As promised, the Izz ad-Din al-Qassam Cyber Fighters targeted Regions Financial on Thursday, making it the third major bank in the U.S. to be hit this week alone. Like all of the others over the past six weeks, the target was a denial of service attack – and it was successful.
The bank, which is based out of Alabama, posted a notice that it had been experiencing service disruptions that began early in the day and affected customers’ ability to access the website to varying degrees. Those customers were unable to access their online banking services, their loans and credit card account pages. The bank, like all the others, said it was working to resolve the problems as soon as possible.
Last month, the group successfully brought down several of the other larger banks in the U.S. including Bank of America and JPMorgan Chase. Earlier this week, Capital One found itself on the receiving end of these denial of service attacks and last week, it was Wells Fargo.
So how has this group managed to breach the nation’s most advanced computer networks while exposing vulnerabilities of their infrastructures? In fact, the only thing law enforcement and security officials know for sure is that it’s a group working outside the U.S. The Cyber Fighters have taken responsibility, but no one in side the U.S. can even confirm that much. Yet, it’s been able to overwhelm bank websites with massive amounts of traffic, which renders them useless to consumers trying to check their balances and pay their bills.
Even the National Security Agency agrees that,
such a sustained network attack ranks among the worst-case scenarios envisioned.
Worse, no one knows for sure whether there’s any long term damage since the bots can’t be traced. While banks are confident their customers’ information hasn’t been compromised, they don’t know for sure either.
Last week, Rodney Joffe, who’s been the universal spokesperson for the collective attack as well as the vice president at Sterling Security Firm, said,
The nature of this attack is sophisticated enough or large enough that even the largest of the financial institutions would find it difficult to defend against.
The fact that the attacks have managed to isolate commercial servers with considerably more power is especially disconcerting.
The Obama Administration met towards the end of September, though we’ve not been able to confirm when those meetings were held and whether there have been any more in the White House. The meetings took place behind closed doors. We do know, however, that a draft executive order that includes the creation of a program that would shield these computer networks from these and other types of attacks has been circulating. Again, we’re not sure how far along that draft truly is. Meanwhile, the Senate failed to push another piece of legislation forward that would essentially advance a more comprehensive bill.
Other banks, along with the aforementioned, include PNC Financial Services Group and U.S. Bancorp. The New York Stock Exchange was also hacked.
There continues to be postings by the Financial Services Information Sharing and Analysis Center about ongoing “credible intelligence” regarding these cyber attacks.
All of the banks are working with the federal government and all banks continue to insist customer data and monies are not being compromised.
Izz ad-Din al-Quassam Cyber Fighters has been claiming responsibility for the assaults via several statements posted to the website pastebin.com. The notices also continue to insist the attacks are a direct result to a video uploaded to YouTube. In it, images depicting the Prophet Muhammad in ways that offended some Muslims are seen in various places in the video. What’s most interesting is these plans were in place long before the video went public. Law enforcement officials say its not likely the video had anything to do with the initial attacks.
The ground work was done to infect systems and produce an infrastructure capable of launching an attack when it was needed,
Joffe said. To date, he group has compromised at least 3,000 Web servers – forming their own “botnet” that floods the sites with requests, according to Rodney Joffe, senior vice president and senior technologist at Neustar (NSR), who has been monitoring the attacks.
The exploitation of Web servers as opposed to personal computers that are traditionally used has put the group at a relatively higher vantage point on the Internet, providing the attackers more horsepower with fewer resources. The group has also been rapidly making tweaks to its strategy bypass companies’ defenses, according to security researchers.
So what’s next for the group? No one knows for certain; however, if history holds true, whatever that move is, they’ll likely be able to pull it off. There are varying degrees of confidence that the fraudsters can even be found and if so, what it will take to have the members extradited if they are indeed out of the country.