DDoS: New Attacks Against Banks

Sources Say Strikes Waged by Same Botnet as Earlier Attacks
DDoS: New Attacks Against Banks

A hacktivist group known as the European Cyber Army said Jan. 28 that it had waged targeted distributed-denial-of-service attacks against Bank of America and JPMorgan Chase.

See Also: DNS and the Threat of DDoS

The attacks apparently occurred from about 10:30 a.m. until 2:30 p.m. ET on Tuesday, says one DDoS-tracking source, who requested anonymity. "We have not seen anything yet today," the source told Information Security Media Group on Jan. 29. Both banks' websites were up and running midday Jan. 29.

The European Cyber Army claims to have targeted the United States' two leading banking institutions without warning, according to a string of tweets the group posted Jan. 28. But the attackers suggest a target list may soon be released.

"First it was the Bank of America! Now it's Chase banking! Strike Package FoxTrot nukes Chase's Website! #Nuked >>> http://Chase.com ," one tweet reads. A later tweet states, "All Your BandWidth will Velong [belong] to the European Cyber Army! We will be Releasing a possible Target List soon!"

The European Cyber Army has recently taken credit for DDoS attacks against other organizations and sectors, including the federal court system, according to tweets posted by the group and various news media reports. Since the beginning of January, the group has been linked to disruptive online attacks waged against various companies and organizations in the U.S., Asia, Europe and the Middle East, according to news reports.

Bank of America and Chase did not immediately respond to Information Security Media Group's request for comment about the alleged attacks.

But customer comments posted on Twitter on Jan. 28 complained of online outages at the two banks. And several executives at organizations that track DDoS activity confirm that they saw indications two leading U.S. banks were hit Jan. 28. Two of those sources, who asked to remain anonymous, say the attacks appeared to be aimed at BofA and Chase. They say both banks suffered significant DDoS strikes similar to the size of the attacks waged by the self-proclaimed hacktivist group Izz ad-Din al-Qassam Cyber Fighters against U.S. banking institutions from the fall of 2012 to the summer of 2013 (see DDoS: Prepare for the Next Wave).

While Izz ad-Din al-Qassam's attacks appeared to have stopped in August of 2013, numerous DDoS-tracking sources say they have linked the Jan. 28 attacks to al-Qassam's botnet, known as Brobot.

The Jan. 28 attacks used an old SQL injection vulnerability to install "backdoors" that ran traffic generating code, says John LaCour of PhishLabs, an online security firm that tracks cyber-attacks. LaCour was the only DDoS-tracking source willing to go on the record.

"PhishLabs has confirmed that recent exploitation of Kloxo control panel software is related to DDoS attacks launched on January 28th," he says.

The Financial Services Information Sharing and Analysis Center, which in October 2012 spearheaded industry information sharing to mitigate DDoS risks, would not comment about Jan. 28's alleged strikes against BofA and Chase.

Customer Comments

Customer complaints posted on Twitter about difficulty accessing BofA's and Chase's online banking platforms suggest interruptions in service cropped up Jan. 28.

"Hello @BofA_Help. You know what would really "help"? A status on the online banking outage. Thanks so much. #BofA," one comment tweeted at 9:28 a.m. ET on Jan 28 reads. At 8:43 a.m. ET on Jan. 28, the online monitoring site known as SiteDown.com sent this tweet: "Bank of America site is down or having issues, based on traffic and reports at http://sitedown.co/bank-of-america #BankOfAmerica #bofa."

Regarding Chase, a user noted Tuesday afternoon that the site could not be found: "@ChaseSupport so any word on your website? it seems to not exist currently. Nothing responds and website is unavailable #chasebank."

During the same time frame, another user tweeted, "Can't sign on to #chasebank again. Getting kinda tired of this. Get it together people."

A third noted: "#chasebank website is down. Noooooooooo work can be completed now #WorkInappropriate."

About the Author

Tracy Kitten

Tracy Kitten

Former Director of Global Events Content and Executive Editor, BankInfoSecurity & CUInfoSecurity

Kitten was director of global events content and an executive editor at ISMG. A veteran journalist with more than 20 years of experience, she covered the financial sector for over 10 years. Before joining Information Security Media Group in 2010, she covered the financial self-service industry as the senior editor of ATMmarketplace, part of Networld Media. Kitten has been a regular speaker at domestic and international conferences, and was the keynote at ATMIA's U.S. and Canadian conferences in 2009. She has been quoted by CNN.com, ABC News, Bankrate.com and MSN Money.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing inforisktoday.asia, you agree to our use of cookies.