Wells Fargo's logo. (flickr/Neubie)

Earlier this week the Izz ad-Din al-Qassam Cyber Fighters announced new distributed denial of service (DDos) attacks on U.S. banks, part of what they've referred to as Phase 2 of their "Operation Ababil." It appears that they have been true to their word.

As of 1:30 p.m. on Friday afternoon, virtually all of the most recent site outage reports on SiteDown.co, one of the largest website outage notification services, were for either Wells Fargo or Bank of America. Comments from Wells Fargo customers ranged from the questioning--"What idiots do you hire to manage to your website?" to the timely: "Did the mayans shut down wells fargo as well no world no monies (sic)."

The al-Qassam Cyber Fighters have repeatedly denied they are working for Iran, even though many security experts say the size of their attacks indicates state sponsorship. In various posts, usually published on Pastebin, the cyber attackers insist their efforts against American banks continue because Google will not remove the anti-Islam video Innocence of Muslims from the Internet in any country where they are not legally required to do so.

The actual impact on banks by the continued denial of service (four days of outages for Wells Fargo this week) is still unclear. A report by Bank Info Security about the first wave of attacks from the al-Qassam Cyber Fighters in October indicated that in addition to inconvenience and customer loss, there is a danger that DDoS outages could be distractions for real hack attacks, in which customer funds are covertly transferred away, possibly to support future cyber espionage.

Whatever is really going on with the Cyber Fighters, it is clear that some banks are still unprepared for their onslaught, and customers are angry. An anonymous user on SiteDown.com likely spoke for many, writing, "Unable to log on to Bill Pay; 4th day and counting; Wells: you need significant help here; do something quick!"

Wells Fargo, hit by al-Qassam Cyber Fighters DDoS attacks.

Denial of service elves Izz ad-Din al-Qassam Cyber Fighters issued a new statement Tuesday and apparently renewed DDoS attacks on American bank websites.

In a brief Pastebin post the hackers--who claim they are mainly motivated by outrage over the anti-Muslim video, Innocence of Muslims--acknowledged the horrific school shootings that took place in Newtown Connecticut on December 14th, but re-committed to their efforts against U.S. financial institutions:

Originally, we sympathize deeply with families of the schoolchildren victimized by the horrible happening of Sandy Hook Elementary school. It’s very clear that a system which its rulers and capitalists are the owners of weaponry big companies never care about occurrence of these events. The past week’s attacks, showed our ability in doing wideness attacks so efficiently and of course this is not all of the Izz ad-Din al-Qassam’s ability. The attacks will be persistent till eliminating injustice and stopping the insults to the prophet of mercy and removing the offensive film, and we are sure that we will reach to our goals.

Based on reports made to Sitedown.co of website outages, the al-Qassam Cyber Fighters have been true to their word. By 5:45 p.m. ET on Tuesday over 400 users had reported an outage at WellsFargo.com since 9:15 a.m. Other banks reporting outages Tuesday included Bank of America and Chase, but Wells Fargo seemed hardest hit.

The cyber-attackers also promised that this week's attacks "will be as wide as previous week" and that customers of the "5 major US banks" should prepare for more "sorrow" and "inaccessibility."

Bank of America, one of the victims of Operation Ababil (Screengrab)

The Izz ad-Din al-Qassam Cyber Fighters published a new message on their Pastebin profile late Monday, warning of a new round of cyber attacks against U.S. financial institutions, beginning this week.

In their lengthy post, titled "Phase 2 Operation Ababil," the Qassam Cyber Fighters announced that they plan to attack websites owned by J.P. Morgan Chase, Bank of America, U.S. Bancorp, PNC Financial Services and SunTrust Banks.

Previous cyber attacks for which the ideologically-motivated group claimed credit took some bank sites down for more than 24 hours and affected website functions for days afterwards. The Cyber Fighters say that in Phase 2, "the wideness and the number of attacks will increase explicitly; and offenders and subsequently their governmental supporters will not be able to imagine and forecast the widespread and greatness of these attacks."

U.S. officials have said they believe the attacks are state-sponsored by Iran, but the cyber attackers still insist they are not working for any government. Though they mention events since their previous attacks such as Israel's efforts against Hamas, the al-Qassam Cyber Fighters still say their main reason for renewed cyber attacks is the presence of Innocence of Muslims on the Internet. Google has refused to removed the anti-Islamic video from the Internet in nations where it is not against the law.

Fox Business notes one of the reasons security researchers and U.S. officials have said they believe the al-Qassam Cyber Fighters are more organized and well-funded than an ad-hoc group of cyber terrorists is because they use such a sophisticated botnet of compromised web servers. The Cyber Fighters' zombie army of bots sidesteps bandwidth limits and focuses more power against their targets than attacks from home computers.

Previous banks affected by al-Qassam's efforts included Wells Fargo, Bank of America and the New York Stock Exchange.

Update: It looks like the Cyber Fighters didn't waste any time. As of 1:45 p.m. ET Tuesday, many Bank of America customers were reporting problems accessing the bank's website.

Muslim cleric Izz ad-Din al-Qassam (Wikimedia)

If customers of Regions Bank were having trouble reaching the institution's website Thursday, they could thank the Izz ad-Din al-Qassam Cyber Fighters, who returned earlier this week for the fourth week of Operation Ababil.

Operation Ababil is an ongoing effort by cyber-attackers who say they plan to keep knocking American banks offline until Innocence of Muslims has been taken off the web. While Google has blocked the video in countries where its bigoted content is illegal, the search giant has said it will not block the video in the U.S., citing laws that protect freedom of speech.

Some experts think Iran is behind the Qassam Cyber Fighters, but the group has denied this.

Their Pastebin from October 8th added new reasons for their outrage:

A number of cyber-attacks toward the American banks planned and executed during the past weeks. Those attacks were a response to an insulting film against the great prophet of Islam which was made and broadcast on the Internet according to Zionists will and Americans management. All Muslims and free-minded people around the world protested this absurd action but their complaints were not addressed. If these protests were done by your fans any film was immediately removed from internet. For instance, at the same time with the Queen of England family's complaint against an insulting photo published in the French magazines the photo was removed immediately. But you did not care about the demands of Muslims and called the fighter groups' activities terrorist attacks.

You are insulting the prophet of Islam, what do you expect from Muslims? Do they have the right to confront or retaliate? Do you have a respectable thing that can be insulted in retaliation?

The Cyber Fighters concluded that "respectable thing" was banks. So they listed their targets and a timeline for the attacks:

Tuesday 10/9/2012 : attack to Capital One Financial Corp site, capitalone.com
Wednesday 10/10/2012 : attack to SunTrust Banks, Inc, suntrust.com
Thursday 10/11/2012 : attack to Regions Financial Corp site, regions.com
Weekends: planning for the next week' attacks.

The Cyber Fighters were careful to note that they weren't hacking everything. They referred to "recent Trojan-based attacks" that targeted "electronic money transfers" and stated that their activities were "only against the insulting movie mentioned above."

Operation Ababil has been documented in both Arabic and English. English posts often appear to be translations from the Arabic, but the most recent Arabic post seemed to reveal a sentence the attackers chose to leave out of the English version:

Sorry of the customers of these banks because the attacks caused interruption of banking operations, and we invite them to join the rest of the world in these activities [...]

Capital One, attacked on Tuesday, was still having problems Thursday. Sun Trust Banks was also knocked offline Wednesday, as promised.

As has been this group's practice, these cyber attacks will occur for eight hours each day, beginning at 10 a.m. EDT.

Muslim cleric Izz ad-Din al-Qassam (Wikimedia)

The Izz ad-Din al-Qassam Cyber Fighters have returned with a new declaration published on Pastebin and a new set of targets. If you park your money with Wells Fargo and can’t reach the bank’s website, you apparently can blame the hackers and their Operation Ababil.

The group's Pastebin post renewed their call for the anti-Muslim video Innocence of Muslims to be removed from the web. They also refuted allegations their actions have been state-sponsored by Iran, stating that they "strongly reject the American officials' insidious attempts to deceive public opinion."

The Cyber Fighters went on to give a timetable for their attacks and urged others to join the fight:

We shall attack for 8 hours daily, starting at 2:30 PM GMT, every day. We repeat again the attacks will continue for sure till the removal of that sacrilegious movie.

We invite all cyberspace workers to join us in this Proper Act. If America's arrogant government do not submit, the attack will be large and larger and will include other evil countries like Israel, French and U.Kingdom indeed.

Several large financial institutions can expect to go the way of WellsFargo.com, which was timing out for users accessing the page from multiple locations on Tuesday afternoon.

The bank acknowledged the problem and posted the following on its Twitter account around 4 p.m. ET:

We apologize to customers who may be experiencing limited access to @wellsfargo.com & online banking. We are working to quickly…

— Wells Fargo (@WellsFargo) September 25, 2012

resolve this issue. Customers can still access their accounts through our ATMs, stores and by phone at 800-956-4442.

— Wells Fargo (@WellsFargo) September 25, 2012

Muslim Cyber Fighters say they will also target the following:

Wednesday 9/26/2012 : attack to U.S. Bank site, www.usbank.com
Thursday 9/27/2012 : attack to PNC site, www.pnc.com

Past cyber-attacks for which this group claims responsibility struck Bank of America and JP Morgan Chase.

While the problems for the larger banks were intermittent, the Wells Fargo attack seems to have been the most effective so far, indicating the group may be improving their methods.

Izz ad-Din al-Qassam (Wikimedia)

The Cyber fighters of Izz ad-din Al qassam, a group of cyber-attackers who have targeted Bank of America and the New York Stock Exchange, allegedly struck J.P. Morgan Chase today. Fox Business reported on the site outage at Chase.com and consulted with Flashpoint Partners about the problems. Flashpoint told Fox that Chase's problems were probably due to a "sustained denial of service attack."

The religiously-motivated hackers, who claim they are responding to the anti-Muslim video, Innocence of Muslims, have published a new Pastebin page claiming credit for the Chase attack:

In the name of Allah the companionate the merciful

My soul is devoted to you Dear Prophet of Allah

"Operation Ababil" started over BoA :

http://pastebin.com/mCHia4W5
http://pastebin.com/wMma9zyG

In the second step we attacked the largest bank of the united states, the "chase" bank. These series of attacks will continue untill the Erasing of that nasty movie from the Internet.

The site "www.chase.com" is down and also Online banking at "chaseonline.chase.com" is being decided to be Offline !

Down with modern infidels.

### Cyber fighters of Izz ad-din Al qassam ###

"Operation Ababil" was also the name of a failed Pakistani military operation that occurred in April, 1984.

Pakistan planned the maneuver (sometimes spelled "Operation Ababeel") as an effort to capture a glacier in the long-disputed region of Kashmir. India learned of the plan and managed to seize the area two days before Pakistan pulled the trigger on the mission.

Are the Cyber fighters of Izz ad-din Al qassam hinting that they might be based in Pakistan? Not necessarily--the name of the operation could be a red herring.

The group's moniker may mean more than whatever they call their efforts against financial institutions; Izz ad-din Al qassam, according to Wikipedia, was the name of a Syrian-born "Muslim preacher who was a leader in the fight against British, French, and Zionist organizations in the Levant in the 1920s and 1930s."

Innocence of Muslims has been blocked in Pakistan and several other heavily Muslim countries but Google has refused to completely remove the film from the web.

Bank of America, one of the victims of Operation Ababil (Screengrab)

The Izz ad-Din al-Qassam Cyber Fighters, who claimed credit for multiple DDoS attacks on American financial institutions like Bank of American and Suntrust, Inc., still steadfastly deny they were working for the Iranian government. Wired directs us to this interview with the hackers conducted in early November by researchers Flashpoint Global Partners, a security research firm.

The hackers always claimed in various Pastebin posts that their "Operation Ababil" was not motivated by a need to hurt the United States so much as they wanted to express outrage over the anti-Muslim film, Innocence of Muslims.

In their interview with Flashpoint, the hackers repeated the same sentiment, stating that they targeted banks to do “something proportional to what has happened against us. In the system where… religion and sacred things are not honorable, and only material, money and finance have value, this seems a suitable and effective… act[ion] and can influence governors and decision makers.”

Asked to respond to U.S. claims they were affiliated with Iran's military, al-Qassam said they weren't dependent on any government, just protesting "the insulting movie."

"But there are some ones," al-Qassam told Flashpoint, "who want to portray this action as political. So they are deflecting the issue to the side of their political leanings."

The Cyber Fighters may be telling the truth, but as Wired's Noah Schachtman noted, "some security researchers believed the attacks to be so sophisticated, they could’ve only been pulled off with government help."

For the time being it appears the Cyber Fighters have gone to ground and put their Operation Ababil on pause, as they haven't posted any claims of action on their Pastebin page for just over a month. We may not know what they’re up to until the next time someone tries to check their balance or load their bank’s website and gets only error messages in return.

Screengrab

Bank of America customers have had a hard time accessing the bank's website today--and a claim posted by a Muslim hacker group on Pastebin.com may have something to do with that. Reuters has reported that the "scope of the problem could not immediately be learned" but BoA customers across the country were having similar problems.

In a Pastebin post made sometime Tuesday, a group claiming to speak "In the name of Allah the companionate (sic) the merciful" wrote the following:

My soul is devoted to you Dear Prophet of Allah
Dear Muslim youths, Muslims Nations and are noblemen
When Arab nations rose against their corrupt regimes (those who support Zionist regime) at the other hand when, Crucify infidels are terrified and they are no more supporting human rights. United States of America with the help of Zionist Regime made a Sacrilegious movie insulting all the religions not only Islam.

All the Muslims worldwide must unify and Stand against the action, Muslims must do whatever is necessary to stop spreading this movie. We will attack them for this insult with all we have.

All the Muslim youths who are active in the Cyber world will attack to American and Zionist Web bases as much as needed such that they say that they are sorry about that insult.

We, Cyber fighters of Izz ad-din Al qassam will attack the Bank of America and New York Stock Exchange for the first step. These Targets are properties of American-Zionist Capitalists. This attack will be started today at 2 pm. GMT. This attack will continue till the Erasing of that nasty movie. Beware this attack can vary in type.

Down with modern infidels.
Allah is the Greatest. Allah is the Greatest.

The movie referred to in the message is likely the infamous Innocence of Muslims, a garish amateur propaganda piece that has been roiling Muslim communities around the world for more than a week now.

There aren't any reports yet of similar problems with the New York Stock Exchange's site or systems, but two out of four attempts to reach Bank of America's website were unsuccessful as of 4 p.m. Eastern Time on Tuesday.

This guy is everywhere now. (Image Devdsp on Flickr)

Analysis of the DDoS tools used in cyber attacks on American banks by religiously-motivated hackers Izz ad-Din al-Qassam Cyber Fighters indicates a "well-funded" effort, according to security experts.

As reported by CSO Online, analysts at security firm Prolexic Technologies were able to identify the DDoS toolkit "itsoknoproblembro" as the software behind attacks against Bank of America, Chase Bank, Wells Fargo and PNC.

It may have a hilarious name, but "itsoknoproblembro" is serious business:

The "itsoknoproblembro" toolkit is capable of simultaneously attacking components of a website's infrastructure and application layers, flooding the targets with sustained traffic peaking at 70 gigabits per second. In addition, Prolexic found that traffic signatures were unusually complex and therefore difficult to reroute away from the targets.

The vendor, which declined to name the banks whose sites it tracked, said the attackers likely spent months probing the sites for the components most susceptible to a DDoS assault. They also were knowledgeable in the technology used to mitigate such attacks.

The CEO of Prolexic told CSO Online that these were "on the level of a Stuxnet type of attack."

Stuxnet was a remarkable cyberespionage tool, reportedly jointly created by the U.S. and Israel, that struck a major blow to Iran's nuclear program in 2010.

Even though Iran and the Cyber Fighters have denied being behind last week's bank attacks, Prolexic found that "several large networks" of botnets were utilized in the attacks, indicating an operation beyond the resources of most small groups of independent attackers.

Stuxnet, the first shot across the bow. (Krebs On Security)

Cyber attackers who went after Chase and Bank of America with Directed Denial of Service (DDoS) attacks on the banks' websites may have been working for Iran.

A report from the Washington Post cites several officials who have made this claim, including Senator Joseph Lieberman, the chair of the Homeland Security and Governmental Affairs Committee.

The Post reports that in an interview with C-SPAN, Sen. Lieberman disputed the idea the attackers were independent hacktivists outraged by a controversial anti-Muslim film:

"I don’t believe these were just hackers who were skilled enough to cause disruption of the Web sites," said Lieberman in an interview taped for C-SPAN's "Newsmakers" program. "I think this was done by Iran and the Quds Force, which has its own developing cyberattack capability." The Quds Force is a special unit of Iran's Revolutionary Guard Corps, a branch of the military.

Lieberman said he believed the efforts were in response to "the increasingly strong economic sanctions that the United States and our European allies have put on Iranian financial institutions."

The Post also reported that there have been similar attacks against American telecoms such as AT&T and Level 3.

What wasn't clear from Sen. Lieberman's remarks or the Post's report was whether the "Cyber fighters of Izz ad-din Al qassam," who claimed credit for the attacks and dubbed them "Operation Ababil" were opportunistic trolls or misdirection by Iranian cyber forces.

If officials and cyber-security experts quoted by the Post are correct, it is likely Iran intended the bank attacks as a response to U.S. actions such as the infiltration of the Stuxnet worm, which disrupted Iranian nuclear operations in 2010. Stuxnet targeted uranium enrichment centrifuges and caused them to spin wildly out of control.

The most recent Pastebin post from the Cyber fighters of Izz ad-din Al qassam claimed the attack on Chase's web properties was step two. They seemed to imply there were several more steps to go.