Hacktivists: Phase 3 of Their Campaign Against U.S. Financial Institutions Underway

By | March 07, 2013

Posted in: Network Security Trends

They're back.

In a February 26th Pastebin post, the Izz ad-Din al-Qassam Cyber Fighters promised to resurrect their cyber campaign against U.S. financial institutions if offending YouTube videos were not removed from the Internet.

The videos were not removed and earlier this week, in another Pastebin missive, the Islamic group announced the commencement of Phase 3 of their so-called "Operation Ababil" was to begin yesterday.

"Now at the end of one month time it is seen that other copies of the film yet exist in YouTube so we announce the Phase 3 of Operation Ababil will start this week," said the new post. "During runnnig (sic) Operation Ababil Phase 3, like previous phases, a number of american (sic) banks will be hit by denial of service attacks three days a week, on Tuesday, Wednesday and Thursday during working hours."

According to information from SiteDown.co, PNC Bank, Wells Fargo, Bank of America, Fifth Third Bank, U.S. Bank, Chase and CitiBank were all on "outage watch" and down at some point on Wednesday.

As we pointed out in a January post, they continue to use a formula to determine the size and scope of their DDoS attacks. The group uses the number of "likes" and "dislikes," with each "dislike" compensating for 10 "likes." They then take into consideration the total video views, cost per minute of each DDoS attack and apparently plan to attack banks in accordance with their formula.

Using this current formula and incorporating their new figures, they attempt to provide a time frame for this new wave of attacks:

  • T=Total views: 9,473,450

  • L=Total likes: 25,435

  • D=Total Dislikes: 75,112

  • DF=Dislike Factor: 10

  • C=Cost per minute: 30,000

The attackers estimate a successful attack lasts seven hours, or 420 minutes, and calculate the number of days they will continue the DDoS attacks as:

  • Total Days: TD = TM (total minutes of DDoS activity)/S (avg. success rate per attack) = 69 days
After 36 "passed days" (PD) days of attacks so far, the group estimates the number of days remaining in their campaign to be as follows:
  • REMAINING TIME = TD-PD = 33 days total (about 11 weeks total duration at an average of 7 hours of “DDoS attack success rate per day”)

If the above numbers hold true, these attacks would continue on into the late Spring/early Summer.

According to a report by BankInfoSecurity, the last wave of attacks has piqued the attention of small, community financial groups and credit unions, since these types of banks became targets during the most recent phase of the  attacks. During this new pronouncement, these smaller organizations are bracing for additional hits.

To this end, the National Credit Union Administration (NCUA) issued a risk alert last month compelling credit unions to maintain strong information security protocols.

Knowing your risk level is key to combating these attacks. Organizations concerned about their own potential exposure to DDoS attacks are encouraged to take a free DDoS preparedness assessment test which provides a customized evaluation and subsequent recommendations based on answers to a short questionnaire. The DDoS assessment can be conducted in a matter of minutes by following the instructions here:  DDoS Preparedness Test. Resources are also available for those organizations who seek to deploy a first line of defense to filter unwanted traffic before it ever reaches the targeted network.

You May Also Be Interested In: