The websites of major U.S. banks are facing a new round of cyber attacks linked to the same group responsible for similar assaults earlier this year.
The latest attacks started last week and have hit Bank of America Corp., SunTrust Banks Inc. (STI), JPMorgan Chase & Co. (JPM), U.S. Bancorp, Wells Fargo & Co. (WFC) and PNC Financial Services Group Inc. (PNC), according to two executives at companies providing security to some of the targeted banks, who asked for anonymity because they weren’t authorized to discuss clients and didn’t want their companies to become targets of computer assaults. PNC was under attack today, the executives said.
A group calling itself Izz ad-Din al-Qassam Cyber Fighters announced plans to attack banks in a Dec. 10 statement posted on the website pastebin.com. The same group claimed responsibility for a series of distributed denial-of-service (DDoS) attacks in September and October that flooded bank websites with Internet traffic and caused disruptions and slowdowns for online customers.
“The purpose of it is to try to disrupt or stop online banking access,” said Bill Nelson, president of the Financial Services Information Sharing and Analysis Center, which disseminates cyber threat information to the financial services industry. “There are some outages occasionally, but it hasn’t prevented customers from transacting business.”
The Izz ad-Din group has said in Internet postings that the cyber attacks are in response to a video uploaded to Google Inc. (GOOG)’s YouTube ridiculing the Prophet Muhammad and offending some Muslims.
The current attacks, which began last week, involve the same tactics used in the earlier assault, harnessing commercial servers to pump traffic at bank websites and attacking applications including security devices such as firewalls or intrusion-detection systems, said Carl Herberger, a vice president at Radware Ltd. (RDWR), a Tel Aviv-based network security provider that is working with some of the banks.
While the attackers targeted one bank per day in the previous campaign, they are hitting multiple banks in a single day this time, Herberger said.
PNC, in a statement posted on its website, said it’s aware of the potential cyber threat, which could “make it difficult for our customers to log onto online banking.”
“Please be assured that PNC’s website is protected by sophisticated encryption strategies that shield customer information and accounts,” the statement reads. “We have no information regarding timing, duration or intensity of this potential threat.”
Wells Fargo said its website was experiencing an unusually high volume of traffic, creating slow or intermittent access for some customers.
“The vast majority of customers are not impacted, but for those who are, we encourage them to access their accounts through our stores, ATMs or by phone as we work to resolve the issue,” according to a statement e-mailed yesterday by Bridget Braxton, a Wells Fargo spokeswoman.
Mark T. Pipitone, a Bank of America spokesman, declined to comment, as did Tom Kelly, a spokesman for JPMorgan.
The attackers are changing their “signatures,” or techniques, every 7 to 10 minutes, requiring constant monitoring, said Scott Hammack, chief executive officer of Prolexic Technologies, a Hollywood, Florida-based company that provides protection from DDoS attacks.
Denial-of-service attacks have long been a favored tactic of hacker-activists, and software kits to mount such assaults are available for purchase on the black market, Meaghan Molloy, a senior threat analyst at Mandiant Corp., an Alexandria, Virginia-based information-security firm, said in an e-mail.
While the Izz ad-Din al-Qassam Cyber Fighters group said the attacks are in retaliation for the YouTube video, “it’s worth noting” that the Federal Bureau of Investigation last year warned that DDoS attacks were being used to deflect attention from fraudulent wire transfers from compromised bank accounts, Molloy said.
Banks targeted in the current attacks are working with Internet-service providers and the U.S. government to share information on the tactics and techniques of the attackers, said Nelson, of the Financial Services Information Sharing and Analysis Center.