DDoS Strikes American Express

Hacktivist Group Takes Credit for Attack
DDoS Strikes American Express

American Express confirms it was hit by a distributed-denial-of-service attack that disrupted online-account access for about two hours during the late afternoon on March 28.

See Also: Effective Cyber Threat Hunting Requires an Actor and Incident Centric Approach

AmEx spokeswoman Amelia Woltering says the card brand is still investigating the attack. She did not confirm whether the strike was linked to Izz ad-Din al-Qassam Cyber Fighters, the hacktivist group that's been targeting U.S. banking institutions since mid-September.

But that group claims credit for this attack, as well as an unconfirmed attack against Bank of America, according to updates posted to a blog and on Twitter March 28.

"The Bank of America and American Express have gotten out of reach today due to Izz ad-Din al-Qassam group's attacks," the blog posting says. "The Qassam group's attacks to these banks have caused the banks to be unable to offer service to their customers and this [will] lead to their protests."

The attack began about 3 p.m. ET on March 28, Woltering says, and caused intermittent disruptions. She says there is no evidence to suggest that customer data or account information was exposed or compromised during the attack.

"Our site experienced a distributed-denial-of-service (DDoS) attack for about two hours on Thursday afternoon," AmEx says in a statement. "We experienced intermittent slowing on our website that would have disrupted customers' ability to access their account information. We had a plan in place to defend against a potential attack and have taken steps to minimize ongoing customer impact."

Big Week for DDoS

The attack comes just days after news of the Spamhaus DDoS attack, which caused a ripple effect that adversely affected online activity.

That attack saw unprecedented traffic of 300 gigabytes per second, three to five times greater than the biggest attacks against U.S. banks, says Dan Holden, an online security expert for DDoS-mitigation provider Arbor Networks.

Still, the European attack - a strike against The Spamhaus Project, a Geneva-based not-for-profit organization dedicated to fighting Internet spam operations - is not believed to be related to the attacks on U.S. banks.

"The DNS reflection attacks [like the one used against Spamhaus] can consume a great deal of bandwidth, but they are different than what we've seen against the banks," Holden says. "These guys would not be able to do the sophisticated, targeted attacks that are being launched against U.S. banks."

The attacks against U.S. banks, experts say, are much more complex and sophisticated, and their intensity has escalated in the last week.

Earlier this week, TD Bank and Keybank confirmed their online banking sites had been hit by DDoS attacks, and industry experts say hacktivists' attacks waged during this so-called third campaign are becoming increasingly sophisticated.

Izz ad-Din al-Qassam Cyber Fighters, the hacktivist group taking credit for attacks against U.S. banking institutions, in an update posted to the online forum Pastebin on March 26, says it most recently targeted BB&T, PNC Financial Services Group, JPMorgan Chase & Co., Citibank, U.S. Bancorp, SunTrust Banks, Fifth Third Bancorp, Wells Fargo & Co., and others. Since Feb. 25, when the group launched its third phase of DDoS attacks, weekly updates have appeared on Pastebin on Mondays and Tuesdays about previous-week targets.

The hacktivist group says its attacks are in protest of a YouTube movie trailer deemed offensive to Muslims.


About the Author

Tracy Kitten

Tracy Kitten

Director of Global Events Content and Executive Editor, BankInfoSecurity & CUInfoSecurity

A veteran journalist with more than 20 years' experience, Kitten has covered the financial sector for the last 13 years. Before joining Information Security Media Group in 2010, where she now serves as director of global events content and executive editor of BankInfoSecurity and CUInfoSecurity, she covered the financial self-service industry as the senior editor of ATMmarketplace, part of Networld Media. Kitten has been a regular speaker at domestic and international conferences, and was the keynote at ATMIA's U.S. and Canadian conferences in 2009. She has been quoted by CNN.com, ABC News, Bankrate.com and MSN Money.




Around the Network