U.S. Bank Hackers Promise DDoS Pause
In the sixth week since the launch of "Operation Ababil" attacks against Wall Street banks, online post says hacktivists are taking time off for a Muslim holiday.
A Tuesday Pastebin post from the Izz ad-Din al-Qassam Cyber Fighters hacktivist group said that in honor of the Muslim Eid al-Adha holiday, which in 2012 runs from the evening of Oct. 25 to the evening of Oct. 26, they're planning a break. "To commemorate this breezy and blessing day, we will stop our attack operations during the next days," according to the group's statement. "Instead, we are going to have an interview with one of the American media and press about our ideas and positions." The group then solicited offers via a provided email address (email@example.com).
More Security Insights
- How Attackers Identify and Exploit Software and Network Vulnerabilities
- Getting a Grip on Mobile Malware
- The 451 Group Impact Report: Skybox Enters Vulnerability Management Space
- Detecting and Stopping Advanced Threats
Last week, as part of what they've dubbed "Operation Ababil," the attackers launched distributed denial of service (DDoS) attacks that disrupted the websites of BB&T, HSBC, and Capital One--the lattermost site for the second time. Before that, previous attacks by the group had disrupted the websites of many of Wall Street's biggest financial institutions, including Bank of America, JPMorgan Chase, New York Stock Exchange, Regions Financial, SunTrust, U.S. Bank, and Wells Fargo.
[ The feds are looking for new ways to keep diplomatic employees safe. See After Benghazi, State Dept. Seeks Diplomat Tracking Technologies. ]
The hacktivists reiterated that their DDoS attacks have been launched in retaliation for the "organized insulting to the Prophet of Islam done by some arrogant western governments," by which the group was referring to the YouTube release of a clip of Innocence of Muslims, a film that attacks the founder of Islam, and which has been attributed to an Egyptian-born U.S. resident who is Christian. The hacktivist group has continually called for western governments to excise the film from the Internet.
The group also repeated that it's had no part in recent wire-transfer fraud campaigns. U.S. government officials, in anonymous media interviews, have accused Iran of orchestrating the attacks, and also said they've traced the Izz ad-Din al-Qassam Cyber Fighters attacks to a group of fewer than 100 information security specialists based at Iranian universities and technology companies.
"We have already stressed that the attacks launch only to prevent banking services temporarily throughout the day & there is no stealing or handling of money in our agenda," said the Izz ad-Din al-Qassam Cyber Fighters in their Pastebin post. "So if others have done such actions we don't assume any responsibility for it. Every day we are giving a compulsive break to all employees of one of the banks & its customers."
The group also disparaged a recent speech made by Defense Secretary Leon Panetta, in which he referred to the ongoing bank website disruptions, and warned that such attacks could become the norm or easily be extended to disrupt critical infrastructure systems in the United States. In response, the Izz ad-Din al-Qassam Cyber Fighters said that "Mr. Panetta has noted in his remarks to the potential cyber threats such as attacking on Power & Water Infrastructures, running off trains from the tracks & etc. On our opinion, these Panetta's remarks are for distracting the public opinion & in support of the owners of the bank's capital."
"So please stop these nonsense and just order the officials to remove the insulting video from Internet," the group said.
A security information and event management system serves as a repository for all the security alerts and logging systems from a firm's devices. But this can be overkill for a company that is understaffed or has overestimated its security information needs. In our report, Does SIEM Make Sense For Your Company?, we discuss 10 questions to ask yourself in determining whether SIEM makes sense for you--and how to pick the right system if it does. (Free registration required.)