FBI Briefs Bank Executives On DDoS Attack Campaign

  /     /     /  
Publicated : 22/11/2024   Category : security


FBI Briefs Bank Executives On DDoS Attack Campaign


FBI expedited security clearances so it could share classified info on Operation Ababil, a distributed denial of service attack that continues to disrupt U.S. financial websites.



Anonymous: 10 Things We Have Learned In 2013 (click image for larger view and for slideshow)
The FBI recently granted one-day clearances to security officers and executives at numerous banks so it could share classified intelligence on the Operation Ababil campaign thats been disrupting U.S. financial websites for almost a year.
The videoconference briefings detailed who was behind the keyboards of the attacks, FBI executive assistant director Richard McFeely told the Reuters Cybersecurity Summit Monday,
reported
Reuters. McFeely is in charge of the bureaus criminal and cyber investigations.
The Operation Ababil distributed-denial-of-service (DDoS) attacks, which typically target a handful of the countrys top banks every week, have disrupted the websites of such financial institutions as Bank of America, BB&T, JPMorgan Chase, Capital One, HSBC, New York Stock Exchange, Regions Financial, SunTrust, U.S. Bank and Wells Fargo. The attacks have resulted in customers sometimes being unable to access online or mobile banking services.
[ Whats happening when bank sites go down? Read
Bank Hacks: 7 Misunderstood Facts
. ]
Banks targeted as part of Operation Ababil have been frustrated by the lack of arrests or apparent progress in the case, McFeely said. But he said that some indictments -- currently under seal -- have been issued for suspects arrest. Suggesting that the suspects are operating in countries that have no extradition treaty with the United States, he said that the hackers might be caught when they travel to other countries. The first time we bring someone in from out of the country in handcuffs, thats going to be a big deal, he said.
McFeely said the bureau has been attempting to keep cybercrime victims up-to-date in the past, admitting that the FBI was terrible about doing so in the past. Thats 180 degrees from where we are now, he said.
The self-proclaimed Muslim hacktivist group Izz ad-Din al-Qassam Cyber Fighters has claimed credit for the banking website disruptions, which it said are retaliation for the posting to YouTube in July 2012 of a film that mocks the founder of Islam. U.S. government officials, however, have accused the group of
being a front for Iran
. Members of the group have responded by saying theyre apolitical and hail from multiple countries.
Despite the bank attacks having been previewed in advance and now more often than not simply occurring every week, banks -- after spending millions of dollars on
countermeasures
-- have been unable to fully block the DDoS campaign. In part, thats because attackers have managed to
exploit thousands of PHP websites
that include known vulnerabilities and install attack toolkits, which they remotely control to queue up attacks against designated banks.
The sheer scale of the DDoS attacks and the number of compromised websites is astounding. The Department of Homeland Security and FBI have reportedly been liaising with cybersecurity officials in 129 other countries and shared details of a total of 130,000 IP addresses that have been used in the attacks.
The bureaus classified bank executive briefing comes in the wake of President Obamas
Improving Critical Infrastructure Cybersecurity executive order
, issued in February, which instructed the Department of Homeland Security to expedite the processing of security clearances to appropriate personnel employed by critical infrastructure owners and operators. Critical infrastructure, the vast majority of which is privately owned, refers to the energy, oil, water, telecom, finance and transportation industries.
Some members of Congress have been calling for new laws to
indemnify businesses that share cyber-attack information
with law enforcement agencies. But the FBIs outreach effort suggests that public-private information sharing is already occurring.
McFeely did, however, report that the bureau has faced difficulty gathering information about online attacks from victims, for example from defense contractors wary of speaking to the FBI. Interestingly, recent news reports suggest that online attacks against defense contractors -- attributed to China -- have been
much more successful than previously disclosed
in public, and resulted in the compromise of data relating to the latest drone and robot technologies, and might have undermined the combat reliability of the Lockheed Martin F-22 Raptor.

Last News

▸ Travel agency fined £150,000 for breaking Data Protection Act. ◂
Discovered: 23/12/2024
Category: security

▸ 7 arrested, 3 more charged in StubHub cyber fraud ring. ◂
Discovered: 23/12/2024
Category: security

▸ Nigerian scammers now turning into mediocre malware pushers. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
FBI Briefs Bank Executives On DDoS Attack Campaign