Published July 31, 2013
Major U.S. banks have been grappling with a cyber threat in recent days from a familiar foe, but there are signs the financial institutions may emerge relatively unscathed this time.
A group known as the Izz ad-Din al-Qassam Cyber Fighters, which successfully blocked or slowed access to the websites of major banks over the past year, posted a new message last week promising to launch a fourth wave of distributed denial of service (DDoS) attacks against websites.
A person familiar with the matter told FOX Business that Citigroup (C) is “aware of the threat,” but hasn’t experienced any issues or interruptions.
Dubbed Operation Ababil, al-Qassam Cyber Fighters said the cyber offensive continues to be in retaliation for a YouTube video posted last summer depicting the Prophet Mohammed.
“Well, misters! The break’s over and it’s now time to pay off,” the group posted in a Pastebin message on July 23. “While the films exist, no one should expect this operation to be fully stopped.”
The latest message doesn’t name any specific banks, but in the past the group has said it would target the websites of large U.S. banks, including Bank of America (BAC), J.P. Morgan Chase (JPM), Citi, PNC Financial (PNC), Capital One Financial (COF) and Wells Fargo (WFC).
A Wells Fargo spokesperson said the San Francisco-based bank “hasn’t experienced any denial of service activity to its web or mobile channels.”
PNC said its systems are "operating normally."
Representatives from BofA and J.P. Morgan didn’t respond to a request for comment.
Ron Meyran, director of security solutions at Radware (RDWR), said the hackers have “kept their promise” to launch attacks, but so far “we see much less impact” than in the past.
While the first two waves of Operation Ababil appeared to successfully knock down the websites of some banks, causing embarrassment and potentially lost revenue, Meyran said the third wave earlier this year ran into serious resistance.
“I think we can see the security managers of the banking industry started to form a coalition. They started to share information,” he said. “Only in the past two waves can we see they managed to restore the equilibrium between the attackers and defenders and fight back.”
Interestingly, the Al-Qassam Cyber Fighters spelled out a formula designed to get financial retribution for the YouTube video. The formula says lenders must pay $100 for each view or “like” of the video and pegs the cost of each minute of website downtime at $30,000.
That figure is in line with a recent Radware report that estimated DDoS attacks cost financial-services companies an average of $32,560 per minute of downtime.
But the Cyber Fighters appear to be well short of that goal as Meyran said the operation appears to be in the middle or close to the end of its attack phase.
Somewhat ominously, the Cyber Fighters promised the latest phase “will be a bit different” and that “you’ll feel this in the coming days.”
Meyran said he believes this could be a hint that the group wants to attempt to change the domain name of bank homepages, misdirecting customers to an unwanted location such as a pornographic site. But he said this has a “much lower likelihood” of success.
Radware said another potential threat is that the Cyber Fighters are using the DDoS attacks as a diversion to allow hackers to penetrate bank servers and confidential information behind them.
“But I think these types of attacks are mainly intended to affect the availability of service rather than the confidentiality of the information,” Meyran said.