to what other banks have experienced in the past week. We are working closely with federal law enforcement officials to address the issue," she said.

Security researcher Atif Mushtaq at FireEye, told PC Advisor that the U.S. Bank website had been subjected to a distributed denial-of-service (DDoS) attack involving hundreds of thousands of computers.

The attack against U.S. Bank follows an apparent, similar attack Tuesday against Wells Fargo, which likewise apologized via Twitter to its customers. "We apologize to customers who may be experiencing limited access to @wellsfargo.com & online banking. We are working to quickly ... resolve this issue. Customers can still access their accounts through our ATMs, stores, and by phone," it said.

[ Could an international agreement forestall U.S. cyber warfare with other countries? The Case For A Cyber Arms Treaty. ]

By Thursday, Wells Fargo appeared to have resolved any website disruption issues. "Customers can access their accounts through the online and mobile channels. We appreciate our customers’ patience and apologize for any inconvenience," said spokeswoman Sara Hawkins via email. But she declined to answer questions about whether the bank had ascribed the slowdown to an external attack, and if so, where the attack traffic originated.

But a hacktivist group calling itself the "Cyber fighters of Izz ad-din Al qassam" announced Tuesday via a now-deleted Pastebin post that it would be attacking the two websites, as part of its ongoing "Operation Ababil," which began last week with attacks against both the Bank of America and JPMorgan Chase websites, both of which experienced periodic outages. According to the hacktivist group, the attacks are in retaliation for the release of the Innocence of Muslims film that mocks the founder of Islam, and which has triggered numerous riots across the Middle East.

In the group's Tuesday Pastebin, it promised to "attack for 8 hours daily, starting at 2:30 PM GMT," the Wells Fargo website Tuesday, the U.S. Bank website Wednesday, and the PNC Financial Services group website Thursday, and suggested that customers attempt to perform any required website banking outside those hours. The hacktivist group also threatened that "if America's arrogant government do not submit"--it didn't define what that means--it will extend its attacks to "other evil countries" such as Israel, France, and the United Kingdom.

While the Cyber fighters of Izz ad-din Al qassam group has taken credit for the recent attacks against banks, former U.S. government officials, speaking anonymously, have blamed the Iranian government for the attacks, saying that similar DDoS attacks have been against U.S. financial institutions' websites for the past year by Iran. Likewise, Sen. Joseph I. Lieberman (I-Conn.), who chairs the Homeland Security and Governmental Affairs Committee, has also blamed Iran for the most recent attacks, though as yet offered no evidence to substantiate that claim.

In response to that criticism, a senior Iranian official this week strongly denied that his government had anything to do with the recent banking website attacks, or any attacks against U.S. financial institutions, and instead suggested that the allegations were meant to provide justification for the United States having launched its own online attacks against Iran.

Iranian government backing or no, the Cyber fighters of Izz ad-din Al qassam apparently isn't the only organization that's taken to targeting websites in retaliation for Innocence of Muslims. The Pakistan Cyber Army also said that it's begun an online protest campaign, with member Sizzling Soul announcing Sunday via Pastebin that he'd defaced over 80 websites to date. While the list includes numerous small businesses, Sizzling Soul also claims to have defaced websites run by the U.S. Department of Agriculture, Bank of America, and New York Stock Exchange, as well as websites for Angry Birds and Persia Bank in London. As of late Thursday morning, the Persia Bank website remained defaced with Pakistan Cyber Army and Sizzling Soul graphics, as well as a reprint of a Pastebin post from Sizzling Soul that reads in part: "You Are Provoking The Anger Of PeaceFull Muslims! / Stop This / Otherwise You WOn't Be Able To Stop Us."

On a similar note, hacktivist Rude Thunder Saturday claimed via Pastebin to have hacked 104 websites, including a British home and garden website, as well as numerous betting and poker-related sites, "to share our message." As the choice of targets, per the hacktivist norm, reads like a random list of websites, rather than a concentrated attack against financial services companies--as in the case of the Cyber fighters of Izz ad-din Al qassam--it suggests that the Pakistan Cyber Army and Rude Thunder are likely using automated vulnerability testing tools to search for, and exploit, any website servers running software with known vulnerabilities.

 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Threaded  |  Newest First  |  Oldest First
Tom P
50%
50%
Tom P,
User Rank: Apprentice
9/27/2012 | 5:39:05 PM
re: Muslim Hacktivists Take Credit For U.S. Bank Attack
They're hitting PNC bank today (9/27).
Bob Gill
50%
50%
Bob Gill,
User Rank: Apprentice
9/27/2012 | 7:37:47 PM
re: Muslim Hacktivists Take Credit For U.S. Bank Attack
I admit I don't get it. I was born in the USA and I'm not Muslim.

By the hackers way of thinking, can I fire bomb some buildings in Pakistan. I'm justified because some Pakistani attacked a bank in the USA - even though the Pakistani building occupants had nothing to do with this.

If some guy says a bad word about Islam, why is it that Imans think the entire country where that guy lives should be destroyed? Strangely, the USA guy is from Egypt so why aren't they destroying Egypt?
moarsauce123
50%
50%
moarsauce123,
User Rank: Ninja
9/28/2012 | 12:00:25 PM
re: Muslim Hacktivists Take Credit For U.S. Bank Attack
The 9/11 attackers where mainly from Saudi-Arabia and Egypt. Also, most of the funding came from Saudi-Arabia, but the US government at that time decided to bomb Iraq and Afghanistan back into the stone age. There is a lot of ridiculous stupidity on all sides.
AustinIT
50%
50%
AustinIT,
User Rank: Apprentice
9/28/2012 | 1:15:43 PM
re: Muslim Hacktivists Take Credit For U.S. Bank Attack
It matters little what the country of origin is for a bad actor. Surely you don't think that the LA creator of the anti-muslim video speaks for the entire US (or that we all support him) do you?

It's true that the 911 criminals were mainly Saudi. However, they were living and training in Afghanistan under the protection of the Taliban... an equally despicable bunch. I think it was the right call to take that group out.

Iraq, on the other hand, was the culmination of both a personal vendetta ala the Bush family as well as Cheney and his cronies milking billions for their military industrial complex connections.That one definitely meets your ridiculous stupidity test.
COVID-19: Latest Security News & Commentary
Dark Reading Staff 8/3/2020
'BootHole' Vulnerability Exposes Secure Boot Devices to Attack
Kelly Sheridan, Staff Editor, Dark Reading,  7/29/2020
Out-of-Date and Unsupported Cloud Workloads Continue as a Common Weakness
Robert Lemos, Contributing Writer,  7/28/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Special Report: Computing's New Normal, a Dark Reading Perspective
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
The Threat from the Internetand What Your Organization Can Do About It
The Threat from the Internetand What Your Organization Can Do About It
This report describes some of the latest attacks and threats emanating from the Internet, as well as advice and tips on how your organization can mitigate those threats before they affect your business. Download it today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-14310
PUBLISHED: 2020-07-31
There is an issue on grub2 before version 2.06 at function read_section_as_string(). It expects a font name to be at max UINT32_MAX - 1 length in bytes but it doesn't verify it before proceed with buffer allocation to read the value from the font value. An attacker may leverage that by crafting a ma...
CVE-2020-14311
PUBLISHED: 2020-07-31
There is an issue with grub2 before version 2.06 while handling symlink on ext filesystems. A filesystem containing a symbolic link with an inode size of UINT32_MAX causes an arithmetic overflow leading to a zero-sized memory allocation with subsequent heap-based buffer overflow.
CVE-2020-5413
PUBLISHED: 2020-07-31
Spring Integration framework provides Kryo Codec implementations as an alternative for Java (de)serialization. When Kryo is configured with default options, all unregistered classes are resolved on demand. This leads to the "deserialization gadgets" exploit when provided data contains mali...
CVE-2020-5414
PUBLISHED: 2020-07-31
VMware Tanzu Application Service for VMs (2.7.x versions prior to 2.7.19, 2.8.x versions prior to 2.8.13, and 2.9.x versions prior to 2.9.7) contains an App Autoscaler that logs the UAA admin password. This credential is redacted on VMware Tanzu Operations Manager; however, the unredacted logs are a...
CVE-2019-11286
PUBLISHED: 2020-07-31
VMware GemFire versions prior to 9.10.0, 9.9.1, 9.8.5, and 9.7.5, and VMware Tanzu GemFire for VMs versions prior to 1.11.0, 1.10.1, 1.9.2, and 1.8.2, contain a JMX service available to the network which does not properly restrict input. A remote authenticated malicious user may request against the ...