The attacks were carried out under the banner of "Operation Ababil," which last week disrupted the websites of Bank of America and JPMorgan Chase. This week's banking attacks--against Wells Fargo Tuesday, U.S. Bank Wednesday, and PNC Bank Thursday--had been previewed in a Pastebin post uploaded by a hacktivist group calling itself Cyber fighters of Izz ad-din Al qassam.
Likewise, a Thursday post to the Hilf-Ol-Fozoul blog--which has promoted Operation Ababil and shared links to distributed denial-of-service (DDoS) tools--credited the Cyber fighters of Izz ad-din Al qassam with having organized the recent banking website attacks.
[ Could an international agreement stop international cyber warfare? The Case For A Cyber Arms Treaty. ]
PNC didn't immediately respond to an emailed request for comment about the attacks. But PNC spokesman Fred Solomon told Threatpost Thursday that "traffic to our sites is heavy today and it's of a similar pattern to that seen by other banks of late."
The Cyber fighters of Izz ad-din Al qassam have said that the attacks against U.S. financial services websites are being launched in retaliation for the release of the Innocence of Muslims film that mocks the founder of Islam. A 14-minute clip of the film, uploaded to YouTube by its director, a man going by the name Sam Bacile, helped trigger numerous riots across the Middle East.
But former U.S. government officials, speaking anonymously, have accused the Iranian government of being behind the attacks against financial institutions, which they said began about a year ago. The Iranian government, however, has denied any involvement.
Meanwhile, Dmitri Alperovich, CTO of security firm CrowdStrike, doesn't think the attacks are just about protesting online, not least because the name of the group involved is the same as the military branch of Hamas. "I don't buy that their motivation is in response to the video; this group has been carrying out attacks for months," he told Threatpost. "Their motivation is to send a message that this is what they're capable of."
Regardless of whoever's organizing the financial website DDoS attacks, the campaign appears to be crowdsourced and receiving grassroots-level support, according to Atif Mushtaq, a security researcher at FireEye. "When I heard about this DDoS, the first things I wanted to find was the nature of the DDoS attack," said Mushtaq via email. "Like, is it being done using some botnet, or is it a community based action? If it is being done using some botnet, then who is operating this botnet--is it a simple 'pay for DDOS' scenario where attacker(s) rent a botnet to attack someone, or [have] attackers built their own botnet?"
According to Mushtaq, "it's most likely a community-based action, not a botnet," based in part on a September 18 post on the blog titled "Come and support Prophet Muhammed on the Internet," which urged to people to download attack tools--via included file-sharing websites--and use them to attack the Bank of America and New York Stock Exchange websites, in support of the Cyber fighters of Izz ad-din Al qassam. "They are asking people to download a RAR file containing an HTML file, and run it from their desktop," said Mushtaq. "From this point onwards DDoS will be handled by these scripts alone."
If protesting online is the goal of the attacks, what might convince the hacktivists involved to wrap up their campaign? A post to the Hilf-Ol-Fozoul blog called on U.S. authorities to "punish the cast and crew, the publisher included," of Innocence of Muslims film, at which time it said "this story will end."
The U.S. government has already been moving to distance itself from the film. Earlier this week, in an address to the United Nations General Assembly, President Barack Obama criticized the video as being "crude and disgusting" and reiterated that the U.S. government had no hand in creating it. "It is an insult not only to Muslims, but to America as well," he said, but noted that the film was likewise protected by U.S. law. "I know there are some who ask why don't we just ban such a video. The answer is enshrined in our laws. Our Constitution protects the right to practice free speech."
Thursday, however, the alleged filmmaker behind the Innocence of the Muslims was arrested in Los Angeles. Authorities have accused the man, Nakoula Basseley Nakoula, of violating the terms of his 2010 conviction for banking fraud. According to news reports, during his case law enforcement officials alleged that Nakoula had opened credit card and bank accounts using other people's names, written checks in other people's names, and then attempted to deposit those checks and withdraw the money.
After pleading guilty to a bank fraud charge, Nakoula served 21 months in prison, and was released in June 2011. But as part of his probation, he's barred from using a computer unless under supervision. Authorities said they suspect that Nakoula--a Christian who's originally from Egypt--said he was Sam Bacile when speaking with news media about the film.