Are More DDoS Attacks on the Way?
Lull in Attacks Curious; Banks Should Brace for WorstWe all expected distributed-denial-of-service attacks against U.S. banks to resume a couple of weeks ago. But they didn't. And the extended break, though welcomed by many, is curious, given that hacktivists last month announced plans for just a three-day hiatus.
See Also: Cybersecurity Awareness Engagement Toolkit: Elevate Your Security Culture
The hacktivist group Izz ad-Din al-Qassam Cyber Fighters claimed credit for the attacks against Bank of America, JPMorgan Chase, Wells Fargo, PNC, U.S. Bank, CapitalOne, HSBC, SunTrust, Regions and BB&T, which took place from mid-September to mid-October.
In an Oct. 23 Pastebin post, Izz ad-Din al-Qassam said it planned to temporarily halt attacks in honor of a three-day Muslim holiday.
But the announced three-day lull has turned into a four-week hiatus since the last attack. During that break, self-proclaimed representatives of the hacktivist group have provided comments to two media outlets, most recently on Nov 7.
For now, it appears that direct contact with U.S. media is of more interest to the hacktivists than the attacks that first garnered media attention.
And while the break in attacks is curious, keeping us guessing is probably the point.
That's why all U.S. banking institutions have to assume that more DDoS attacks are coming. They must keep their guards up by relying on technology that can handle traffic overflow, regularly assessing and testing DDoS risks and training staff to recognize the signs of a DDoS attack (see What to Do About DDoS Attacks).
What the Hacktivists Say They Want
Izz ad-Din al-Qassam continues to claim its attacks are only being waged for attention, not to perpetrate fraud. From the beginning, the group has professed outrage over an American film promoted on YouTube that it believes casts Islam in a negative light.
Addressing the issue of fraud, Homeland Security Secretary Janet Napolitano told The Washington Post on Oct. 31 that "financial institutions are actively under attack," and suggested that personally identifiable information and financial accounts were at risk. "All I want to say is that there are active matters going on with financial institutions," she said.
Napolitano said the DHS was working with the financial-services industry, as well as other critical-infrastructure industries, to address known vulnerabilities.
On the same day that Napolitano made her comments, a self-proclaimed member of the group provided comments to ABC News, reiterating the attacks were not being waged for financial gain linked to fraud and that the group is not backed by the Iranian government (see Hacktivist Speaks Out About DDoS).
Then on Nov. 7, in an interview with technology news site Softpedia, another alleged member of Izz ad-Din al-Qassam again stressed that the group is acting alone, without the support of other hacktivist groups such as Anonymous and Fawkes Security, which also took credit for the HSBC hit.
The hacktivist said Izz ad-Din al-Qassam's members are merely cybersavvy volunteers with a shared interest in seeing the YouTube video removed.
What Next?
When asked about Izz ad-Din al-Qassam's attack philosophy, this hacktivist told Softpedia: "We have never said that we don't like American people; rather, our statements have been about the ruling system of this country. This is not just our opinion but the opinion of the 99 percent of American people as well."
It seems the attackers spent some time watching the U.S. presidential election, but did not use the election as a reason to wage new attacks.
And when asked why the group issued warnings to banks before every attack, the hacktivist said: "The reason why we previously warned the people was for their welfare and to make daily schedule for them possible. Also we did believe in our power and ability and we were sure they will not be able to resist our attacks."
Maybe direct communication with the media is giving Izz ad-Din al-Qassam the response it seeks, and thus pursuing this route makes better sense than launching more attacks. Or maybe the hacktivists fear U.S. banks have enhanced defenses to a level of DDoS immunity. It's difficult to say.
The hacktivist interviewed by ABC noted Napolitano's comments, but offered no indication about how those comments might influence the group's next move. Perhaps negotiations about the video or some other issues are taking place behind the scenes, which neither the U.S. government nor the attackers are revealing. Or perhaps the stalling and media interviews are just a ploy for American-consumer sympathy.
But I don't take either scenario as a sign the attacks are over. To keep momentum and interest going, Izz ad-Din al-Qassam will have to strike again.
And while questions about the group's motivation continue to circulate, banking institutions have to assume the worst - that the potential for fraud is always looming in the background of these attacks. That's why banks must remain vigilant.