As promised, Islamic hacktivists disrupt PNC Bank

PNC Bank's website was disrupted on Thursday by a group of Islamic hactivists who have also claimed responsibility for downing the sites this week of Wells Fargo and U.S. Bank.

The latest attack is identical to the other two in that hundreds of thousands of computers are used to overwhelm the sites' bandwidth, said Atif Mushtaq, a security researcher for FireEye who has been monitoring the attacks.

The hactivists also claim to be behind the distributed denial of service (DDoS) attacks last week against Bank of America and JPMorgan Chase, as well as U.S. bank yesterday.

PNC has confirmed the attack. Spokesman Fred Solomon told The Chicago Tribune that the disruption affected some online customers. "We are working to restore full service to everyone," he said.

Based on the kind of traffic Mushtaq has seen, the banks' sites are being overwhelmed by requests from the computers of supporters of the hacktivists. The group, which calls itself "Mrt. Izz ad-Din al-Qassam Cyber Fighters," has used social networks, including Google+; underground sites, and their own website to recruit sympathizers.

"I'm not surprised that there are thousands and thousands of people performing this type of DDoS," Mushtaq said.

[Related stories: Hacktivists strike U.S. Bank with volunteer-powered DDoS | Banks can only hope for best with DDoS attacks | Islamic hacktivists' bank attack claims gain credibility | Wells Fargo recovers after site outage | Theories mount on bank attacks, but experts stress defense | Arab hackers attack Western websites over film]

The hactivists have said that the attacks are in retaliation for a video trailer denigrating the Prophet Muhammad. The amateurish YouTube video made in the U.S. has sparked violent protests in the Middle East and other regions.

To participate in the hactivists' campaign, a supporter goes to one of two file-sharing sites and downloads a program written in a scripting language that runs in a web browser.

Once the program is running, a person only has to click on a "start attack" button to send continuous requests to the target's website. All of the traffic seen by FireEye has come from Web browsers, an indication that the attackers are not using a network of compromised machines, called a botnet. Such networks are also a popular method for launching distributed denial of service attacks, which are said to be crude but still effective.

"The bad part about this attack is it's so simple," Mushtaq said. "They're not using any botnet. They're using browsers."

Rob Rachwald, director of security for Imperva, said an all-volunteer army launching such an attack is in unusual. Hacktivists often use a combination of supporters and botnets, he said. In addition, rather than try to overwhelm the bandwidth of a large bank, attackers often find a vulnerable component in the site first and target traffic to just that area.

While he hasn't monitored the recent attacks, Rachwald said he believes the attackers are much more sophisticated. An indication of that is the fact that the hactivists posted warnings in advance, naming the targeted banks. Nevertheless, the banks were unable to prevent disruption.

"It tells you that more than likely the attackers were pretty sophisticated," he said. "They're using some new technique, or variation of older techniques to bring the sites down."

None of the banks have given details of the attacks.

Ideologically motivated hacktivism was the primary motivation behind DDoS attacks last year, according to Arbor Networks' annual survey of Internet Service Providers. The number of high-bandwidth DDoS attacks increased significantly, with 25% exceeding the total bandwidth into a data center.

At the same time, there are a variety of DDoS attack tools and services available in the underground, Arbor said.

Read more about malware/cybercrime in CSOonline's Malware/Cybercrime section.

Join the CSO newsletter!

Error: Please check your email address.
Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Antone Gonsalves

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts