Hacktivists to resume bank DDoS campaign

Powered by SC Magazine
 

Hackers want Innocence of Muslims video copies pulled.

Citing inadequate efforts to remove an anti-Muslim video from the web, a hacktivist group is calling for more distributed denial-of-service attacks to be launched against US bank sites.

The collective, known as Martyr Izz ad-Din al-Qassam Cyber Fighters, suspended its initial DDoS campaign in late January after an Innocence of Muslims video with 17 million views was removed from YouTube.

But in a Pastebin message posted at the time, the group warned that attacks would continue if a list of other highly viewed videos on the site weren't pulled.

On Tuesday, a new Pastebin message from the group appeared, promising that a new phase of its DDoS attacks would begin this week.

Previous website disruptions for which the Cyber Fighters claimed responsibility included those affecting JPMorgan Chase, Bank of America, Citigroup, Wells Fargo, US Bancorp, PNC Financial Services Group, BB&T Corp., SunTrust Banks and Regions Financial Corp.

“While running phase 2 of Operation [Ababil], a main copy of the insulting film was removed from YouTube and that caused phase 2 to be suspended,” said the message.

“Al-Qassam cyber fighters measured this act positively and [as a] sign of rationalism in the US government and for this reason suspended the operation for one month. That also was an opportunity for [the] US government to think more about the topic and remove other copies of the film as well.”

The group claimed that American banks would be struck with DDoS attacks during working hours on Tuesdays, Wednesdays and Thursdays, under phase three of Operation Ababil. 

Throughout this week, an influx of complaints has been posted on Sitedown.co, which allows users to post about their issues accessing certain web sites.

As recently as Friday, users reported problems using sites for BB&T and Bank of America. Some Capital One customers said site issues persisted over the last two or three days.

Speculation about the true source of the attacks has varied, even as the Cyber Fighters continue to use Pastebin as an outlet to communicate plans, much like other hacktivist groups, including Anonymous, have done.

The New York Times quoted in January an unnamed government officials who said the DDoS attacks were backed by the Iranian government as an act of retaliation for sophisticated malware believed to have been served by the United States to strike targets within the country – like Flame, Duqu and Stuxnet – which are capable of gathering intelligence or sabotaging critical infrastructure systems.

Just last month, Debbie Matz, the chair of the National Credit Union Administration (NCUA), sent a letter to credit unions advising them to implement DDoS mitigation strategies given an “increasing frequency of cyber terror attacks on depository institutions.”

The letter said that network security controls, like firewalls and other intrusion detection software, may offer “inadequate protection” against DDoS attacks, primarily used to cause “service outages rather than stealing funds or data” from customers.

This article originally appeared at scmagazineus.com

Copyright © SC Magazine, US edition


Hacktivists to resume bank DDoS campaign
 
 
 
Top Stories
There's no coke and hookers in the cloud
[Blog post] Where did the love go?
 
The True Cost of BYOD - 2014 survey
Twelve months on from our first study, is BYOD a better proposition?
 
Five zero-cost ways to improve MySQL performance
How to easily boost MySQL throughput by up to 5x.
 
 
Sign up to receive iTnews email bulletins
   FOLLOW US...
Latest Comments
Polls
Which is the most prevalent cyber attack method your organisation faces?




   |   View results
Phishing and social engineering
  68%
 
Advanced persistent threats
  3%
 
Unpatched or unsupported software vulnerabilities
  11%
 
Denial of service attacks
  6%
 
Insider threats
  12%
TOTAL VOTES: 1045

Vote