Network Security, Network Security, Threat Management

Hacktivists forecast continued DDoS campaign for banks

The collective of hackers taking claim for the months-long distributed denial-of-service (DDoS) attacks on U.S. banking sites now say the campaign could extend until 2014.

Martyr Izz ad-Din al-Qassam Cyber Fighters, a hacktivist group that claims it began the DDoS operation last fall to protest the anti-Muslim film, “Innocence of Muslims,” shared a self-made formula the group will use to determine the length of its attacks.

On Tuesday, the group posted a message on Pastebin saying the campaign would continue for at least 14 more months or until the inflammatory video is pulled offline. According to the Cyber Fighters, website disruptions have affected JPMorgan Chase, Bank of America, Citigroup, Wells Fargo, U.S. Bancorp, PNC Financial Services Group, BB&T Corp., SunTrust Banks and Regions Financial Corp., over the past few weeks.

The group based the number of attack days left on the number of views, “likes,” and “dislikes” received by “Innocence of Muslims” YouTube videos. Other formulaic factors seemed more arbitrary, or unverified, like the claim by the hacktivist group that DDoS attacks cost U.S. banks $30,000 per minute.

The group also said that the attacks against banks could be extended if more URLs of the movie are added or if it decides to take into account videos with less than one million views, which aren't currently factored in.

“We have repeatedly stated that removal of the offensive video, 'Innocence of Muslims,' from YouTube is the simplest solution to stop the cyber attacks,” the group's Pastebin message said.

Google, YouTube's owner, blocked the video in several countries, including Egypt and Libya, after violence broke out over the film, though the video has remained accessible in the United States.

In September, a Los Angeles judge denied a request to remove the video from YouTube.

On Tuesday, an article in The New York Times, quoting unnamed government officials, said the DDoS attacks against U.S. banks actually were the “work of Iran."

The article called the claims by the Cyber Fighters group a cover for the Iranian government, which may have been motivated to DDoS banking sites “in retaliation for economic sanctions and online attacks" launched by the United States, like Flame, Duqu and Stuxnet, sophisticated malware capable of targeting critical infrastructure systems or gathering intelligence.

In response, the Iranian government denied any involvement in attacks against American financial institutions.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.