Share

Related Links

Related Stories

Top 5 Stories

News

Phase 3 of the Op Ababil DDoS attacks on US banks commences

07 March 2013

al-Qassam Cyber Fighters announced the resumption on Tuesday. By Wednesday, customers of PNC Bank, Wells Fargo, Citibank, Bank of America and a number of other major banks were reporting difficulties to the sitedown.co website.

The al-Qassam notice was posted to Pastebin. It is assumed that it is genuine, but there is no actual proof. The notice repeats the explanation for the attacks: “Operation Ababil is performed because of widespread and organized offends to Islamic spirituals and holy issues.” It adds, “if the offended film is eliminated from the Internet, the related attacks will also be stopped.” The film in question is the Innocence of Muslims available on YouTube.

During ‘phase 2’ of the operation, “a main copy of the insulting film was removed from YouTube and that caused the phase 2 to be suspended.” But now, a month later, “it is seen that other copies of the film yet exist in YouTube so we announce the Phase 3 of Operation Ababil will start this week.”

As before, “a number of american banks will be hit by denial of service attacks three days a week, on Tuesday, Wednesday and Thursday during working hours.”

An appended invoice details the ‘price’ the US (in the form of its banks) must pay for the offense. The price is based on the views, likes and dislikes attached to the video. It is being ‘paid’ by bank downtime caused by the DDoS attacks, estimated by the hackers to be $30,000 per minute during an average DDoS ‘success’ rate of 7 hours per day. In theory, this could be open-ended.

Yesterday, Marcey Zwiebel, VP and senior manager of external communications for PNC told Kaspersky Lab’s ThreatPost, “Earlier today, customers using certain Internet service providers were experiencing difficulties reaching PNC's sites.” Despite earlier experiences, and knowledge that it would happen again, banks are struggling to mitigate the size of these attacks – up to 70 Gbps.

Barry Shteiman at Imperva suggests that the industry must defend at the source rather than just the effect – in other words prevent infection by itsoknoproblembro (and other DoS tools) used by the hackers. “This tool,” he says, “is distributed mostly via a Remote File Inclusion (RFI) attack, creating a drive-by download vector for users that hit the infected web pages, and then become zombies.” It is “the starting point that allows hackers to build the bot-net that eventually generates the DDoS attack.” Prevent the infection and that will – in theory – prevent the DDoS.

This article is featured in:
Internet and Network Security  •  Malware and Hardware Security

 

Comment on this article

You must be registered and logged in to leave a comment about this article.

We use cookies to operate this website and to improve its usability. Full details of what cookies are, why we use them and how you can manage them can be found by reading our Privacy & Cookies page. Please note that by using this site you are consenting to the use of cookies. ×