Hackers Launch New Wave Of U.S. Bank AttacksHackers Launch New Wave Of U.S. Bank Attacks
Hacker group disrupts Capital One, SunTrust websites, compares its campaign against anti-Muslim movie to Kate Middleton's suit against a French magazine.
October 11, 2012
The hackers behind recent disruptions of U.S. bank websites this week launched a new wave of attacks.
The attacks were previewed Monday in a Pastebin post from Izz ad-Din al-Qassam Cyber Fighters, which promised to attack Capital One (Tues.), SunTrust Banks (Wed.), and Regions Financial (Thurs.), beginning at 2 p.m. British Time each day, and lasting for eight hours.
The group said it was continuing the "attack to your financial centers" as ongoing retaliation for the release of the Innocence of Muslims film that attacked the founder of Islam, an excerpt of which was posted last month to YouTube. The group also questioned why the film had been allowed to remain online, and contrasted the legal handling of the film with a lawsuit filed by the U.K's duke and duchess of Cambridge--the latter, formerly known as Kate Middleton.
"For instance, at the same time with the Queen of England family's complaint against an insulting photo published in the French magazines the photo was removed immediately. But you did not care about the demands of Muslims and called the fighter groups' activities terrorist attacks," it said in the Pastebin post.
[ The malware market puts everyone at risk. See Weaponized Bugs: Time For Digital Arms Control. ]
Capital One Wednesday confirmed that its website had been attacked, but suffered only disruptions. "We have no reason to believe that customer and account information is at risk," spokeswoman Tatiana Stead told CNBC. "As always, protecting customer information is a top priority." Likewise, SunTrust Wednesday confirmed that its site had been disrupted by attackers.
Meanwhile, Regions Financial told Bloomberg Wednesday that it had prepared for the forecasted Thursday attacks against its site. "We are aware that the group claiming responsibility for these attacks has identified Regions as one of its targets," said a spokeswoman. "We take online security seriously and are taking every measure to protect the company and our customers." Come Thursday, however, the bank's website appeared to be at least intermittently unavailable.
Previous attacks launched under the "Izz ad-Din al-Qassam Cyber Fighters" banner have disrupted the websites of Bank of America, JPMorgan Chase, PNC, U.S. Bank, and Wells Fargo. To date, the group or groups involved appear to have been launching distributed denial-of-service (DDoS) attacks to cause the disruptions, via compromised servers.
Some former U.S. government officials, in anonymous interviews, have accused the Iranian government of being behind the U.S. bank attacks, which they say began a year ago, and involved fraudulent wire transfers. But in their Pastebin post, the hackers appeared to dispute such criticism. "It is necessary to mention that the Izz ad-Din al-Qassam group has no relation with recent Trojan-based attacks which aims the people's electronic money transfers. Our activities are only against the insulting movie mentioned above," it said.
That came as an apparent, direct reply to the FBI, the Financial Services Information Sharing and Analysis Center, and the Internet Crime Complaint Center, which recently issued a joint warning that attackers wielding spam, keyloggers, and remote access Trojans (RATs) were targeting banking employees, and using stolen access credentials to execute fraudulent wire transfers of up to $900,000 at a time, moving the money into foreign accounts.
About the Author(s)
You May Also Like
Hacking Your Digital Identity: How Cybercriminals Can and Will Get Around Your Authentication MethodsOct 26, 2023
Modern Supply Chain Security: Integrated, Interconnected, and Context-DrivenNov 06, 2023
How to Combat the Latest Cloud Security ThreatsNov 06, 2023
Reducing Cyber Risk in Enterprise Email Systems: It's Not Just Spam and PhishingNov 01, 2023
SecOps & DevSecOps in the CloudNov 06, 2023
Passwords Are Passe: Next Gen Authentication Addresses Today's Threats
What Ransomware Groups Look for in Enterprise Victims
How to Use Threat Intelligence to Mitigate Third-Party Risk
Concerns Mount Over Ransomware, Zero-Day Bugs, and AI-Enabled Malware
Securing the Remote Worker: How to Mitigate Off-Site Cyberattacks
9 Traits You Need to Succeed as a Cybersecurity Leader
The Ultimate Guide to the CISSP
The Burnout Breach: How employee burnout is emerging as the next frontier in cybersecurity
Protecting Critical Infrastructure: The 2021 Energy, Utilities, and Industrials Cyber Threat Landscape Report
Identity Access Management 101