Phase 3 of the Op Ababil DDoS attacks on US banks commences

The al-Qassam notice was posted to Pastebin. It is assumed that it is genuine, but there is no actual proof. The notice repeats the explanation for the attacks: “Operation Ababil is performed because of widespread and organized offends to Islamic spirituals and holy issues.” It adds, “if the offended film is eliminated from the Internet, the related attacks will also be stopped.” The film in question is the Innocence of Muslims available on YouTube.

During ‘phase 2’ of the operation, “a main copy of the insulting film was removed from YouTube and that caused the phase 2 to be suspended.” But now, a month later, “it is seen that other copies of the film yet exist in YouTube so we announce the Phase 3 of Operation Ababil will start this week.”

As before, “a number of american banks will be hit by denial of service attacks three days a week, on Tuesday, Wednesday and Thursday during working hours.”

An appended invoice details the ‘price’ the US (in the form of its banks) must pay for the offense. The price is based on the views, likes and dislikes attached to the video. It is being ‘paid’ by bank downtime caused by the DDoS attacks, estimated by the hackers to be $30,000 per minute during an average DDoS ‘success’ rate of 7 hours per day. In theory, this could be open-ended.

Yesterday, Marcey Zwiebel, VP and senior manager of external communications for PNC told Kaspersky Lab’s ThreatPost, “Earlier today, customers using certain Internet service providers were experiencing difficulties reaching PNC's sites.” Despite earlier experiences, and knowledge that it would happen again, banks are struggling to mitigate the size of these attacks – up to 70 Gbps.

Barry Shteiman at Imperva suggests that the industry must defend at the source rather than just the effect – in other words prevent infection by itsoknoproblembro (and other DoS tools) used by the hackers. “This tool,” he says, “is distributed mostly via a Remote File Inclusion (RFI) attack, creating a drive-by download vector for users that hit the infected web pages, and then become zombies.” It is “the starting point that allows hackers to build the bot-net that eventually generates the DDoS attack.” Prevent the infection and that will – in theory – prevent the DDoS.

What’s hot on Infosecurity Magazine?