Although the hacktivist group that has taken credit for distributed-denial-of-service attacks on U.S. banking institutions since mid-September says it's suspending its strikes, experts say banks and credit unions can't let down their guard anytime soon.
Izz ad-Din al-Qassam Cyber Fighters announced Jan. 29 on the open forum Pastebin that it was suspending its second DDoS campaign that's been ongoing since mid-December (see Hacktivists Suspend DDoS Attacks).
The hacktivists' decision to call off attacks is curious, and unexpected, says financial fraud expert Avivah Litan, an analyst at Gartner Research. "Banks should certainly remain on guard," she says.
In its most recent Pastebin post, the hacktivist group claims YouTube's removal of the most visited link to the "Innocence of Muslims" movie trailer, which it was protesting through the DDoS hits, spurred it to call off the campaign.
But several functioning links to the video on YouTube were still accessible as of Jan. 30.
YouTube, which is owned by Google, did not respond to BankInfoSecurity's request for a comment. In a brief statement provided to Information Week, however, Google declined to verify whether the most popular link to video had been removed.
Two online security experts, who asked not to be named, say they're skeptical of the group's claims about suspending attacks; some statements circulating in different online forums that have been attributed to Izz ad-Din al-Qassam Cyber Fighters reflect mixed messages about the group's intent to halt attacks.
Banking institutions must continue to be on the lookout for DDoS activity, stresses one banking executive, who also asked not to be named.
"We have all read it [Izz ad-Din al-Qassam's suspension announcement] with a high level of skepticism," the executive says. "We know we need to stay on guard for the next few months."
History of Attacks
Izz ad-Din al-Qassam Cyber Fighters has said since mid-September, when it launched its first DDoS campaign against leading U.S. banks, including Bank of America and JPMorgan Chase & Co., that the attacks were being waged in protest of the YouTube trailer, which the group deemed offensive to Muslims.
Claiming that the most visited link to the trailer had been removed, the hacktivists said in their Jan. 29 post: "The al-Qassam cyber fighters lauds this positive measure of YouTube and on this basis suspends his operation and plans to give a time to Google and U.S. government to remove the other copies of film as well. During the suspension of Operation Ababil, no attack to U.S. banks would take place by al-Qassam cyber fighters."
Litan warns that banking institutions should not take hacktivists' alleged suspension of attacks as a positive sign. "Now the hacktivists have discovered a new, effective weapon for extracting concessions from U.S. companies," she says. "That cannot be a good thing."
Only two of the recently targeted institutions, PNC Financial Services Group and Key Bank, responded to BankInfoSecurity's request for comment about the hacktivists' Jan. 29 announcement.
Lynne Woodman, spokeswoman for Key Bank, says increased traffic on the bank's website began to diminish late last week. Marcey Zwiebel of PNC Financial Services Group says PNC's online systems were operating normally as of Jan. 29.
But the unnamed banking executive says DDoS activity continues, regardless of the hacktivists' claims. The traffic may not be related to Izz ad-Din al-Qassam Cyber Fighters, the executive adds, but the continued "general noise against firewalls" is reason enough for banks and credit unions to increasingly enhance their defenses.