Capital One confirms that its website had been hit by another distributed denial of service attack. This Oct. 16 incident was the second attack allegedly waged this month by the hacktivist group Izz ad-Din al-Qassam Cyber Fighters against the $296.7 billion bank.
"Capital One is experiencing intermittent access to some online systems due to a denial of service attack," bank spokeswoman Tatiana Stead said. "There was minimal impact to the majority of our customers."
Also on Oct. 16, a post claiming to be from the Izz ad-Din al-Qassam Cyber Fighters appeared on the open Internet forum site Pastebin claiming new attacks against U.S. banks would be waged between Oct. 16 and Oct. 18. The group notes that this new wave of DDoS attacks is being initiated without advance warning. In earlier Pastebin posts, the group named the eight banks it eventually attacked.
Jason Malo, a financial fraud and security consultant with CEB TowerGroup, says the Oct. 9 attack against CapOne, appeared to be one of the most damaging. "With CapOne, they seemed to take a bigger hit than the others," he says. "Other banks seemed to handle the attacks better."
The first institution to take a DDoS hit was Bank of America on Sept. 18, followed by JPMorgan Chase on Sept. 19 (see High Risk: What Alert Means to Banks). Attacks against Wells Fargo, U.S. Bank and PNC hit the following week (see More U.S. Banks Report Online Woes).
Izz ad-din Al Qassam says it will continue to target U.S. institutions until a YouTube movie trailer believed by the group to be anti-Islam is removed from the Internet. Experts, however, question whether that outrage is just a front for some more nefarious motive.