DDoS: Is Phase 3 Over?

Hacktivists Take Break in Bank Attacks
DDoS: Is Phase 3 Over?

The hacktivist group that's been waging distributed-denial-of-service attacks against leading U.S. banks since mid-September has taken a two-week hiatus. Now experts say it's unclear when or if the attacks will resume.

See Also: Addressing the Identity Risk Factor in the Age of 'Need It Now'

On May 6, Izz ad-Din al-Qassam Cyber Fighters - the hacktivist group behind the DDoS attacks against U.S. banking institutions - announced on the open forum Pastebin that its attacks would cease for the week. The pause, the group said, was out of respect for OperationUSA, a separate hacktivist movement organized by Anonymous.

Izz ad-Din al-Qassam Cyber Fighters did not join the OpUSA effort, a move that severely crippled the attack's impact, experts say (see OpUSA: A Lackluster DDoS Operation).

But many security experts expected the hacktivist attacks against banks would resume on May 14. Now it's unclear what will happen next, says Dan Holden of DDoS-mitigation provider Arbor Networks.

"They weren't involved in OpUSA, and the moment they said they weren't going to be involved, then we didn't think it was going to be a real threat," Holden says. "The moment they pulled out, they were on a break. I think it's a typical break like we've seen in the past. This time, they just had a reason to do it."

While Holden says there's been no attack activity connected to Brobot, the botnet used by Izz ad-Din al-Qassam Cyber Fighters in its attacks waged since September, he says appears hacktivists have continued to update the botnet's tools. "I don't think this is end," he says. "It may not be next week, but I would be surprised if we did not see attacks resume the week after that."

Other security experts, including Mike Smith of online-security firm Akamai Technologies and Rodney Jofee of DDoS-mitigation and online security provider Neustar Inc., also say the attacks against U.S. banks have ceased. And like Holden, they're not sure why.

Attack History

Last month, the Federal Bureau of Investigation noted that as of April 10, 46 U.S. banking institutions had been targeted by more than 200 separate DDoS attacks of "various degrees of impact" since Izz ad-Din al-Qassam Cyber Fighters announced its first phase of attacks in September 2012 (see FBI: DDoS Botnet Has Been Modified ).

This marks the first break Izz ad-Din al-Qassam Cyber Fighters has taken during its third phase of attacks, which kicked off in March. The campaign ran eight weeks, the longest-running so far of the three campaigns the hacktivists have waged.

The first campaign, which began Sept. 18, lasted six weeks. The second campaign, which kicked of Dec. 10, lasted seven.


About the Author

Tracy Kitten

Tracy Kitten

Director of Global Events Content and Executive Editor, BankInfoSecurity & CUInfoSecurity

A veteran journalist with more than 20 years' experience, Kitten has covered the financial sector for the last 13 years. Before joining Information Security Media Group in 2010, where she now serves as director of global events content and executive editor of BankInfoSecurity and CUInfoSecurity, she covered the financial self-service industry as the senior editor of ATMmarketplace, part of Networld Media. Kitten has been a regular speaker at domestic and international conferences, and was the keynote at ATMIA's U.S. and Canadian conferences in 2009. She has been quoted by CNN.com, ABC News, Bankrate.com and MSN Money.




Around the Network