The holidays have passed and it’s time to balance the ol’ checkbook. But wait… Having trouble accessing your bank’s customer portal yet again? It may be a circumstance that we all need to become accustomed to as the extremist group Izz ad-Din al-Qassam Cyber Fighters are threatening to expand the number of financial institutions being targeted by Distributed Denial of Service (DDoS) attacks.
“Rulers and officials of American banks must expect our massive attacks! From now on, none of the U.S. banks will be safe from our attacks,” the group stated in a Pastebin posting.
The attacks, which began in mid-September, have resulted in intermittent downtime for the online banking websites of some of the largest financial institutions in country, including U.S. Bancorp, JPMorgan Chase, Bank of America, PNC Financial Services Group, SunTrust, HSBC, Ally Bank, BB&T, Wells Fargo and Capital One – and the list of targeted organizations could grow as the extremist group’s protest of a controversial YouTube video continues into 2013.
“Our aim of this operation is removal of that insulting and absurd film. If you are in doubt of our statements and aims, we suggest that the U.S. authorities remove this offensive film from YouTube for one week experimentally. Then they will see whether the attacks will be stopped or not,” the group suggested.
While the group maintains that the DDoS attacks are strictly in response to the video in question, suspicious persist that they may be part of a larger operation designed to facilitate fraudulent wire transfers by criminal syndicates. The Office of the Comptroller of the Currency (OCC) issued an advisory in December which reiterated earlier warnings from the Financial Services – Information Sharing and Analysis Center FS-ISAC, the FBI and IC3 that the DDoS may be used as a diversionary tactic to occupy the attention of bank staff while accounts are being pilfered.
“Fraudsters also use DDoS attacks to distract bank personnel and technical resources while they gain unauthorized remote access to a customer’s account and commit fraud through Automated Clearing House (ACH) and wire transfers (account takeover). In this scenario, the DDoS can occur immediately before, during, or after the attack,” the OCC advisory stated.
Alternatively, suspicions that the group may be connected to the Iranian government still persist as well, a theory first offered by Senator Joe Lieberman who previously stated on C-SPAN that he doesn’t believe the attacks were carried out by “random hackers,” but instead were conducted “by Iran and the Quds Force, which has its own developing cyberattack capability.”
The notion was backed up by statements from James Rohr, CEO of PNC Bank, who told CNBC in October that unnamed U.S. government officials had traced the attacks. “Now they’re talking about they sourced it from Iran… The government have come out and said they’ve traced it to Iran,” Rohr said.
Regardless of any attempts to accurately attribute the attacks and the motivations for those behind them, the financial sector and technology service providers continue to expend a significant amount of resources to counter the assault, and customers can expect to be periodically inconvenienced well into the new year.
Organizations concerned about their own potential exposure to DDoS attacks are encouraged to take a free DDoS preparedness assessment test which provides a customized evaluation and subsequent recommendations based on answers to a short questionnaire. The DDoS assessment can be conducted in a matter of minutes by following the instructions here: DDoS Preparedness Test. Resources are also available for those organizations who seek to deploy a first line of defense to filter unwanted traffic before it ever reaches the targeted network.