Have we decided what 2013 will be the year of yet? According to a new threat issued by the extremist group Izz ad-Din al-Qassam Cyber Fighters, the group claiming responsibility for the continued campaign against U.S. financial institutions, it may well be remembered as being the year of the Distributed Denial of Service (DDoS) attack. According to the group's own calculations, banks can expect to continue dealing with the annoyingly inconvenient assault on their websites for another 56 weeks, extending the protest well into 2014.
The attacks, which began in mid-September, have resulted in intermittent downtime for the online banking websites of some of the largest financial institutions in country, including U.S. Bancorp, JPMorgan Chase, Bank of America, PNC Financial Services Group, SunTrust, HSBC, Ally Bank, BB&T, Wells Fargo and Capital One.
In a Pastebin post published January 8th, the group attempts to provide a rational accounting for the projected duration of their protest against a controversial YouTube video, and their estimate of the financial impact to the targeted organizations, with some simple arithmetic.
The group based their calculations on the total number of times the video in question has been viewed on the top five YouTube postings of the film, in addition to the number of times viewers have "liked" the video, and also taking into account the number of "dislikes" of the video:
- Total number of views: T = 26546482
- Total number of "Likes": L = 73721
- Total number of "Dislikes": D = 194906
- Dislike Factor: DF = 10 (no explanation for this figure provided)
- Cost per minute of DDoS: C = $30,000
- Sentence for each view/like: CF = $100
- Total number of minutes for DDoS attacks: TM = TC/C = 82237 minutes
- Total cost to be exacted: TC = (T+L-DF*D) * CF = $2,467,114,300
- Total Days: TD = TM/S = 196 days
- REM = TD-PD = 169 days total (about 56 weeks total duration at an average of 7 hours of "DDoS attack success rate per day")
If the protesters really have the fortitude to carry on the campaign for another year or more, 2013 may indeed go down as the year of the banking DDoS.Of course, it is not merely financial institutions who can suffer disruptions to business activities due to denial of service attacks; every organization with an Internet presence is susceptible.
Organizations concerned about their own potential exposure to DDoS attacks are encouraged to take a free DDoS preparedness assessment test which provides a customized evaluation and subsequent recommendations based on answers to a short questionnaire. The DDoS assessment can be conducted in a matter of minutes by following the instructions here: DDoS Preparedness Test. Resources are also available for those organizations who seek to deploy a first line of defense to filter unwanted traffic before it ever reaches the targeted network.