Clues about who's behind recent cyber attacks on US banks
A Middle Eastern hacktivist group appeared to claim responsibility for massive denial-of-service cyber attacks on websites of six US banks. Some experts now say that claim is a 'false flag' to divert attention from the real attackers.
A series of cyberattacks on the websites of six US banks is probably not the sole work of hacktivists upset about a YouTube video that denigrates the Prophet Muhammad, as early reports had conjectured. Rather, the massive denial-of-service attacks appear to have been tightly orchestrated, possibly by a single group, and may have been a bid to divert attention from other, more subtle attacks.Skip to next paragraph
Subscribe Today to the Monitor
Cybersecurity experts analyzing the distributed denial of service attacks (DDoS) – which shoot data from myriad computers to make it hard to block the attempt to clog the Internet pipes at the target site – are also waiting to see if the perpetrators will strike again this week.
The first attack occurred Sept. 18. Between 9 and 10 a.m. EDT, security companies monitoring World Wide Web traffic noticed a sudden torrent of "junk" data directed at Bank of America – which soon became a deluge of about 65 gigabytes of information per second. That's about 15 to 30 times larger than is typically seen in such cyberattacks – roughly equal to data contained in 250,000 books shot at a bank website each second. Five similar DDoS attacks on other banks would follow.
Why, and who is behind the gigantic digital bombardments?
Messages left anonymously on the Pastebin website claim that a Middle Eastern hacktivist group – "Cyber fighters of Izz ad-din Al qassam," allied to the military wing of Hamas – was responsible for the attacks. The messages said the attacks are a response by thousands in the region angered by "Innocence of Muslims," a video made in the US and posted on YouTube that Muslims consider an affront to the Prophet Muhammad.
But experts say it appears that at least two attacks were occurring at once – one by a group of individuals, and the other by an entity controlling a relatively small number of powerful, high-speed Internet Web servers. Any attacks by activists during that time were only a veil masking a powerful, orchestrated attack conducted either by cybercriminals or possibly by Iran in retaliation for harsh economic sanctions, these experts say.
"On this particular attack, an Islamic group has claimed responsibility by saying they are doing the attacks for ideological motives," Dan Holden, director of research for the Security Engineering & Response Team at Arbor Networks, says in an e-mail interview. "If true, this would be classic hacktivism. However, Arbor thinks this could be a 'false flag' operation to divert attention away from the real attackers."