Hacktivist Hints at New DDoS Attacks

New Interview: 'We Have Done What We Had Promised'

By , November 30, 2012.
Hacktivist Hints at New DDoS Attacks

The hacktivists are now letting their words speak for their actions.

See Also: Targeted Attacks - 6 Keys for Fighting Back

For the third time in one month, a source claiming to be part of the self-proclaimed hacktivist group known as Izz ad-Din al-Qassam Cyber Fighters has granted an interview to discuss the wave of high-profile distributed denial of service attacks on U.S. banks.

During the recent interview with Flashpoint Global Partners, an international consulting firm, the hacktivist representative said more attacks would be waged and that methods of attacks would diverge, until a YouTube movie trailer deemed by the group to cast Islam in a negative light is removed from the Internet.

"We have done what we had promised," the source said. "If the film isn't removed, we'll use our other abilities according to the new conditions."

No New Attacks

Since Sept. 18, the group has taken credit for attacks on 10 leading U.S. banks: Bank of America, JPMorgan Chase, Wells Fargo, PNC, U.S. Bank, CapitalOne, HSBC, SunTrust, Regions and BB&T. No new attacks have been claimed by the group since mid-October.

In early November, Webster Bank and Zions Bancorp also suffered from DDoS attacks, which caused intermittent outages to their online-banking sites for several hours. While the attacks were not linked directly to Izz ad-Din al-Qassam, Zions spokesman Rob Brough said the bank did not know who was behind the attack.

"There's no way for us to know if the attack against us was just the next one [in the series of attacks waged by Izz ad-Din al-Qassam] or if it was just a coincidence," Brough said. "What I can tell you is that we were well-prepared because of the other incidents. When we recognized that it was a DDoS attack, we had plans in place."

DDoS and Fraud?

The attacks have been concerning for two reasons: customer frustration with online-banking inaccessibility and the possibility of fraud being perpetrated in the background. On Sept. 17, the Federal Bureau of Investigation, along with the Financial Services Information Sharing and Analysis Center, issued a warning about DDoS being waged to mask incidents of account takeover occurring simultaneously.

In their alert, the FBI and FS-ISAC note recent attacks that linked DDoS to fraud. "In some of the incidents, before and after unauthorized transactions occurred, the bank or credit union suffered a distributed denial of service (DDoS) attack against their public Web site(s) and/or Internet Banking URL," the alert states. "The DDoS attacks were likely used as a distraction for bank personnel to prevent them from immediately identifying a fraudulent transaction, which in most cases is necessary to stop the wire transfer" (see High Risk: What Alert Means to Banks).

So far, no bank has reported fraud linked to DDoS attacks waged by Izz ad-Din al-Qassam, but security experts question what might really be taking place in the background.

Questioning Consultants' Competency

The latest interview with Izz ad-Din al-Qassam marks the third time a member claiming affiliation with the group has spoken out on the attacks.

On Oct. 31, ABC News was granted an e-mail interview, and on Nov. 7 technology news site Softpedia was given e-mailed insights.

During all interviews, alleged members of the Izz ad-Din al-Qassam group stressed the group was not supported by any nation-state, government or other hacktivist group, and that all of its members were merely tech-savvy volunteers with a common mission to see the YouTube video removed (see Hacktivist Speaks Out About DDoS).

Follow Tracy Kitten on Twitter: @FraudBlogger

  • Print
  • Tweet Like LinkedIn share
Get permission to license our content for reuse in a myriad of ways.
ARTICLE Jeremy Grant Is Leaving NSTIC

Under Jeremy Grant's stewardship, the National Strategy for Trusted Identities in Cyberspace has...

Latest Tweets and Mentions

ARTICLE Jeremy Grant Is Leaving NSTIC

Under Jeremy Grant's stewardship, the National Strategy for Trusted Identities in Cyberspace has...

The ISMG Network