Skip to: Content
Skip to: Site Navigation
Skip to: Search

Cyberattacks on US banks resume, aiming to block their websites

The latest cyberattack mirrors one in early fall that targeted websites of major US banks. Security experts say the attacks appear to be the handiwork of a group tied to Hamas, which the US lists as a terrorist organization. 

By Staff writer / December 14, 2012

Tourists walk past a Bank of America banking center in Times Square in New York in this June 2012 photo.

Brendan McDermid/Reuters/Files


A massive new wave of cyberattacks aimed at blocking access to US banking websites has resumed after a three-month break, but with only mild impacts reported so far despite its size, cybersecurity experts report.

Skip to next paragraph

Cybersecurity experts analyzing the distributed denial of service (DDoS) attacks – which shoot data from myriad computers to clog the Internet pipes at the target site – say the attacks that began early Tuesday are similar to those that struck banks' website server computers in mid-September and continued for several weeks.

In the crosshairs are U.S. Bancorp, JPMorgan Chase, Bank of America, PNC Financial Services Group, and SunTrust Banks, according to a message posted Monday on by a purported Islamic hacktivist group, "Cyber fighters of Izz ad-din Al qassam," allied to the military wing of Hamas. All five were targeted – along with Capital One, Wells Fargo, Regions Bank, and HSBC – during the first attacks in September.

The message claims these latest “Phase 2 Operation Ababil” attacks are a mass popular response by Muslims to "Innocence of Muslims," a video made in the US and posted on YouTube that Muslims consider an affront to the Prophet Muhammad. "In [this] new phase," the group wrote, "the wideness and the number of attacks will increase explicitly; and offenders and subsequently their governmental supporters will not be able to imagine and forecast the widespread and greatness of these attacks."

But a growing body of technical evidence casts doubt on the assertion that thousands of disgruntled Muslims in the Middle East are behind the cyberattack. Rather, it points to a single group operating a large number of high-powered computer servers that have been hijacked to attack the banks, cybersecurity experts report.

Researchers for Arbor Networks, a cybersecurity company, have isolated the attacks as coming primarily from three botnets – a network of coopted machines that have become zombie slaves to an outside operator. One botnet in particular, called Brobot or "itsoknoproblembro," is being used in the bank attacks. Two other botnets, KamiKaze and AMOS, also are being used, according to Arbor Networks and Prolexic, another cybersecurity firm specializing in DDoS. 


  • Weekly review of global news and ideas
  • Balanced, insightful and trustworthy
  • Subscribe in print or digital

Special Offer


Doing Good


What happens when ordinary people decide to pay it forward? Extraordinary change...

Danny Bent poses at the starting line of the Boston Marathon in Hopkinton, Mass.

After the Boston Marathon bombings, Danny Bent took on a cross-country challenge

The athlete-adventurer co-founded a relay run called One Run for Boston that started in Los Angeles and ended at the marathon finish line to raise funds for victims.

Become a fan! Follow us! Google+ YouTube See our feeds!