DDoS attacks against major U.S. banking websites are continuing this week, with Wells Fargo, PNC Bank, U.S. Bankcorp all falling victim, according to reports.
The source of the attacks, which are flooding the websites with so much traffic that they become unavailable, are still not known, though a hacktivist group calling itself the "Mrt. Izz ad-Din al-Qassam Cyber Fighters" reportedly took credit in a Pastebin post, which since has been removed. It said it launched the attacks out of protest to the anti-Muslim film "Innocence of Muslims," which has helped spark outrage in the Middle East against the United States.
That's the same collective that took responsibility for a string of DDoS attacks last week against Bank of America.
Mike Smith, security evangelist at web services provider Akamai, said DDoS attacks that knock out access to popular commercial websites are not uncommon.
"This kind of stuff happens all the time," he told SCMagazine.com on Thursday "Usually people don't talk about them. Over the past couple of years, people have talked about them because the attackers' intent is to get publicity. That's where hacktivists come along. For them, it's free public relations."
Smith said it's also possible the latest DDoS attacks are the work of an organized crime group, or are being launched merely as a distraction and a way to slow the bank's response to actual fraud taking place. But this doesn't appear to be the case.
Either way, according to those who have studied this latest round of attacks, they are powerful.
"From what I've been told (I'm not a network security specialist) the leading DDoS prevention software more or less stops working when the attacks get larger than 60-70 gigabytes and simply can't handle the bandwidth of these 100-plus gigabyte attacks," Avivah Litan, vice president and distinguished analyst of Gartner, wrote in a blog post on Thursday. "The major ISPs only have a few hundred gigabytes bandwidth for all their customers, and even if they added more on to that, the hacktivists could quickly and easily eat the additional bandwidth up.
As of this writing, one of the attacks appears to be ongoing: The website for PNC Bank is not reachable.
"Our systems are performing well today," Nicole Garrison-Sprenger, a U.S. Bancorp spokeswoman, told SCMagazine.com. "The attacks yesterday caused intermittent delays for some consumers visiting our website, but we can assure customers that their data and funds are secure. These issues are related to unusual and coordinated high traffic volume designed to slow down the system -- similar to what other banks have experienced in the past week.
A spokeswoman for Wells Fargo said its site is back functioning normally.
"We appreciate our customers' patience and apologize for any inconvenience," she said.