PNC Bank Hit By Crowdsourced Hacktivist Attacks

Financial services website disrupted by DDoS attacks launched to protest anti-Muslim film, following similar attacks against Wells Fargo, U.S. Bank, and Bank of America.

After attacking the websites of Wells Fargo and U.S. Bank earlier this week, Muslim hacktivists Thursday also claimed credit for disrupting the PNC Financial Services Group website.
The attacks were carried out under the banner of Operation Ababil, which last week disrupted the websites of Bank of America and JPMorgan Chase. This weeks banking attacks--against Wells Fargo Tuesday, U.S. Bank Wednesday, and PNC Bank Thursday--had been
previewed in a Pastebin post
uploaded by a hacktivist group calling itself Cyber fighters of Izz ad-din Al qassam.
Likewise, a Thursday
post to the Hilf-Ol-Fozoul
blog--which has promoted Operation Ababil and shared links to
distributed denial-of-service (DDoS) tools
--credited the Cyber fighters of Izz ad-din Al qassam with having organized the recent banking website attacks.
[ Could an international agreement stop international cyber warfare?
The Case For A Cyber Arms Treaty
. ]
PNC didnt immediately respond to an emailed request for comment about the attacks. But PNC spokesman Fred Solomon
told Threatpost
Thursday that traffic to our sites is heavy today and its of a similar pattern to that seen by other banks of late.
The Cyber fighters of Izz ad-din Al qassam have said that the attacks against U.S. financial services websites are being launched in retaliation for the release of the
Innocence of Muslims
film that mocks the founder of Islam. A 14-minute clip of the film, uploaded to YouTube by its director, a man going by the name Sam Bacile, helped trigger numerous riots across the Middle East.
But former U.S. government officials, speaking anonymously, have accused the Iranian government of being behind the attacks against financial institutions, which they said began about a year ago. The Iranian government, however, has
denied any involvement
.
Meanwhile, Dmitri Alperovich, CTO of security firm CrowdStrike, doesnt think the attacks are just about protesting online, not least because the name of the group involved is the same as the military branch of Hamas. I dont buy that their motivation is in response to the video; this group has been carrying out attacks for months, he told Threatpost. Their motivation is to send a message that this is what theyre capable of.
Regardless of whoevers organizing the financial website DDoS attacks, the campaign appears to be crowdsourced and receiving grassroots-level support, according to Atif Mushtaq, a security researcher at FireEye. When I heard about this DDoS, the first things I wanted to find was the nature of the DDoS attack, said Mushtaq via email. Like, is it being done using some botnet, or is it a community based action? If it is being done using some botnet, then who is operating this botnet--is it a simple pay for DDOS scenario where attacker(s) rent a botnet to attack someone, or [have] attackers built their own botnet?
According to Mushtaq, its most likely a community-based action, not a botnet, based in part on a
September 18 post
on the blog titled Come and support Prophet Muhammed on the Internet, which urged to people to download attack tools--via included file-sharing websites--and use them to attack the Bank of America and New York Stock Exchange websites, in support of the Cyber fighters of Izz ad-din Al qassam. They are asking people to download a RAR file containing an HTML file, and run it from their desktop, said Mushtaq. From this point onwards DDoS will be handled by these scripts alone.
If protesting online is the goal of the attacks, what might convince the hacktivists involved to wrap up their campaign? A post to the Hilf-Ol-Fozoul blog called on U.S. authorities to punish the cast and crew, the publisher included, of
Innocence of Muslims
film, at which time it said this story will end.
The U.S. government has already been moving to distance itself from the film. Earlier this week, in an
address to the United Nations General Assembly
, President Barack Obama criticized the video as being crude and disgusting and reiterated that the U.S. government had no hand in creating it. It is an insult not only to Muslims, but to America as well, he said, but noted that the film was likewise protected by U.S. law. I know there are some who ask why dont we just ban such a video. The answer is enshrined in our laws. Our Constitution protects the right to practice free speech.
Thursday, however, the alleged filmmaker behind the
Innocence of the Muslims
was
arrested in Los Angeles
. Authorities have accused the man, Nakoula Basseley Nakoula, of violating the terms of his 2010 conviction for banking fraud. According to news reports, during his case law enforcement officials alleged that Nakoula had opened credit card and bank accounts using other peoples names, written checks in other peoples names, and then attempted to deposit those checks and withdraw the money.
After pleading guilty to a bank fraud charge, Nakoula served 21 months in prison, and was released in June 2011. But as part of his probation, hes barred from using a computer unless under supervision. Authorities said they suspect that Nakoula--a Christian whos originally from Egypt--said he was Sam Bacile when speaking with news media about the film.

Last News
▸ ArcSight prepares for future at user conference post HP acquisition. ◂ Discovered: 07/01/2025 Category: security	▸ Samsung Epic 4G: First To Use Media Hub ◂ Discovered: 07/01/2025 Category: security	▸ Many third-party software fails security tests ◂ Discovered: 07/01/2025 Category: security

**Cyber Security Categories**
Google Dorks Database	Exploits Vulnerability	Exploit Shellcodes

CVE List

Tools/Apps

News/Aarticles

Phishing Database

Deepfake Detection

Trends/Statistics & Live Infos

Tags:
PNC Bank Hit By Crowdsourced Hacktivist Attacks