New attacks against banking, cyber Jihad or cyber warfare acts?

Pierluigi Paganini December 20, 2012

Last week the hacker group known as “Izz ad-Din al-Qassam Cyber Fighters” announced a series of attacks against principal banking and financial institutions publishing a message on Pastebin profile.

The principal targets include organizations such as U.S. Bancorp, JPMorgan Chase&co, Bank of America, PNC Financial Fervices Group, and SunTrust Banks.

In the period between the end of September, early October the group launched several cyber attacks against numerous banking websites and U.S. financial institutions.

On that occasion it was noticed something unusual, usually a DDoS attack is launched using a large number of compromised machines composing a botnet, on the contrary the attack against the U.S. Bank has involved a network of volunteers that deliberately have hit the targets. While a classic botnet, although is very efficient, is quite simple to detect due the presence of anomalous traffic from/to  the Command & Control servers in this case the presence of volunteers complicates the mitigation of the attack.

Banking world has been advised and last week a spokesperson  of Bank of America told that the IT security of its institute is: “aware of the reports of possible cyber attacks and [is] monitoring [its] systems, which are fully operational.”.

Hacker released the following note:

“After stopping one month attack of Izz ad-Din al-Qassam Group to American banks, today, this group has announced a new cycle of attacks, via an Email which has been sent to us, and has acclaimed that its aim is to compensate guilty offends to holy Prophet of Islam, Mohammad(PBUH). Also, in internet conversations earlier, this group had been stated that these attacks won’t stopped and even in new announcements, it’s been marked that there will be so much stronger attacks in the days ahead.”

The Izz ad-Din al-Qassam Cyber Fighters use to attacks to victims flooding their infrastructures with an impressive number of requests, the new wave of DDOS attacks announced are part of second phase of the campaign named “Operation Ababil” .

“the second phase of the Ababil operation is in ahead and from this week according to the announced plan, will be performed. In new phase, the wideness and the number of attacks will increase explicitly; and offenders and subsequently their governmental supporters will not be able to imagine and forecast the widespread and greatness of these attacks.”

The groups of hackers is attacking US Finance world officially to protest over YouTube responsible to haven’t prevented the spread of blasphemous images related the film  “The Innocence of Muslims”.

The hackers wrote:

“Operation Alababil is revenge in response to the humiliation of the Organization of the Prophet of Islam (PBUH) by some Western countries.”

In the last message posted on Pastebin the group declared:

“Originally, we sympathize deeply with families of the schoolchildren victimized by the horrible happening of Sandy Hook Elementary school. It’s very clear that a system which its rulers and capitalists are the owners of weaponry big companies never care about occurrence of these events.”

Who are these hackers? Do they really protest against video or what else?

There aren’t reliable information on the group but many U.S. officials think that the group could operates for political intents, they believe that they are Iranian state-sponsored hackers despite the hacktivists denies and relationship with government of Teheran.

Last fascinating hypothesis … it could not be ignored that in the cyberspace disputes, anyone on the Internet can conduct a cyber warfare operation to heighten tensions between two states such as Iran and the U.S, by impersonating a what’s believed to be an Iranian group.

Banking institutions including Bank of America, PNC Financial Services Group, and SunTrust have suffered large-scale DDoS attacks against their websites, which successfully interrupted the providing of online banking services this week.

According many experts, with the new year an increasing number of similar attacks will hit other financial institutions in other countries such as UK and Israel.


Banking IT systems are discovering their infrastructures extremely vulnerable to this type of attacks, in many case caused by old an inappropriate defense systems. It must be said that it is not so simple to face with so insidious cyber threat that could bring down in unpredictable way the services of any banks.

According last study on DDoS attacks the offensive are using more sophisticated techniques able to concentrate increased quantity of data against the target in shortest interval of time, knocking out the defenses.

Researchers at Arbor Networks, a security company specialized in solution to mitigate DDoS attacks, revealed that  DDoS attacks are originated by bot agents and insecure websites, for attackers is very simple to exploit not updated web servers on which run vulnerable applications.  The dimension of the institutes targeted and of its defensive capabilities let us think that the attacker have constituted a network of hundreds of thousands of computers.

“The attackers took full advantage of this to upload various PHP webshells which were then used to further deploy attack tools,” “Attackers connect to the compromised webservers hosting the tools directly or through intermediate servers/proxies/scripts and issue attack commands.” Arbor said.

The company commented the recent DDoS attacks using the following statemens:

“On December 11, 2012, attacks on several of these victims were observed. Some attacks looked similar in construction to Brobot v1, however there is a newly crafted DNS packet attack and a few other attack changes in Brobot v2. These attacks have shown why DDoS continues to be such a popular and effective attack vector. Yes, DDoS can take the form of very large attacks. In fact, some of this week’s attacks have been as large as 60Gbps. What makes these attacks so significant is not their size, but the fact that the attacks are quite focused, part of an ongoing campaign, and like most DDoS attacks quite public. These attacks utilize multiple targets, from network infrastructure to Web applications.”

Banking world must be prepared, it is one of the sectors that will subject to the major number of attacks in next year, they are considered privileged targets for hacktivist, state sponsored hackers and cyber criminals.

The principal cyber threats will be again DDoS attacks and cyber attacks that have the purpose to steal banking credential from victims using new complex malware like the revived Carberp trojan.

Let’s hope that banking and financial organization will be prepared for the new offensives.

Pierluigi Paganini

you might also like

leave a comment