For the last week, hackers have — once again — attacked the online banking sites of several American banks.
The attacks appear to be the second stage of a campaign that began in September, when a hacker group calling itself Izz ad-Din al-Qassam Cyber Fighters took credit for a series of attacks on the Web sites of Bank of America, Citigroup, U.S. Bank, Wells Fargo and PNC that caused intermittent delays.
The group said it had attacked the banks in retaliation for an anti-Islam video that mocked the Prophet Muhammad and pledged to continue its campaign until the video was removed from the Internet. They called the campaign Operation Ababil, a Koran reference to the swallows Allah sent to attack an army of elephants dispatched by the King of Yemen to attack Mecca in 571 A.D.
In an online post on Tuesday, the group said that it had resumed Operation Ababil and that, over the last several weeks, it had focused on nine banks: JPMorgan Chase, Bank of America, Citigroup, Wells Fargo, U.S. Bancorp, PNC, BB&T, Suntrust and Regions Financial.
“Our aim of this operation is removal of that insulting and absurd film,” the hackers wrote in an online post.
Of the nine banks, representatives of PNC, BB&T and Citigroup confirmed that their online banking sites had experienced intermittent disruptions because of a high volume of Web traffic, but they said that bank accounts and customer information had not been affected. Though they were not mentioned in the group’s online hit list, Capital One and Fifth Third Bank also experienced brief disruptions.
Customers at Bank of America, Wells Fargo, U.S. Bancorp and JPMorgan did not appear to have had any trouble reaching their accounts.
In an e-mail to customers, PNC said it had experienced “an unusually high volume of traffic” to its site. “This volume of traffic is consistent with threatened cyberattacks on the U.S. banking system and is designed to cause access delays for legitimate Internet customers,” the statement said.
Debra DeCourcy, a spokeswoman for Fifth Third Bank, said that from 11 a.m. to 3 p.m. on Thursday, Fifth Third also had a high volume of traffic to its site. “We believe it was a denial of service attack designed to disrupt access to our site,” Ms. DeCourcy said. “This was an access issue, not a security issue: No customer information or data was compromised.”
In a denial of service attack, hackers bombard a site with traffic until it collapses under the load. Though banks take great pains to absorb large volumes of traffic, many experienced unprecedented levels. Typically such attacks are deployed through a Web application, in which hackers recruit volunteers to click on a link that sends signals from their computers to a victim’s site, or through botnets, networks of infected computers and devices that do hackers’ work for them.
But security researchers who studied the attacks on banking sites last fall said hackers had used a new weapon: data centers.
Researchers at Radware who investigated the attacks for several banks found that the traffic was coming from data centers around the world that had been infected with a sophisticated form of malware that was designed to evade detection by antivirus solutions. The attackers used those infected servers to simultaneously fire traffic at each banking site until it slowed or collapsed. By infecting data centers instead of computers, attackers obtained the horsepower to mount an enormous denial of service attack.
Jenny Shearer, a spokeswoman for the Federal Bureau of Investigation, declined to comment on the source of the attacks on Friday.
In an online post, hackers said the attacks had not been sponsored by a country.
Government and intelligence officials have blamed Iran for the fall attacks and for a destructive cyberattack on computers at Saudi Aramco in August, though they have not presented any evidence to back up their claims. Tracing cyberattacks back to one particular country is difficult, security experts say, because traffic can be routed through different Internet addresses to mask their true origin.
Security researchers still do not know how the data centers used in the first wave of attacks were infected in the first place, how widespread the infection rate was and — perhaps most troubling — whether the servers could be used to damage other sensitive targets in the future.
On Tuesday, the hackers said they had no intention of halting their campaign. “Officials of American banks must expect our massive attacks,” they wrote. “From now on, none of the U.S. banks will be safe.”