Cyberattacks on US banks resume, aiming to block their websites
The latest cyberattack mirrors one in early fall that targeted websites of major US banks. Security experts say the attacks appear to be the handiwork of a group tied to Hamas, which the US lists as a terrorist organization.
A massive new wave of cyberattacks aimed at blocking access to US banking websites has resumed after a three-month break, but with only mild impacts reported so far despite its size, cybersecurity experts report.Skip to next paragraph
Subscribe Today to the Monitor
Cybersecurity experts analyzing the distributed denial of service (DDoS) attacks – which shoot data from myriad computers to clog the Internet pipes at the target site – say the attacks that began early Tuesday are similar to those that struck banks' website server computers in mid-September and continued for several weeks.
In the crosshairs are U.S. Bancorp, JPMorgan Chase, Bank of America, PNC Financial Services Group, and SunTrust Banks, according to a message posted Monday on pastebin.com by a purported Islamic hacktivist group, "Cyber fighters of Izz ad-din Al qassam," allied to the military wing of Hamas. All five were targeted – along with Capital One, Wells Fargo, Regions Bank, and HSBC – during the first attacks in September.
The message claims these latest “Phase 2 Operation Ababil” attacks are a mass popular response by Muslims to "Innocence of Muslims," a video made in the US and posted on YouTube that Muslims consider an affront to the Prophet Muhammad. "In [this] new phase," the group wrote, "the wideness and the number of attacks will increase explicitly; and offenders and subsequently their governmental supporters will not be able to imagine and forecast the widespread and greatness of these attacks."
But a growing body of technical evidence casts doubt on the assertion that thousands of disgruntled Muslims in the Middle East are behind the cyberattack. Rather, it points to a single group operating a large number of high-powered computer servers that have been hijacked to attack the banks, cybersecurity experts report.
Researchers for Arbor Networks, a cybersecurity company, have isolated the attacks as coming primarily from three botnets – a network of coopted machines that have become zombie slaves to an outside operator. One botnet in particular, called Brobot or "itsoknoproblembro," is being used in the bank attacks. Two other botnets, KamiKaze and AMOS, also are being used, according to Arbor Networks and Prolexic, another cybersecurity firm specializing in DDoS.