Hacktivists Expand Bank DDoS Attacks as Security Pros Monitor Source

The al Qassam Cyber Fighters resumed prolonged attacks against banks and hit more institutions simultaneously, with the longevity of the attacks fueling speculation that the attackers are well-funded.

Alleged hacktivists again launched denial-of-service attacks against major U.S. banks last week, causing some disruption at a handful of financial institutions.

While the group behind the attacks continue to pose as hacktivists, the longevity of the campaign—now entering its sixth month—has some security experts arguing that the attacks are a well-funded operation.

On March 5, al Qassam Cyber Fighters (QCF) launched their latest attacks against banks, posting a message on Pastebin stating that nine banks would be targeted by denial-of-service attacks during the week. Unlike previous network floods, the current attacks have simultaneously inundated a handful of banks with a deluge of traffic consuming bandwidths from 10G bits up to 40G bits, said Carlos Morales, vice president of global sales engineering and operations for network-protection firm Arbor Networks.

"They clearly have gotten more sophisticated over time," Morales said. "They are doing their homework. A lot of the banks have reported that they seeing probing and smaller attacks before the larger attacks, so the attackers are taking into account what the banks are serving up and customizing the attacks to take advantage of the banks' defenses."

The QCF attacks started in September 2012, targeting banks allegedly in retaliation for the posting of a video to YouTube that offended many Muslims. U.S. officials believe that Iran is carrying out or funding the attacks, according to a January report in The New York Times. The servers used in the attacks have also been used for criminal purposes, suggesting that the attackers are using criminal activities to fund the attacks or hiring time on criminal botnets to boost their capabilities.

The current attacks have targeted Bank of America, BB&T, CapitalOne, Citibank, Fifth Third Bancorp, JPMorgan Chase, PNC, UnionBank, and U.S. Bank, according to the QCF post.

The attacks are meant to be a nuisance to banks and cost them money, not take them offline, Arbor's Morales said.

"This whole thing strikes me as a huge amount of saber rattling," he said. "This is not about taking down the financials. If that was the case, they would not announce it."

Defending against distributed denial-of-service (DDoS) attacks is not cheap. In a report released on March 12, managed-security firm Solutionary estimated that organizations spend as much as $6,500 an hour to recover from DDoS attacks—a number which does not include any lost revenue due to downtime.

The incidents do not seem like the work of hacktivists, who, in the past, attacked a company or site only long enough to gain attention and then moved on. The focus of the QCF group on repeatedly hitting the same targets for many months suggests other motivations, said Morales.

In its "State of the Internet" report for the third quarter of 2012, Internet security and content-delivery platform Akamai came to the same conclusion.

"While the attackers claimed to be hacktivists protesting a movie, the attack traffic seen by Akamai is inconsistent with this claim," the company stated in the report. "The amount of attack traffic that was seen during these attacks was roughly 60 times larger than the greatest amount of traffic that Akamai had previously seen from other activist-related attacks. Additionally, this attack traffic was much more homogenous than we had experienced before, having a uniformity that was inconsistent with previous hacktivist attacks."

Robert Lemos

Robert Lemos

Robert Lemos is an award-winning freelance journalist who has covered information security, cybercrime and technology's impact on society for almost two decades. A former research engineer, he's...