Bank of America, one of the victims of Operation Ababil (Screengrab)

The Izz ad-Din al-Qassam Cyber Fighters published a new message on their Pastebin profile late Monday, warning of a new round of cyber attacks against U.S. financial institutions, beginning this week.

In their lengthy post, titled "Phase 2 Operation Ababil," the Qassam Cyber Fighters announced that they plan to attack websites owned by J.P. Morgan Chase, Bank of America, U.S. Bancorp, PNC Financial Services and SunTrust Banks.

Previous cyber attacks for which the ideologically-motivated group claimed credit took some bank sites down for more than 24 hours and affected website functions for days afterwards. The Cyber Fighters say that in Phase 2, "the wideness and the number of attacks will increase explicitly; and offenders and subsequently their governmental supporters will not be able to imagine and forecast the widespread and greatness of these attacks."

U.S. officials have said they believe the attacks are state-sponsored by Iran, but the cyber attackers still insist they are not working for any government. Though they mention events since their previous attacks such as Israel's efforts against Hamas, the al-Qassam Cyber Fighters still say their main reason for renewed cyber attacks is the presence of Innocence of Muslims on the Internet. Google has refused to removed the anti-Islamic video from the Internet in nations where it is not against the law.

Fox Business notes one of the reasons security researchers and U.S. officials have said they believe the al-Qassam Cyber Fighters are more organized and well-funded than an ad-hoc group of cyber terrorists is because they use such a sophisticated botnet of compromised web servers. The Cyber Fighters' zombie army of bots sidesteps bandwidth limits and focuses more power against their targets than attacks from home computers.

Previous banks affected by al-Qassam's efforts included Wells Fargo, Bank of America and the New York Stock Exchange.

Update: It looks like the Cyber Fighters didn't waste any time. As of 1:45 p.m. ET Tuesday, many Bank of America customers were reporting problems accessing the bank's website.

Muslim cleric Izz ad-Din al-Qassam (Wikimedia)

If customers of Regions Bank were having trouble reaching the institution's website Thursday, they could thank the Izz ad-Din al-Qassam Cyber Fighters, who returned earlier this week for the fourth week of Operation Ababil.

Operation Ababil is an ongoing effort by cyber-attackers who say they plan to keep knocking American banks offline until Innocence of Muslims has been taken off the web. While Google has blocked the video in countries where its bigoted content is illegal, the search giant has said it will not block the video in the U.S., citing laws that protect freedom of speech.

Some experts think Iran is behind the Qassam Cyber Fighters, but the group has denied this.

Their Pastebin from October 8th added new reasons for their outrage:

A number of cyber-attacks toward the American banks planned and executed during the past weeks. Those attacks were a response to an insulting film against the great prophet of Islam which was made and broadcast on the Internet according to Zionists will and Americans management. All Muslims and free-minded people around the world protested this absurd action but their complaints were not addressed. If these protests were done by your fans any film was immediately removed from internet. For instance, at the same time with the Queen of England family's complaint against an insulting photo published in the French magazines the photo was removed immediately. But you did not care about the demands of Muslims and called the fighter groups' activities terrorist attacks.

You are insulting the prophet of Islam, what do you expect from Muslims? Do they have the right to confront or retaliate? Do you have a respectable thing that can be insulted in retaliation?

The Cyber Fighters concluded that "respectable thing" was banks. So they listed their targets and a timeline for the attacks:

Tuesday 10/9/2012 : attack to Capital One Financial Corp site, capitalone.com
Wednesday 10/10/2012 : attack to SunTrust Banks, Inc, suntrust.com
Thursday 10/11/2012 : attack to Regions Financial Corp site, regions.com
Weekends: planning for the next week' attacks.

The Cyber Fighters were careful to note that they weren't hacking everything. They referred to "recent Trojan-based attacks" that targeted "electronic money transfers" and stated that their activities were "only against the insulting movie mentioned above."

Operation Ababil has been documented in both Arabic and English. English posts often appear to be translations from the Arabic, but the most recent Arabic post seemed to reveal a sentence the attackers chose to leave out of the English version:

Sorry of the customers of these banks because the attacks caused interruption of banking operations, and we invite them to join the rest of the world in these activities [...]

Capital One, attacked on Tuesday, was still having problems Thursday. Sun Trust Banks was also knocked offline Wednesday, as promised.

As has been this group's practice, these cyber attacks will occur for eight hours each day, beginning at 10 a.m. EDT.

Muslim cleric Izz ad-Din al-Qassam (Wikimedia)

The Izz ad-Din al-Qassam Cyber Fighters have returned with a new declaration published on Pastebin and a new set of targets. If you park your money with Wells Fargo and can’t reach the bank’s website, you apparently can blame the hackers and their Operation Ababil.

The group's Pastebin post renewed their call for the anti-Muslim video Innocence of Muslims to be removed from the web. They also refuted allegations their actions have been state-sponsored by Iran, stating that they "strongly reject the American officials' insidious attempts to deceive public opinion."

The Cyber Fighters went on to give a timetable for their attacks and urged others to join the fight:

We shall attack for 8 hours daily, starting at 2:30 PM GMT, every day. We repeat again the attacks will continue for sure till the removal of that sacrilegious movie.

We invite all cyberspace workers to join us in this Proper Act. If America's arrogant government do not submit, the attack will be large and larger and will include other evil countries like Israel, French and U.Kingdom indeed.

Several large financial institutions can expect to go the way of WellsFargo.com, which was timing out for users accessing the page from multiple locations on Tuesday afternoon.

The bank acknowledged the problem and posted the following on its Twitter account around 4 p.m. ET:

We apologize to customers who may be experiencing limited access to @wellsfargo.com & online banking. We are working to quickly…

— Wells Fargo (@WellsFargo) September 25, 2012

resolve this issue. Customers can still access their accounts through our ATMs, stores and by phone at 800-956-4442.

— Wells Fargo (@WellsFargo) September 25, 2012

Muslim Cyber Fighters say they will also target the following:

Wednesday 9/26/2012 : attack to U.S. Bank site, www.usbank.com
Thursday 9/27/2012 : attack to PNC site, www.pnc.com

Past cyber-attacks for which this group claims responsibility struck Bank of America and JP Morgan Chase.

While the problems for the larger banks were intermittent, the Wells Fargo attack seems to have been the most effective so far, indicating the group may be improving their methods.

Stuxnet, the first shot across the bow. (Krebs On Security)

Cyber attackers who went after Chase and Bank of America with Directed Denial of Service (DDoS) attacks on the banks' websites may have been working for Iran.

A report from the Washington Post cites several officials who have made this claim, including Senator Joseph Lieberman, the chair of the Homeland Security and Governmental Affairs Committee.

The Post reports that in an interview with C-SPAN, Sen. Lieberman disputed the idea the attackers were independent hacktivists outraged by a controversial anti-Muslim film:

"I don’t believe these were just hackers who were skilled enough to cause disruption of the Web sites," said Lieberman in an interview taped for C-SPAN's "Newsmakers" program. "I think this was done by Iran and the Quds Force, which has its own developing cyberattack capability." The Quds Force is a special unit of Iran's Revolutionary Guard Corps, a branch of the military.

Lieberman said he believed the efforts were in response to "the increasingly strong economic sanctions that the United States and our European allies have put on Iranian financial institutions."

The Post also reported that there have been similar attacks against American telecoms such as AT&T and Level 3.

What wasn't clear from Sen. Lieberman's remarks or the Post's report was whether the "Cyber fighters of Izz ad-din Al qassam," who claimed credit for the attacks and dubbed them "Operation Ababil" were opportunistic trolls or misdirection by Iranian cyber forces.

If officials and cyber-security experts quoted by the Post are correct, it is likely Iran intended the bank attacks as a response to U.S. actions such as the infiltration of the Stuxnet worm, which disrupted Iranian nuclear operations in 2010. Stuxnet targeted uranium enrichment centrifuges and caused them to spin wildly out of control.

The most recent Pastebin post from the Cyber fighters of Izz ad-din Al qassam claimed the attack on Chase's web properties was step two. They seemed to imply there were several more steps to go.

Izz ad-Din al-Qassam (Wikimedia)

The Cyber fighters of Izz ad-din Al qassam, a group of cyber-attackers who have targeted Bank of America and the New York Stock Exchange, allegedly struck J.P. Morgan Chase today. Fox Business reported on the site outage at Chase.com and consulted with Flashpoint Partners about the problems. Flashpoint told Fox that Chase's problems were probably due to a "sustained denial of service attack."

The religiously-motivated hackers, who claim they are responding to the anti-Muslim video, Innocence of Muslims, have published a new Pastebin page claiming credit for the Chase attack:

In the name of Allah the companionate the merciful

My soul is devoted to you Dear Prophet of Allah

"Operation Ababil" started over BoA :

http://pastebin.com/mCHia4W5
http://pastebin.com/wMma9zyG

In the second step we attacked the largest bank of the united states, the "chase" bank. These series of attacks will continue untill the Erasing of that nasty movie from the Internet.

The site "www.chase.com" is down and also Online banking at "chaseonline.chase.com" is being decided to be Offline !

Down with modern infidels.

### Cyber fighters of Izz ad-din Al qassam ###

"Operation Ababil" was also the name of a failed Pakistani military operation that occurred in April, 1984.

Pakistan planned the maneuver (sometimes spelled "Operation Ababeel") as an effort to capture a glacier in the long-disputed region of Kashmir. India learned of the plan and managed to seize the area two days before Pakistan pulled the trigger on the mission.

Are the Cyber fighters of Izz ad-din Al qassam hinting that they might be based in Pakistan? Not necessarily--the name of the operation could be a red herring.

The group's moniker may mean more than whatever they call their efforts against financial institutions; Izz ad-din Al qassam, according to Wikipedia, was the name of a Syrian-born "Muslim preacher who was a leader in the fight against British, French, and Zionist organizations in the Levant in the 1920s and 1930s."

Innocence of Muslims has been blocked in Pakistan and several other heavily Muslim countries but Google has refused to completely remove the film from the web.

Wells Fargo's logo. (flickr/Neubie)

Earlier this week the Izz ad-Din al-Qassam Cyber Fighters announced new distributed denial of service (DDos) attacks on U.S. banks, part of what they've referred to as Phase 2 of their "Operation Ababil." It appears that they have been true to their word.

As of 1:30 p.m. on Friday afternoon, virtually all of the most recent site outage reports on SiteDown.co, one of the largest website outage notification services, were for either Wells Fargo or Bank of America. Comments from Wells Fargo customers ranged from the questioning--"What idiots do you hire to manage to your website?" to the timely: "Did the mayans shut down wells fargo as well no world no monies (sic)."

The al-Qassam Cyber Fighters have repeatedly denied they are working for Iran, even though many security experts say the size of their attacks indicates state sponsorship. In various posts, usually published on Pastebin, the cyber attackers insist their efforts against American banks continue because Google will not remove the anti-Islam video Innocence of Muslims from the Internet in any country where they are not legally required to do so.

The actual impact on banks by the continued denial of service (four days of outages for Wells Fargo this week) is still unclear. A report by Bank Info Security about the first wave of attacks from the al-Qassam Cyber Fighters in October indicated that in addition to inconvenience and customer loss, there is a danger that DDoS outages could be distractions for real hack attacks, in which customer funds are covertly transferred away, possibly to support future cyber espionage.

Whatever is really going on with the Cyber Fighters, it is clear that some banks are still unprepared for their onslaught, and customers are angry. An anonymous user on SiteDown.com likely spoke for many, writing, "Unable to log on to Bill Pay; 4th day and counting; Wells: you need significant help here; do something quick!"

The IAEA logo.

The International Atomic Energy Agency (IAEA) reported a striking security breach Tuesday, admitting that hackers had stolen information from one of its servers and published it online.

According to Reuters, a group with "an Iranian-sounding name" published the information and requested a probe into Israel's nuclear program.  The IAEA is already wary of Iran's nuclear ambitions.

Reuters reports the theft may not have compromised much in the way of confidential data:

A Western diplomat said the stolen data was not believed to include information related to confidential work carried out by the IAEA. One of the agency's tasks is preventing the spread of nuclear weapons.

The hackers who posted the info call themselves Parastoo (the Persian name for birds known as swallows in English) and naturally enough they used Pastebin.

In the Pastebin post Parastoo wrote that this was their first such message and the public would be "hearing game changing news" from them frequently in the future. After publishing a list of email addresses  lifted from the IAEA's server in Vienna, Parastoo asked the owners of the addresses to sign a petition to request a closer look at nuclear activities in the city of Dimona, which is home to Israel's Negev Nuclear Research Center.

Parastoo seemed to reassure the IAEA that the hack was performed merely to get the agency's attention, writing that the IAEA's "critical information is safe with us(,) as we are brothers."

They closed with an apparent warning to Israel that doubled as a nod to Anonymous: "You are not Anonymous. Expect us."

The Muslim Cyber Fighters who DDoSed several American banks in October have insisted their project, which they called "Operation Ababil," was not sponsored by the government of Iran.

"Ababil" is an Arabic word for the same bird called "parastoo" in Persian--the swallow. There are references to the swallow in the Qu'ran, including "The Story of the Companions of the Elephants," in which a flock of birds carrying stones attack soldiers and elephants, killing them.

So--it's possible that these hacker references to swallows are just coincidence. Unless hackers have also begun to grow wings.

Bank of America, one of the victims of Operation Ababil (Screengrab)

The Izz ad-Din al-Qassam Cyber Fighters, who claimed credit for multiple DDoS attacks on American financial institutions like Bank of American and Suntrust, Inc., still steadfastly deny they were working for the Iranian government. Wired directs us to this interview with the hackers conducted in early November by researchers Flashpoint Global Partners, a security research firm.

The hackers always claimed in various Pastebin posts that their "Operation Ababil" was not motivated by a need to hurt the United States so much as they wanted to express outrage over the anti-Muslim film, Innocence of Muslims.

In their interview with Flashpoint, the hackers repeated the same sentiment, stating that they targeted banks to do “something proportional to what has happened against us. In the system where… religion and sacred things are not honorable, and only material, money and finance have value, this seems a suitable and effective… act[ion] and can influence governors and decision makers.”

Asked to respond to U.S. claims they were affiliated with Iran's military, al-Qassam said they weren't dependent on any government, just protesting "the insulting movie."

"But there are some ones," al-Qassam told Flashpoint, "who want to portray this action as political. So they are deflecting the issue to the side of their political leanings."

The Cyber Fighters may be telling the truth, but as Wired's Noah Schachtman noted, "some security researchers believed the attacks to be so sophisticated, they could’ve only been pulled off with government help."

For the time being it appears the Cyber Fighters have gone to ground and put their Operation Ababil on pause, as they haven't posted any claims of action on their Pastebin page for just over a month. We may not know what they’re up to until the next time someone tries to check their balance or load their bank’s website and gets only error messages in return.

Zachary Harris (LinkedIn)

When mathematician Zachary Harris received an email from a Google headhunter asking if he was "open to confidentially exploring opportunities" with the search giant, Mr. Harris was skeptical. He checked the email’s headers--the thicket of traffic data hidden in every message we receive--and saw that though the message was authentic, Google had a problem.

The cryptographic key that validated the email and verified it as having come from someone at Google was surprisingly weak. Weak enough that Mr. Harris realized that given a little time he could spoof the key and then send an email to Google founders Larry Page and Sergey Brin. Thinking this was surely some kind of test, Mr. Harris cracked the 512-bit key (current standards indicate they should be twice that length) and sent an email to Mr. Brin and Mr. Page--but made it look as if it came from one man to the other.

He never received a response. However, as Wired reports, Google clearly noticed:

Harris made sure the return path for the e-mails went to his own e-mail account, so that Brin and Page could ask him how he’d cracked their puzzle. But Harris never got a response from the Google founders. Instead, two days later, he noticed that Google’s cryptographic key had suddenly changed to 2,048 bits. And he got a lot of sudden hits to his web site from Google IP addresses.

Oops, Harris thought, it was a real vulnerability he’d found.

Mr. Harris examined other sites and found that a laundry list of some of the most popular domains had the same weakness. They included PayPal, Yahoo, Amazon, eBay, Apple and Dell, just to name a few. As Wired noted, "Send an e-mail as jeff.bezos@accounts.amazon.com? No problem. Spoof marissa.meyer@yahoo-inc.com? Piece of cake."

Mr. Harris noted that many banks as well as PayPal did have stronger 768-bit cryptographic keys, however even those larger codes were potentially vulnerable to cracking with large enough resources. He told Wired a large group with considerable resources or an unfriendly nation-state like "the government of Iran" could probably crack 768-bit keys.

Considering that the U.S. believes Iran is already attacking American financial institutions, Mr. Harris's discoveries may be an unwelcome wake-up call to financial security professionals nationwide.

Still from a trailer for Innocence of Muslims

Muslims protested at Google headquarters in London on Sunday, expressing outrage over the search giant's refusal to remove Innocence of Muslims from YouTube.

One of the men behind the event, Masoud Alam, told the Telegraph that there will be more protests "at the offices of Google and YouTube across the world." Muslims wish to ban the film, said Mr. Alam, because it is an "insult of the Prophet."

Some in attendance on Sunday said they want to expand their protests:

Sheikh Siddiqui, a barrister from Nuneaton, said he wanted to form a coalition with the Church of England, Catholics, Jewish groups, Trade Unions and even Conservatives to encourage their ranks to join his "campaign for civility".

"We want everyone in society to recognise these people are wrecking our fragile global society. We want the Church, the Synod, Jewish groups and establishment figures involved," he said.

The Telegraph quoted a YouTube spokesperson, who admitted that the company's efforts to "create a community everyone can enjoy" is challenging, "because what's OK in one country can be offensive elsewhere."

Google and YouTube are holding fast to what they see as a free-speech issue and has clearly stated that they will not remove or block the video in any country where it is considered protected speech.

Muslims have apparently protests online as well. Muslim Cyber Fighters continued a fourth week of well-organized denial of service attacks on American financial institutions last week, taking the websites of Regions, Capital One and SunTrust banks offline for several hours a day.