The hacktivist threat: Brazilian bank sites continue to fall victim to DDoS attacks

By | February 02, 2012

Posted in: Network Security Trends

Distributed denial-of-service (DDoS) attacks against Brazilian financial institutions continued today, as the HSBC Brazil was knocked offline, the latest victim of the hacktivist group Anonoymous OpWeeksPayment# campaign, demonstrating again the serious concern posed by the hacktivist factor. The group took credit for taking down the Banco do Brasil, the country’s largest state-run bank on Wednesday, and Itau Unibanco Banco Multiplo SA and Banco Bradesco SA, the country's largest and second largest private banks, respectively, earlier in the week.

AnonBRNews and AntiSecBrTeam announced the attacks on Twitter with the message "Caution mariners: Target reached! HSBC is drifting! Tango Down! "

Anonymous, a loose confederation of ideologically motivated hactivists, has been very active in recent weeks. In January, the group launched a wave of DDoS attacks in response to the takedown of Megaupload, a huge file-sharing site accused of content piracy and arrested of four employees, including the company’s founder. The attacks took down U.S. Department of Justice and FBI, as well as entertainment industry group and company sites. A second series of attacks knocked off several Polish government sites in anticipation of the government signing ACTA (Anti-Counterfeiting Trade Agreement). Anonymous vehemently opposes anti-piracy legislation such as ACTA and SOPA (Stop Online Privacy Act).

Last April, Anonymous fired off DDoS attacks against the Sony PlayStation Network as part of their Operation Sony attacks in protest of the entertainment giant's lawsuit against sue George Hotz, who published code that lets users "jailbreak" the PlayStation 3. In that case, the attacks were actually used as a diversion to draw attention away from a massive data breach of PlayStation Network accounts. In late 2010, Operation Payback included DDoS-ing against  MasterCard,  Visa,  PayPal,  Amazon, and other major companies  and organizations who cut off sources of funding to WikiLeaks.

The Brazilian attacks again underscore the threat of ideologically based DDoS attacks and, in particular, Anonymous’ ability to coordinate large, successful campaigns against selected targets for whatever cause they consider the current priority. Unlike criminally motivated DDoS, which increasingly leverages low-volume application layer attacks and/or flooding attacks via massive botnets, Anonymous enlists willing participants by encouraging them to download the DDoS attack tool Low Orbit Ion Cannon (LOIC). However,  there’s evidence that a least some of the participants in the post-Megaupload attacks were suckered by clicking on a link that launched LOIC.

You May Also Be Interested In: