VirtualThreat Contributing Writer
For five weeks now some of the largest banks in the United States, including HSBC, Capitol One and BB&T, have been under a sustained cyber attack from unidentified hackers.
The attackers are using denial of service (DOS) attacks to cripple access to the banks’ websites. In a phone interview with Bloomberg yesterday Carl Herberger, V.P. of network security firm Radware Inc., said the majority of the malicious traffic seemed to be coming from both Iran and Russia.
Herberger, who is working with the banks to investigate the attacks, went on to say that it appears the hackers are working a “target list” and they have “been near-100 percent effective, at least in bringing these financial institutions some level of duress.”
The attacks began early last month and the hackers behind the assault seem to be continuously adapting to the bank defense mechanisms. At present the attackers are using hijacked commercial servers to send high volumes of internet traffic to overload the bank websites. Customers reported having intermittent issues accessing the bank websites as the barrage continued.
By using commercial servers to launch the attack, the hackers were able spray a huge volume of traffic at the target sites, all but crippling the back end servers. Defense Secretary Leon Panetta said the scale and speed of the attacks was “unprecedented”.
A hacking group called Izz ad-Din al-Quassam Cyber Fighters is claiming responsibility for the bank attacks. They have posted statements on pastebin.com saying the attacks are a response to a video uploaded to YouTube making fun of the Prophet Muhammad.
Top banking executives say there is no sign that any customer data or money has been stolen. However Herberger and Rodney Joffe, senior V.P. at Neustar Inc., say that it could take months to determine if any theft had occurred.