Could've gone better.

Does anything rouse anger quite like gaming? Consumerist has just concluded its tournament for the worst company in America, and for the second year in a row, Electronic Arts took the top spot. That means Consumerist readers hate EA even worse than Bank of America, a company that'll basically pick your pocket if you let your bank balance drop below a certain threshold. It wasn't even close: 78 percent of voters picked EA.

Consumerist writes:

"It’s only a fractured, antiquated public perception that video games are somehow frivolous holdovers from childhood that allows gamers to be abused and taken advantage of by the very people who supply them the games they play."

In other words, EA is learning what little brothers all over America spent the late '90s learning the hard way: Do NOT mess with somebody's Sim City game.

EA's response to this latest embarrassment? In a blog post titled "We can do better," COO Peter Moore admitted mistakes ranging from the Sim City disaster to disappointing games and "missteps on new pricing models." But then he strolled down a path lined with straw men, culminating in the suggestion that homophobes tried to stuff the ballot box:

In the past year, we have received thousands of emails and postcards protesting against EA for allowing players to create LGBT characters in our games.  This week, we’re seeing posts on conservative web sites urging people to protest our LGBT policy by voting EA the Worst Company in America.

Come on, Peter. You can't magick this away by blaming social conservatives any more than I can disappear my city's problems by cranking taxes up to 25 percent and running the game at double the speed.

(flickr.com/consumerist)

U.S. officials are still convinced that continuing denial of service (DDoS) attacks against American banks by the Izz ad-Din al-Qassam Cyber Fighters are cover for state-sponsored cyber sabotage by Iran, according to a report in today's New York Times.

The Times reports that the U.S. doesn't believe the hacking group's repeated claim they are targeting banks because the anti-Islam video Innocence of Muslims hasn't been taken off the Internet:

But American intelligence officials say the group is actually a cover for Iran. They claim Iran is waging the attacks in retaliation for Western economic sanctions and for a series of cyberattacks on its own systems. In the last three years, three sophisticated computer viruses — called Flame, Duqu and Stuxnet — have hit computers in Iran. The New York Times reported last year that the United States, together with Israel, was responsible for Stuxnet, the virus used to destroy centrifuges in an Iranian nuclear facility in 2010.

The U.S. has good reason to suspect state sponsorship. The al-Qassam cyber attacks have used compromised cloud computing services, which they infect with a malware package called "Itsoknoproblembro."

The malware turns infected servers into what researchers call "bRobots." Funny as the name might be, bRobots are serious business. A hacked data center filled with bRobots gives the attackers enough firepower to take down even the largest websites. As the Times reported, one bank with a substantial 40 gigabit Internet service was easily knocked offline, and others reported DDoS traffic peaks of up to 70 gigabits.

On Tuesday, the Izz ad-Din al-Qassam Cyber Fighters published a new post on Pastebin in which they said the attacks will continue. They offered a complex set of equations related to the current views and likes of Innocence of Muslims and wrote that the reasoning in allowing the video to remain on the web was "the result of direct role of Satan and evil shadow in Zionism spirit and approach of thinking."

As of Wednesday morning, the top four sites on "outage watch" at Site Down were Bank of America, Citibank, Capital One and Fifth Third Bank.

Bank of America, one of the victims of Operation Ababil (Screengrab)

The Izz ad-Din al-Qassam Cyber Fighters published a new message on their Pastebin profile late Monday, warning of a new round of cyber attacks against U.S. financial institutions, beginning this week.

In their lengthy post, titled "Phase 2 Operation Ababil," the Qassam Cyber Fighters announced that they plan to attack websites owned by J.P. Morgan Chase, Bank of America, U.S. Bancorp, PNC Financial Services and SunTrust Banks.

Previous cyber attacks for which the ideologically-motivated group claimed credit took some bank sites down for more than 24 hours and affected website functions for days afterwards. The Cyber Fighters say that in Phase 2, "the wideness and the number of attacks will increase explicitly; and offenders and subsequently their governmental supporters will not be able to imagine and forecast the widespread and greatness of these attacks."

U.S. officials have said they believe the attacks are state-sponsored by Iran, but the cyber attackers still insist they are not working for any government. Though they mention events since their previous attacks such as Israel's efforts against Hamas, the al-Qassam Cyber Fighters still say their main reason for renewed cyber attacks is the presence of Innocence of Muslims on the Internet. Google has refused to removed the anti-Islamic video from the Internet in nations where it is not against the law.

Fox Business notes one of the reasons security researchers and U.S. officials have said they believe the al-Qassam Cyber Fighters are more organized and well-funded than an ad-hoc group of cyber terrorists is because they use such a sophisticated botnet of compromised web servers. The Cyber Fighters' zombie army of bots sidesteps bandwidth limits and focuses more power against their targets than attacks from home computers.

Previous banks affected by al-Qassam's efforts included Wells Fargo, Bank of America and the New York Stock Exchange.

Update: It looks like the Cyber Fighters didn't waste any time. As of 1:45 p.m. ET Tuesday, many Bank of America customers were reporting problems accessing the bank's website.

This guy is everywhere now. (Image Devdsp on Flickr)

Analysis of the DDoS tools used in cyber attacks on American banks by religiously-motivated hackers Izz ad-Din al-Qassam Cyber Fighters indicates a "well-funded" effort, according to security experts.

As reported by CSO Online, analysts at security firm Prolexic Technologies were able to identify the DDoS toolkit "itsoknoproblembro" as the software behind attacks against Bank of America, Chase Bank, Wells Fargo and PNC.

It may have a hilarious name, but "itsoknoproblembro" is serious business:

The "itsoknoproblembro" toolkit is capable of simultaneously attacking components of a website's infrastructure and application layers, flooding the targets with sustained traffic peaking at 70 gigabits per second. In addition, Prolexic found that traffic signatures were unusually complex and therefore difficult to reroute away from the targets.

The vendor, which declined to name the banks whose sites it tracked, said the attackers likely spent months probing the sites for the components most susceptible to a DDoS assault. They also were knowledgeable in the technology used to mitigate such attacks.

The CEO of Prolexic told CSO Online that these were "on the level of a Stuxnet type of attack."

Stuxnet was a remarkable cyberespionage tool, reportedly jointly created by the U.S. and Israel, that struck a major blow to Iran's nuclear program in 2010.

Even though Iran and the Cyber Fighters have denied being behind last week's bank attacks, Prolexic found that "several large networks" of botnets were utilized in the attacks, indicating an operation beyond the resources of most small groups of independent attackers.

Muslim cleric Izz ad-Din al-Qassam (Wikimedia)

The Izz ad-Din al-Qassam Cyber Fighters have returned with a new declaration published on Pastebin and a new set of targets. If you park your money with Wells Fargo and can’t reach the bank’s website, you apparently can blame the hackers and their Operation Ababil.

The group's Pastebin post renewed their call for the anti-Muslim video Innocence of Muslims to be removed from the web. They also refuted allegations their actions have been state-sponsored by Iran, stating that they "strongly reject the American officials' insidious attempts to deceive public opinion."

The Cyber Fighters went on to give a timetable for their attacks and urged others to join the fight:

We shall attack for 8 hours daily, starting at 2:30 PM GMT, every day. We repeat again the attacks will continue for sure till the removal of that sacrilegious movie.

We invite all cyberspace workers to join us in this Proper Act. If America's arrogant government do not submit, the attack will be large and larger and will include other evil countries like Israel, French and U.Kingdom indeed.

Several large financial institutions can expect to go the way of WellsFargo.com, which was timing out for users accessing the page from multiple locations on Tuesday afternoon.

The bank acknowledged the problem and posted the following on its Twitter account around 4 p.m. ET:

We apologize to customers who may be experiencing limited access to @wellsfargo.com & online banking. We are working to quickly…

— Wells Fargo (@WellsFargo) September 25, 2012

resolve this issue. Customers can still access their accounts through our ATMs, stores and by phone at 800-956-4442.

— Wells Fargo (@WellsFargo) September 25, 2012

Muslim Cyber Fighters say they will also target the following:

Wednesday 9/26/2012 : attack to U.S. Bank site, www.usbank.com
Thursday 9/27/2012 : attack to PNC site, www.pnc.com

Past cyber-attacks for which this group claims responsibility struck Bank of America and JP Morgan Chase.

While the problems for the larger banks were intermittent, the Wells Fargo attack seems to have been the most effective so far, indicating the group may be improving their methods.

Stuxnet, the first shot across the bow. (Krebs On Security)

Cyber attackers who went after Chase and Bank of America with Directed Denial of Service (DDoS) attacks on the banks' websites may have been working for Iran.

A report from the Washington Post cites several officials who have made this claim, including Senator Joseph Lieberman, the chair of the Homeland Security and Governmental Affairs Committee.

The Post reports that in an interview with C-SPAN, Sen. Lieberman disputed the idea the attackers were independent hacktivists outraged by a controversial anti-Muslim film:

"I don’t believe these were just hackers who were skilled enough to cause disruption of the Web sites," said Lieberman in an interview taped for C-SPAN's "Newsmakers" program. "I think this was done by Iran and the Quds Force, which has its own developing cyberattack capability." The Quds Force is a special unit of Iran's Revolutionary Guard Corps, a branch of the military.

Lieberman said he believed the efforts were in response to "the increasingly strong economic sanctions that the United States and our European allies have put on Iranian financial institutions."

The Post also reported that there have been similar attacks against American telecoms such as AT&T and Level 3.

What wasn't clear from Sen. Lieberman's remarks or the Post's report was whether the "Cyber fighters of Izz ad-din Al qassam," who claimed credit for the attacks and dubbed them "Operation Ababil" were opportunistic trolls or misdirection by Iranian cyber forces.

If officials and cyber-security experts quoted by the Post are correct, it is likely Iran intended the bank attacks as a response to U.S. actions such as the infiltration of the Stuxnet worm, which disrupted Iranian nuclear operations in 2010. Stuxnet targeted uranium enrichment centrifuges and caused them to spin wildly out of control.

The most recent Pastebin post from the Cyber fighters of Izz ad-din Al qassam claimed the attack on Chase's web properties was step two. They seemed to imply there were several more steps to go.

Izz ad-Din al-Qassam (Wikimedia)

The Cyber fighters of Izz ad-din Al qassam, a group of cyber-attackers who have targeted Bank of America and the New York Stock Exchange, allegedly struck J.P. Morgan Chase today. Fox Business reported on the site outage at Chase.com and consulted with Flashpoint Partners about the problems. Flashpoint told Fox that Chase's problems were probably due to a "sustained denial of service attack."

The religiously-motivated hackers, who claim they are responding to the anti-Muslim video, Innocence of Muslims, have published a new Pastebin page claiming credit for the Chase attack:

In the name of Allah the companionate the merciful

My soul is devoted to you Dear Prophet of Allah

"Operation Ababil" started over BoA :

http://pastebin.com/mCHia4W5
http://pastebin.com/wMma9zyG

In the second step we attacked the largest bank of the united states, the "chase" bank. These series of attacks will continue untill the Erasing of that nasty movie from the Internet.

The site "www.chase.com" is down and also Online banking at "chaseonline.chase.com" is being decided to be Offline !

Down with modern infidels.

### Cyber fighters of Izz ad-din Al qassam ###

"Operation Ababil" was also the name of a failed Pakistani military operation that occurred in April, 1984.

Pakistan planned the maneuver (sometimes spelled "Operation Ababeel") as an effort to capture a glacier in the long-disputed region of Kashmir. India learned of the plan and managed to seize the area two days before Pakistan pulled the trigger on the mission.

Are the Cyber fighters of Izz ad-din Al qassam hinting that they might be based in Pakistan? Not necessarily--the name of the operation could be a red herring.

The group's moniker may mean more than whatever they call their efforts against financial institutions; Izz ad-din Al qassam, according to Wikipedia, was the name of a Syrian-born "Muslim preacher who was a leader in the fight against British, French, and Zionist organizations in the Levant in the 1920s and 1930s."

Innocence of Muslims has been blocked in Pakistan and several other heavily Muslim countries but Google has refused to completely remove the film from the web.

Its got to be state of the art!

Some of the nation's biggest banks and venture investors have partnered with New York City Investment Fund to create the FinTech Innovation Lab.

The program is a annual twelve-week incubator to find and foster promising startups working on financial technologies.

Participating banks include all the big boys — Citigroup, Goldman Sachs, JPMorgan Chase, Morgan Stanley and Bank of America.

"What's really great and unique about this program is that the startups involved get to work directly with the chief technology officers from the nation's top financial institutions," says Maria Gotsch, CEO of the NYC Investment Fund.

Startups will need to have an alpha version of their technology to be considered. Applications are due by the end of Janurary, with the program slated to begin this May.

"For entrepreneurs targeting the financial services sector, this program is a unique opportunity to get access and feedback from potential users and funders," commented Fred Wilson, board member of New York City Investment Fund and Managing General Partner of Union Square Ventures. "This type of market input is invaluable."

In other words, this is a killer opportunity for startups to get on the fast track with some of the biggest players in the $14 billion market for banking and securities software.

bpopper [at] observer.com | @benpopper