DDoS Hacktivists: No U.S. Bank is Safe

Group Takes Credit for 9 Bank Attacks in December
DDoS Hacktivists: No U.S. Bank is Safe

The hacktivist group Izz ad-Din al-Qassam Cyber Fighters claims that its second phase of distributed-denial-of-service attacks has affected nine banks since Dec. 11, and it warns that more attacks are on the way.

See Also: Cybersecurity for the SMB: Steps to Improve Defenses on a Smaller Scale

"Rulers and officials of American banks must expect our massive attacks! From now on, none of the U.S. banks will be safe from our attacks," the hacktivists write in a Jan. 1 post on Pastebin.

The group says its DDoS strikes waged since the kickoff of its second campaign in early December have targeted JPMorgan Chase, Bank of America, Citigroup, Wells Fargo, U.S. Bancorp, PNC Financial Services Group, BB&T Corp., Suntrust Banks and Regions Financial Corp. (see 5 Banks Targeted for New DDoS Attacks.)

The group claims its attacks against U.S. banks will continue until a YouTube video deemed offensive to Muslims is removed.

December Attacks

On a Dec. 10 post, Izz ad-Din al-Qassam Cyber Fighters announced plans for its second campaign, targeting PNC, U.S. Bank, BofA, Chase and SunTrust. Since then, the group has posted two subsequent threats and, as indicated in its Jan. 1 post, has apparently hit a total of nine banks.

Regions and SunTrust are the only institutions named by the hacktivists for which abnormal traffic patterns in the month of December have not been confirmed.

PNC was the first to report site issues on Dec. 11. The bank used social media and its website to forewarn customers of expected online outages possibly linked to DDoS.

On Dec. 12, U.S. Bank said intermittent site issues resulted from high volumes of traffic. That same day, the Financial Services Information Sharing and Analysis Center issued a security update to its membership, outlining precautions institutions should take as they prepare for the second phase of attacks being waged by the hacktivist group.

"Financial institutions should ensure they have reviewed their distributed-denial-of-service detection and mitigation plans, as well as recent threat intelligence shared by and through the FS-ISAC," the center warned. "FS-ISAC is working with its members, its partners and government agencies to monitor this threat, share information and support members under attack."

PNC again on Dec. 13 said its site experienced issues related to abnormally high volumes of traffic, and according to the online-monitoring site sitedown.co, Bank of America and JPMorgan Chase also suffered access issues beginning around 9 a.m. ET Dec. 13, although neither bank acknowledged any outages. Neither Chase nor BofA confirmed online woes, but one of BofA's retail customers from Atlanta called BankInfoSecurity on Dec. 14 to report he had not been able to access his online banking account at bankofamerica.com for a week.

Then, on Dec. 17 and 18, Wells Fargo reported intermittent issues. And on Dec. 20, Wells and PNC said their sites experienced intermittent access issues.

On Dec. 26, Citi confirmed its site suffered late afternoon interruptions, but it said the issues were quickly resolved.

Warning Issued

So far, the Office of the Comptroller of the Currency is the only federal regulator to issue a public warning about the DDoS attacks, noting that the attacks could be linked to fraud.

On Dec. 21, the OCC said banking institutions should ensure incident-response strategies involve appropriate personnel across multiple lines of business, as well as external partners. It also suggested banks consider due diligence reviews of service providers, such as Internet service providers and Web-hosting servicers to ensure they, too, have taken the necessary steps to identify and mitigate potential risks associated with DDoS attacks.

The first campaign of attacks, which ran from mid-September to mid-October, targeted all of the institutions allegedly targeted in the second campaign, as well as HSBC Holdings and Capital One.


About the Author

Tracy Kitten

Tracy Kitten

Former Director of Global Events Content and Executive Editor, BankInfoSecurity & CUInfoSecurity

Kitten was director of global events content and an executive editor at ISMG. A veteran journalist with more than 20 years of experience, she covered the financial sector for over 10 years. Before joining Information Security Media Group in 2010, she covered the financial self-service industry as the senior editor of ATMmarketplace, part of Networld Media. Kitten has been a regular speaker at domestic and international conferences, and was the keynote at ATMIA's U.S. and Canadian conferences in 2009. She has been quoted by CNN.com, ABC News, Bankrate.com and MSN Money.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing ffiec.bankinfosecurity.com, you agree to our use of cookies.