Bank DDoS Attacks Resume

A number of U.S. banks are dealing with online service disruptions as hacktivists reportedly have launched another round of distributed denial of service (DDoS) attacks against financial institutions.

A number of U.S. banks are dealing with online service disruptions as hacktivists reportedly have launched another round of distributed denial of service (DDoS) attacks against financial institutions.

According to, customers for PNC Bank, Wells Fargo, Citibank, Bank of America and a number of other major banks have been reporting an inability to access their respective banking websites or online accounts.

“Earlier today, customers using certain Internet service providers were experienceing difficulties reaching PNC’s sites,” Marcey Zwiebel, VP and senior manager of external communications for PNC told Threatpost via email.

Though unconfirmed, members of the al-Qassam Cyber Fighters, which claimed responsibility for two rounds of DDoS attacks against banks at the end of last year and into this year, said they would start the third phase of their campaign this week.

In a Pastebin post, the group said: “During runnnig Operation Ababil Phase 3, like previous phases, a number of american banks will be hit by denial of service attacks three days a week, on Tuesday, Wednesday and Thursday during working hours.”

The attacks are in retaliation for the portrayal of Muslims in “Innocence of Muslims,” a series of movie trailers uploaded to YouTube, the group said.

However, some security experts have been skeptical that these are the group’s true motivations. The previous rounds of DDoS attacks have demonstrated some unprecedented amounts of traffic fired at the banking sites, upwards of 80 Gb/second to 100 Gb/second, volumes more than traditional DDoS attacks that require less than 10 Gb/second.

The attackers have used a number of automated toolkits, namely itsoknoproblembro, to pull off the attacks, firing high volumes of traffic at simultaneous targets. The first attacks began in September, followed by another round in December.

“If you’re sending 40 GBPS of traffic across two targets, that’s definitely a feat,” Arbor Networks’ director of security research Dan Holden told Threatpost in December. “That’s difficult to do from the attacker’s standpoint, and difficult to defend.”

In January, researchers at Incapsula discovered the attackers had another bullet in their holster and were using compromised Web servers to launch attacks, a throwback to the early days of DDoS attacks when broadband connectivity was at a premium and botnets were a rarity.

“This is just a part of a growing trend we’re seeing in our DDoS prevention work. In an attempt to increase the volume of the attacks, hackers prefer web servers over personal computers. It makes perfect sense,” said Incapsula analyst Ronan Atias said. “These are generally stronger machines, with access to the high quality [host] networks and many of them can be easily accessed through a security loophole in one of the sites.”

The attackers, meanwhile, said they had suspended the second phase of their operations because a main copy of the film was removed from YouTube. Other copies of the film have surfaced, they said, prompting them to ramp up attacks again. The group, in its Pastebin post, also lays out a formula for calculating how long it will DDoS the banks based on the likes and views on YouTube attained by the videos.

*Bank images via lewisha1990 and R/DV/RS‘s Flickr photostreams, Creative Commons.

Suggested articles


  • redwolfe_98 on

    to me, it doesn't make sense that a group of muslims would use ddos attacks against banks to protest a video hosted at "youtube".. why not use the ddos attacks against "youtube", or google?

    i read one story that said that ddos attacks against a particular bank were used to mask the looting of bank accounts.. that was what i suspected from the first, that thd ddos attacks against banks were being used to mask the looting of bank accounts..


  • Sam on

    "A thousand monkeys at a thousand typewriters..."

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.