DDoS: Hacktivists Again Target 5 Banks

Wells Fargo Struck by Latest Campaign

Hacktivists announced Dec. 18 that they planned yet another round of distributed-denial-of-service attacks against five U.S. banks. And while the alleged perpetrators did not name the latest targets, Wells Fargo confirmed its online banking site experienced outages throughout the day.

See Also: Live Webinar | App Defined, Autonomous and Delivered from the Cloud

The hacktivist group Izz ad-Din al-Qassam Cyber Fighters Group posted a Dec. 18 update on Pastebin, saying targeted banks could expect the same distributed-denial-of-service magnitude that institutions experienced last week.

"The five major U.S. banks will be attacked, and we subsequently suggest that from now on they prepare their context of sorrowfulness to the customers of banks because of inaccessibility," the post stated.

The group did not list any specific banks in its latest warning. Previously, on Dec. 11, it named five targets: Bank of America, JPMorgan Chase, PNC Financial Services, U.S. Bancorp and SunTrust Banks.

"We are aware of the threat, and we have taken precautions to protect customer information and facilitate customer access to our online systems," PNC spokesman Frederick Solomon said Dec. 18. PNC did not, however, confirm any reports of site issues or outages.

But Wells Fargo spokeswoman Sara Hawkins said online banking has been impacted by a suspected attack. "We're seeing an unusually high volume of traffic, which is creating slow or intermittent access to our website for some online customers," she said Dec. 18. "The vast majority of customers are not impacted, but for those who are, we encourage them to access their accounts through our stores, ATMs or by phone as we work to resolve the issue."

Again, the hacktivist group claims it will continue its attacks on U.S. banks until a YouTube movie trailer, deemed to be offensive to Muslims, is removed.

Phase 2 Attacks: So Far

On Dec. 11, hacktivists initiated Phase 2 of their DDoS campaign against U.S. banks. More than a month had passed since the first wave attacks, which targeted 10 leading U.S. banks, including the five named in the second campaign (see 5 Banks Targeted for New DDoS Attacks).

All five of those institutions suffered outages during the first week of Phase 2, according to posts and site-activity updates reported by sitedown.co and websitedown.com. But only PNC and U.S. Bank publicly acknowledged outages linked to DDoS that first week.

What Attacks Reveal

In response to the announcement of Phase 2 on Dec. 11, the Financial Services Information Sharing and Analysis Center issued an advisory, outlining precautions institutions should take as they prepare for more attacks.

The FS-ISCAC noted that hacktivists' warning that the second phase will be more severe should be heeded.

Arbor Security's Security Engineering and Response Team, which has analyzed web traffic in the second phase of attacks, said volumes are similar to what was pushed during the first campaign, which ran from mid-September to mid-October. In a Dec. 13 blog post, Arbor Security researchers Dan Holden and Curt Wilson said some of last week's attacks were as large as 60 gigabytes per second.

They also noted that the Phase 2 attacks have included newly crafted DNS packets not seen in the first wave, which relied on the compromise of traditional open-source applications used to produce dynamic web pages.

"Unmaintained sites running out-of-date extensions are easy targets," Holden and Wilson wrote.

These observations suggest more analysis of the attacks is needed, experts agree. Nuances have been identified, and researchers, as well as affected financial institutions, need to share information.