Attacks by self-described Muslim hackers, now in their fourth week, hit Regions Financial Thursday. Hacking campaign has also disrupted Capital One and SunTrust banking websites.

Mathew J. Schwartz, Contributor

October 12, 2012

5 Min Read

Regions Financial Thursday became the latest U.S. bank to have its website attacked and disrupted by self-described Muslim hackers, as part of their ongoing "Operation Ababil" online attack campaign.

"We are experiencing an Internet service disruption that is intermittently impacting our customers' ability to access our website or use our online banking service," said Regions Financial spokesman Mel Campbell Thursday in a statement, according to news reports. "We are working quickly to resolve this issue and regret any inconvenience customers may be experiencing."

Early Friday morning, the Regions website appeared to still be inaccessible, but by later in the day, it appeared to once again be available. A spokesman for Regions didn't immediately respond to an emailed query about exactly when the attack against the bank's website had begun, or how long it had lasted.

[ Hackers aren't always motivated by money. Read more at How Cybercriminals Choose Their Targets. ]

The Regions website disruption followed similar distributed denial-of-service (DDoS) attacks launched against the websites of Capital One on Tuesday, and SunTrust on Wednesday.

Capital One spokeswoman Pam Garardo said via email that on Oct. 9, Capital One experienced intermittent access to some online systems due to a denial-of-service attack. She emphasized that other bank channels--branches, call centers, ATMs, as well as its ING Direct and HSBC credit card websites--were not affected, and that no customer or account information had been exposed. "Online servicing channels were fully restored within a few hours," she said.

In the case of SunTrust, Fox Business reported Wednesday that when attempting to log on, some customers have been complaining of receiving one of two error messages: 'Server Unavailable' or 'Server is too busy. According to news reports, a SunTrust spokesman said Wednesday, "We have seen increased traffic today and have experienced some intermittent service availability."

As of Friday, however, the bank's website appeared to be fully accessible. SunTrust spokesman Mike McCoy, when asked via email about exactly when the attacks had begun and ended, replied, "We are not commenting further on the matter as we typically don't comment on security-related matters."

As with recent similar attacks, all three bank attacks had been announced in advance via a Pastebin post--the latest uploaded Monday--by a group calling itself the Izz ad-Din al-Qassam Cyber Fighters.

According to The New York Times, the name of the hacking--or hacktivist--group references "Izz ad-Din al-Qassam, a Muslim holy man who fought against European forces and Jewish settlers in the Middle East in the 1920s and 1930s." The hackers said they've launched their banking attacks in retaliation for the release of the "Innocence of Muslims" film that mocks the founder of Islam. A 13-minute clip of the film was uploaded last month to YouTube.

The film has been attributed to Nakoula Basseley Nakoula (a.k.a. Mark Basseley Youssef), 55, who appeared Wednesday in Los Angeles U.S. District Court. Federal prosecutors had accused Nakoula of eight violations of his probation, stemming from a 2010 conviction on bank fraud charges, which could see him returned to prison for two years. He was arrested Sept. 28 for the alleged parole violations, which include using aliases, using a computer without supervision, and lying to his probation officer. But in his court appearance, Nakoula denied all of the charges against him. He's next due back in court Nov. 9.

Attackers' apparent motivations aside, do the bank website disruptions herald a new era in online attacks? "A cyber attack perpetrated by nation states or violent extremist groups could be as destructive as the terrorist attack of 9/11. Such a destructive cyber terrorist attack could paralyze the nation," said Secretary of Defense Leon Panetta Thursday, in a speech at a black-tie event held by the Business Executives for National Security on the Intrepid Sea, Air and Space Museum in New York.

"In recent weeks, as many of you know, some large U.S. financial institutions were hit by so-called 'distributed denial-of-service' attacks," he said. "These attacks delayed or disrupted services on customer websites. While this kind of tactic isn't new, the scale and speed was unprecedented."

But security firm Prolexic, which has been tracking the tools and techniques used in the banking website disruptions, begged to differ with Panetta's analysis. "These are big, but we've seen this big before," said Neal Quinn, chief operating officer of Prolexic, told Wired. "We've seen events this big in the past."

Still, the attacks have been notable because even with attackers' prior warning, they've managed to disrupt the websites of some of the country's largest financial firms, including Bank of America, JPMorgan Chase, PNC, U.S. Bank, and Wells Fargo. As that skill and sophistication suggest, the bank attacks haven't been launched by just one individual, or using a single tool, but rather by multiple well-organized groups wielding a variety of tools, according to Prolexic.

"A blend of attack scripts and different techniques used in each campaign is another pointer to the likelihood that multiple, well-organized groups or individuals were behind these attacks," said Prolexic president Stuart Scholly in an emailed statement. The company has also found that the compromised servers used by attackers appear to have been taken over--again, using a variety of different toolkits and techniques--as far back as May 2012, which further suggests that the attack participants were diverse, and the exploits well-organized.

Cybercriminals are taking aim at your website. Is your security strategy up to the challenge? Also in the new, all-digital 10 Steps To E-Commerce Security issue of Dark Reading: About half of the traffic to e-commerce sites is machine generated--and much of it is malicious. (Free registration required.)

About the Author(s)

Mathew J. Schwartz


Mathew Schwartz served as the InformationWeek information security reporter from 2010 until mid-2014.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like

More Insights