DDoS: Is Phase 3 Over?
Hacktivists Take Break in Bank AttacksThe hacktivist group that's been waging distributed-denial-of-service attacks against leading U.S. banks since mid-September has taken a two-week hiatus. Now experts say it's unclear when or if the attacks will resume.
See Also: Protecting Financial Institutions from DDoS Attacks
On May 6, Izz ad-Din al-Qassam Cyber Fighters - the hacktivist group behind the DDoS attacks against U.S. banking institutions - announced on the open forum Pastebin that its attacks would cease for the week. The pause, the group said, was out of respect for OperationUSA, a separate hacktivist movement organized by Anonymous.
Izz ad-Din al-Qassam Cyber Fighters did not join the OpUSA effort, a move that severely crippled the attack's impact, experts say (see OpUSA: A Lackluster DDoS Operation).
But many security experts expected the hacktivist attacks against banks would resume on May 14. Now it's unclear what will happen next, says Dan Holden of DDoS-mitigation provider Arbor Networks.
"They weren't involved in OpUSA, and the moment they said they weren't going to be involved, then we didn't think it was going to be a real threat," Holden says. "The moment they pulled out, they were on a break. I think it's a typical break like we've seen in the past. This time, they just had a reason to do it."
While Holden says there's been no attack activity connected to Brobot, the botnet used by Izz ad-Din al-Qassam Cyber Fighters in its attacks waged since September, he says appears hacktivists have continued to update the botnet's tools. "I don't think this is end," he says. "It may not be next week, but I would be surprised if we did not see attacks resume the week after that."
Other security experts, including Mike Smith of online-security firm Akamai Technologies and Rodney Jofee of DDoS-mitigation and online security provider Neustar Inc., also say the attacks against U.S. banks have ceased. And like Holden, they're not sure why.
Attack History
Last month, the Federal Bureau of Investigation noted that as of April 10, 46 U.S. banking institutions had been targeted by more than 200 separate DDoS attacks of "various degrees of impact" since Izz ad-Din al-Qassam Cyber Fighters announced its first phase of attacks in September 2012 (see FBI: DDoS Botnet Has Been Modified ).
This marks the first break Izz ad-Din al-Qassam Cyber Fighters has taken during its third phase of attacks, which kicked off in March. The campaign ran eight weeks, the longest-running so far of the three campaigns the hacktivists have waged.
The first campaign, which began Sept. 18, lasted six weeks. The second campaign, which kicked of Dec. 10, lasted seven.