Banks Back Under Attack by Claimed Hacktivists

A group claiming responsibility for prior attacks on financial institutions has begun DDoSing the networks of five major banks, this time without serious disruption, say researchers.

A second round of distributed denial-of-service attacks against financial institutions has not yet had the dramatic impact predicted by the attackers, likely because defenders have learned from previous attacks, security professionals said.

On Dec. 18, the hacktivists known as the Izz ad-Din al-Qassam Cyber Fighters Group vowed to continue attacks begun last week aimed at overwhelming the Websites and network connections of five major U.S. banks: U.S. Bancorp, JP Morgan Chase, Bank of America, PNC Financial Services Group and SunTrust Banks. The group first started attacking financial institutions in September, claiming that the attacks would continue until a video that insulted the prophet Muhammad was taken down from YouTube.

"The attacks will be persistent till eliminating injustice and stopping the insults to the prophet of mercy and removing the offensive film, and we are sure that we will reach to our goals," the group stated in a Pastebin post dated Dec. 18. "The attacks of this week will be as wide as previous week. The five major U.S. banks will be attacked and we subsequently suggest that from now on they prepare their context of sorrowfulness to the customers of banks because of inaccessibility."

On the morning of Dec. 18, of the five banks, only Chase.com appeared to be inaccessible. For the most part, however, the attacks have not had their intended impact, said Dan Holden, director of the security engineering response team for network-security firm Arbor Networks. Refinements to defenses made since the last attacks have dealt with the packet floods and application attacks much more gracefully, he said.

"I can tell you that the banks and the providers that we are working with are in a much better situation this go-around," Holden said. "And, while there might have been some slowness with the sites, I don't know that any [site] that fell down, or if it did, for any significant amount of time."

The hacktivists continue to use a botnet of high-bandwidth Web servers in the attack. Unlike the run-of-the-mill distributed denial of service (DDoS) attacks, which use compromised home and office desktops to send massive amounts of data, these attacks use far fewer servers that are running vulnerable content management systems. The targets of the latest attacks are regularly seeing 30GB per second and 40GB per second, fueled by the higher-bandwidth connections typical of Web servers.

In a post last week, the group claimed the attacks would be more diverse and difficult to stop.

"In new phase, the wideness and the number of attacks will increase explicitly; and offenders and subsequently their governmental supporters will not be able to imagine and forecast the widespread and greatness of these attacks," the group stated.

The group's forthrightness, to the extent of posting questions from journalists and their answers, is an interesting development, Arbor's Holden said.

While mainly unsuccessful in taking down the Websites and networks of their financial targets, the hackers have required that banks spend more money on network defenses, and so their attacks should not be seen as failures, he said.

"Even at the current level, they cost money, so it is having an impact," Holden said. "It is not just a DDoS of the site, but a DDoS against the staff and the financial institutions' resources. And, it's certainly not cheap, so that can be looked at as a partial success."