Pierluigi Paganini September 28, 2012

Last Wednesday the web site of U.S. Bank has been hit by a DDoS attack, that caused its block, launched by a group of Islamic hacktivists who have claimed responsibility for event. The web site remained down for an hour, starting at around 3:30 Pacific, due the impossibility to serve the huge quantity of requests.

The banking sector was subject to an escalation of offensive last week, Bank of America, JPMorgan Chase, Citigroup  and Wells Fargo & Co were also attacked with similar modality. A spokeswoman of U.S. Bancorp, which operates as U.S. Bank apologized to the customers confirming the attack that generated a high traffic volume.

“We apologize that some customers experienced intermittent delays today on our website. We have been working hard to restore full connectivity,”

“We are asking customers who are experiencing issues with our online or mobile sites and have an urgent banking need to please call us at  1-800-US-BANKS, or stop by one of our branches,”

“We are working closely with federal law enforcement officials to address the issue. In the meantime, we can assure customers that their data and funds are secure,”

What has made this attack unusual?

Usually a DDoS attack is launched using a large number of compromised machine composing a botnet, on the contrary the attack against the U.S. Bank has involved a network of volunteers that deliberately have hit the targets.

The “weapon” used for the attack is an application that the attackers have downloaded from two file-sharing sites. The application is very simple and written using a scripting language with a friendly console, users had only to click the “start” button to participate to the offensive.

While a classic botnet, although is very efficient, is quite simple to detect due the presence of anomalous traffic from/to  the Command & Control servers in this case the presence of volunteers complicates the mitigation of the attack.

Consider also that the involvement of volunteers launching attacks from their own machines makes hard to  isolate malicious traffic and impossible to block it “beheading” the control servers.

The group claimed the attack on Pastbin naming itself “Mrt. Izz ad-Din al-Qassam Cyber Fighters”, it announced that it involvement in the organization of all the recent attacks from Wells Fargo to the ones against U.S. Bank and PNC Financial Services Group. The group has motivated the attack as revenge for the affront of the video denigrating the Prophet Muhammad.

Despite DDoS attacks are usually not sophisticated they represent a serious cyber threat due the capability to interrupt the providing of a web servers. Banks, financial institutions and other companies that have as core business on line web services are prepared to these attacks but the dimension of offensive may also drop prepared defenses.

According Atif Mushtaq, a security researcher at FireEye who has analyzed the attack, the dimension of the bank targeted and of its defensive capabilities let us think that the attacker have constituted a network of hundreds of thousands of computers.

On the difficulty to manage incoming traffic from a network of volunteers Mushtaq said:

“There’s no way you can distinguish between the benign traffic and this DDoS traffic,”

“It’s simply mixed up.”

The singular modality of DDoS used is just one aspect of the story, on the other end there is U.S. government that blamed Iran for the offensive, finding several similitudes with past attacks against U.S. institutions and organizations.

Difficult to discover the truth, we live in the era of misinformation, wars are made with cyber weapons and social media are used often to give a different perception of the reality.

U.S. and Israel are aware that time is running out, soon Iran will have it’s atomic arsenal and will represent a serious dangerous for western countries. The time is right for an attack and many experts believe that a strike is really imminent, today Israeli Prime Minister Benyamin Netanyahu has drawn a red line on the drawing of a bomb that has been shown to ‘General Assembly of the United Nations” to explain that by next summer the “Iran will have reached the final stage in the production of uranium necessary for the realization of its first nuclear device”.

“It’s not a question of whether Iran will get the bomb. The question is at what stage can we stop Iran from getting the bomb,”

“Who among you would feel safe in the Middle East? Who would be safe in Europe? Who would be safe in America? Who would be safe anywhere?”

“I ask, given this record of Iranian aggression without nuclear weapons, just imagine Iranian aggression with nuclear weapons,”

“As the prime minister said, the United States and Israel share the goal of preventing Iran from acquiring a nuclear weapon,” said spokesman Tommy Vietor of the National Security Council.

The group of Izz ad-din Al qassam isn’t the only one engaged in offensive in retaliation for Innocence of Muslims, The Pakistan Cyber Army also conducted a protest campaign against many small businesses and also the U.S. Department of Agriculture, Bank of America, and New York Stock Exchange.

After the defacing of the Persia Bank website they posted the following message:

“You Are Provoking The Anger Of PeaceFull Muslims! / Stop This / Otherwise You WOn’t Be Able To Stop Us.”

The question is, who really is behind these groups? Are they state-sponsored hackers?

It could be possible but in this case they are simply giving a pretext to western governments to blame Iran and other states. Which is the sense of these protests?

Netanyahu today also said to be “totally agree” with U.S. President Barack Obama, who declared that “an Iran with nuclear weapons is not a challenge that can be contained” and the U.S. will “that who must “to stop it.

Are we really close to an attack?

Cyber attack or conventional offensive, that is the question.

Do not forget, however, the crucial role of Iran in the world oil production, an attack could plunge financial markets and trigger a Economic 11/9 … which is the lesser evil?
Is world economy ready to contain the raise of oil price? Which will be the position of Russia on the attack against Iran?

Pierluigi Paganini