Threat Management

Hacktivists plan to resume DDoS campaign against U.S. banks

Citing inadequate efforts to remove an anti-Muslim video from the web, a hacktivist group is calling for more distributed denial-of-service (DDoS) attacks to be launched against U.S. bank sites.

The collective, known as Martyr Izz ad-Din al-Qassam Cyber Fighters, suspended its initial DDoS campaign in late January after an Innocence of Muslims video with 17 million views was removed from YouTube. But in a Pastebin message posted at the time, the group warned that attacks would continue if a list of other highly viewed videos on the site weren't pulled.

On Tuesday, a new Pastebin message from the group appeared, promising that a new phase of its DDoS attacks would begin this week.

Previous website disruptions for which the Cyber Fighters claimed responsibility included those affecting JPMorgan Chase, Bank of America, Citigroup, Wells Fargo, U.S. Bancorp, PNC Financial Services Group, BB&T Corp., SunTrust Banks and Regions Financial Corp.

“While running phase 2 of Operation [Ababil], a main copy of the insulting film was removed from YouTube and that caused phase 2 to be suspended,” said the message. “Al-Qassam cyber fighters measured this act positively and [as a] sign of rationalism in the U.S. government and for this reason suspended the operation for one month. That also was an opportunity for [the] U.S. government to think more about the topic and remove other copies of the film as well.”

The group claimed that American banks would be struck with DDoS attacks during working hours on Tuesdays, Wednesdays and Thursdays, under phase three of Operation Ababil. 

Throughout this week, an influx of complaints has been posted on Sitedown.co, which allows users to post about their issues accessing certain web sites. As recently as Friday, users reported problems using sites for BB&T and Bank of America. Some Capital One customers said site issues persisted over the last two or three days.

Speculation about the true source of the attacks has varied, even as the Cyber Fighters continue to use Pastebin as an outlet to communicate plans, much like other hacktivist groups, including Anonymous, have done.

In a January article, The New York Times quoted unnamed government officials who said the DDoS attacks were backed by the Iranian government as an act of retaliation for sophisticated malware believed to have been served by the United States to strike targets within the country – like Flame, Duqu and Stuxnet – which are capable of gathering intelligence or sabotaging critical infrastructure systems.

Just last month, Debbie Matz, the chair of the National Credit Union Administration (NCUA), sent a letter to credit unions advising them to implement DDoS mitigation strategies given an “increasing frequency of cyber terror attacks on depository institutions.”

The letter said that network security controls, like firewalls and other intrusion detection software, may offer “inadequate protection” against DDoS attacks, primarily used to cause “service outages rather than stealing funds or data” from customers.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.