Bank Site Attacks Trigger Ongoing Outages, Customer Anger

Whos really behind the recent bank DDoS attacks? They are more diverse and powerful than previously seen hacktivist campaigns, security experts say.

Over the past two weeks, the websites of multiple financial institutions--including Bank of America, JPMorgan Chase, PNC, U.S. Bank, and Wells Fargo--have been targeted by attackers, leading to their websites being disrupted. Furthermore, some banks appear to still be suffering related outages.
Thats led more than 1,000 customers of those institutions to file related complaints with
Site Down
, a website that tracks outages. Customers have reported being unable to their access checking, savings, and mortgage accounts, as well as bill-paying and other services, via the affected banks websites and mobile applications.
Many of the banks customers have also criticized their financial institutions for not clearly detailing what was happening, or what the banks were doing about it. It was probably the least impressive corporate presentation of bad news Ive ever seen, Paul Downs, a small-business owner in Bridgeport, Pa.,
told
The New York Times
, where hes also a small-business blogger.
A hacktivist group calling itself the
Cyber fighters of Izz ad-din Al qassam
has taken credit for the attacks, which its dubbed Operation Ababil, meaning swarm in Arabic. It said the attacks are
meant to disrupt U.S. banking operations
in retaliation for the release of the
Innocence of Muslims
film that mocks the founder of Islam.
[ Learn how Iran is reacting to that controversial movie, released on YouTube. See
Iran Removes Gmail Block
. ]
Some of the attacked banks websites still appear to be experiencing outages, but Dan Holden, director of security for the Arbor Security Engineering and Response Team, said hes seen no signs that any active attacks are currently underway. Obviously, were only one day into the week, but we didnt see anything yesterday, and while [the Cyber fighters of Izz ad-din Al qassam] said in the previous post that theyd be working over the weekend, there havent been any new posts stating that theyd be doing new attacks, he said.
Tuesday, however, multiple Wells Fargo customers were still reporting that they were having trouble accessing the banks website, or getting it to respond after theyd logged in. Day 8, still cant get in with Safari or Firefox ... getting old. I have a business to run here, said an anonymous poster to Site Down. This is getting old, said another.
Asked to comment on
reports
that the banks website was continuing to experience outages, a spokeswoman for Wells Fargo repeated a statement released last week, saying via email that customers can access their accounts through the online and mobile channels.
Multiple Bank of America customers Tuesday also
reported problems
with the banks website, with some people saying theyd been experiencing disruptions for 10 days or more. I agree ... with all the other comments about this problem of being unable to go on line. What in the world is going on--get it fixed! said an anonymous user Sunday on the Site Down website. But Bank of America spokesman Mark T. Pipitone said via email that the banks website has been working normally since last Tuesday, and suggested that the scale of any reported website problems was within normal parameters. We service 30 million online banking customers, he said. Our online banking services have been, and continue to be, fully functional.
Given attackers advance warning that they planned to take down the banking websites--which suggested that theyd
launch distributed denial-of-service (DDoS) attacks
, why didnt banks simply block the attacks? As one PNC customer said in an online forum, Come on PNC! Never heard of content delivery networks to make these attacks more difficult?? ... Please invest in a more capable network security team and take care of your customers!
But Arbors Holden, speaking by phone, said that the attackers had used
multiple DDoS tools
and attack types--including TCP/IP flood, UDP flood, as well as HTTP and HTTPS application attacks--together with servers sporting massive bandwidth capacity. So while the attacks werent sophisticated, they succeeded by blending variety and scale.
Given the massive bandwidth used in the attacks, were they really launched by hacktivists, which is what the attackers have claimed they are? Former U.S. government officials, speaking anonymously to various media outlets, have instead directly accused Iran of launching the attacks. Regardless of whether Iran is involved, Holden said that the bank attacks dont resemble previously seen hacktivist attacks, which typically involved botnets of endpoint-infected PCs, or people who opted in to the attack, for example by using the
Low Orbit Ion Canon
JavaScript DDoS tool from Anonymous.
With Anonymous ... youd see those people coming together and launching an attack with a given tool, Holden said. With this, yes, youre seeing multiple types of attacks, multiple tools, and while blended attacks are common, theyre not so common with classic hacktivism, or hacktivism that weve witnessed in the past.
In other words, we dont know whether its hacktivism or whether its not, said Holden. Theres nothing really backing up the advertisement that this was a bunch of angry people. If it is, its people who have gone out with a particular skill set, or hired someone with a particular skill set, to launch these particular attacks. But whoevers involved in these attacks has quite a lot of knowledge related to the art of launching effective DDoS website takedowns, and has access to high-bandwidth servers, which theyve either compromised, rented, or been granted access to.
Interestingly, the attackers do appear to have taken a page from the Anonymous attack playbook. We dont have all the information about which specific techniques have been used against the U.S. banks so far, but the Izz ad-Din al-Qassam Cyber Fighters scripts are based on the JS LOIC scripts used by Anonymous as well, said Jaime Blasco, AlienVaults lab manager, via email.
But like Holden, Blasco said that the bank website attackers had used much more than just JavaScript. The number of queries/traffic you need to generate to affect the infrastructure of those targets is very high, he said. To affect those targets, you need thousands of machines generating traffic, and ... other types of DDoS.

Last News
▸ ArcSight prepares for future at user conference post HP acquisition. ◂ Discovered: 07/01/2025 Category: security	▸ Samsung Epic 4G: First To Use Media Hub ◂ Discovered: 07/01/2025 Category: security	▸ Many third-party software fails security tests ◂ Discovered: 07/01/2025 Category: security

**Cyber Security Categories**
Google Dorks Database	Exploits Vulnerability	Exploit Shellcodes

CVE List

Tools/Apps

News/Aarticles

Phishing Database

Deepfake Detection

Trends/Statistics & Live Infos

Tags:
Bank Site Attacks Trigger Ongoing Outages, Customer Anger