(flickr.com/consumerist)

U.S. officials are still convinced that continuing denial of service (DDoS) attacks against American banks by the Izz ad-Din al-Qassam Cyber Fighters are cover for state-sponsored cyber sabotage by Iran, according to a report in today's New York Times.

The Times reports that the U.S. doesn't believe the hacking group's repeated claim they are targeting banks because the anti-Islam video Innocence of Muslims hasn't been taken off the Internet:

But American intelligence officials say the group is actually a cover for Iran. They claim Iran is waging the attacks in retaliation for Western economic sanctions and for a series of cyberattacks on its own systems. In the last three years, three sophisticated computer viruses — called Flame, Duqu and Stuxnet — have hit computers in Iran. The New York Times reported last year that the United States, together with Israel, was responsible for Stuxnet, the virus used to destroy centrifuges in an Iranian nuclear facility in 2010.

The U.S. has good reason to suspect state sponsorship. The al-Qassam cyber attacks have used compromised cloud computing services, which they infect with a malware package called "Itsoknoproblembro."

The malware turns infected servers into what researchers call "bRobots." Funny as the name might be, bRobots are serious business. A hacked data center filled with bRobots gives the attackers enough firepower to take down even the largest websites. As the Times reported, one bank with a substantial 40 gigabit Internet service was easily knocked offline, and others reported DDoS traffic peaks of up to 70 gigabits.

On Tuesday, the Izz ad-Din al-Qassam Cyber Fighters published a new post on Pastebin in which they said the attacks will continue. They offered a complex set of equations related to the current views and likes of Innocence of Muslims and wrote that the reasoning in allowing the video to remain on the web was "the result of direct role of Satan and evil shadow in Zionism spirit and approach of thinking."

As of Wednesday morning, the top four sites on "outage watch" at Site Down were Bank of America, Citibank, Capital One and Fifth Third Bank.

Wells Fargo's logo. (flickr/Neubie)

Earlier this week the Izz ad-Din al-Qassam Cyber Fighters announced new distributed denial of service (DDos) attacks on U.S. banks, part of what they've referred to as Phase 2 of their "Operation Ababil." It appears that they have been true to their word.

As of 1:30 p.m. on Friday afternoon, virtually all of the most recent site outage reports on SiteDown.co, one of the largest website outage notification services, were for either Wells Fargo or Bank of America. Comments from Wells Fargo customers ranged from the questioning--"What idiots do you hire to manage to your website?" to the timely: "Did the mayans shut down wells fargo as well no world no monies (sic)."

The al-Qassam Cyber Fighters have repeatedly denied they are working for Iran, even though many security experts say the size of their attacks indicates state sponsorship. In various posts, usually published on Pastebin, the cyber attackers insist their efforts against American banks continue because Google will not remove the anti-Islam video Innocence of Muslims from the Internet in any country where they are not legally required to do so.

The actual impact on banks by the continued denial of service (four days of outages for Wells Fargo this week) is still unclear. A report by Bank Info Security about the first wave of attacks from the al-Qassam Cyber Fighters in October indicated that in addition to inconvenience and customer loss, there is a danger that DDoS outages could be distractions for real hack attacks, in which customer funds are covertly transferred away, possibly to support future cyber espionage.

Whatever is really going on with the Cyber Fighters, it is clear that some banks are still unprepared for their onslaught, and customers are angry. An anonymous user on SiteDown.com likely spoke for many, writing, "Unable to log on to Bill Pay; 4th day and counting; Wells: you need significant help here; do something quick!"

Bank of America, one of the victims of Operation Ababil (Screengrab)

The Izz ad-Din al-Qassam Cyber Fighters published a new message on their Pastebin profile late Monday, warning of a new round of cyber attacks against U.S. financial institutions, beginning this week.

In their lengthy post, titled "Phase 2 Operation Ababil," the Qassam Cyber Fighters announced that they plan to attack websites owned by J.P. Morgan Chase, Bank of America, U.S. Bancorp, PNC Financial Services and SunTrust Banks.

Previous cyber attacks for which the ideologically-motivated group claimed credit took some bank sites down for more than 24 hours and affected website functions for days afterwards. The Cyber Fighters say that in Phase 2, "the wideness and the number of attacks will increase explicitly; and offenders and subsequently their governmental supporters will not be able to imagine and forecast the widespread and greatness of these attacks."

U.S. officials have said they believe the attacks are state-sponsored by Iran, but the cyber attackers still insist they are not working for any government. Though they mention events since their previous attacks such as Israel's efforts against Hamas, the al-Qassam Cyber Fighters still say their main reason for renewed cyber attacks is the presence of Innocence of Muslims on the Internet. Google has refused to removed the anti-Islamic video from the Internet in nations where it is not against the law.

Fox Business notes one of the reasons security researchers and U.S. officials have said they believe the al-Qassam Cyber Fighters are more organized and well-funded than an ad-hoc group of cyber terrorists is because they use such a sophisticated botnet of compromised web servers. The Cyber Fighters' zombie army of bots sidesteps bandwidth limits and focuses more power against their targets than attacks from home computers.

Previous banks affected by al-Qassam's efforts included Wells Fargo, Bank of America and the New York Stock Exchange.

Update: It looks like the Cyber Fighters didn't waste any time. As of 1:45 p.m. ET Tuesday, many Bank of America customers were reporting problems accessing the bank's website.

Muslim cleric Izz ad-Din al-Qassam (Wikimedia)

If customers of Regions Bank were having trouble reaching the institution's website Thursday, they could thank the Izz ad-Din al-Qassam Cyber Fighters, who returned earlier this week for the fourth week of Operation Ababil.

Operation Ababil is an ongoing effort by cyber-attackers who say they plan to keep knocking American banks offline until Innocence of Muslims has been taken off the web. While Google has blocked the video in countries where its bigoted content is illegal, the search giant has said it will not block the video in the U.S., citing laws that protect freedom of speech.

Some experts think Iran is behind the Qassam Cyber Fighters, but the group has denied this.

Their Pastebin from October 8th added new reasons for their outrage:

A number of cyber-attacks toward the American banks planned and executed during the past weeks. Those attacks were a response to an insulting film against the great prophet of Islam which was made and broadcast on the Internet according to Zionists will and Americans management. All Muslims and free-minded people around the world protested this absurd action but their complaints were not addressed. If these protests were done by your fans any film was immediately removed from internet. For instance, at the same time with the Queen of England family's complaint against an insulting photo published in the French magazines the photo was removed immediately. But you did not care about the demands of Muslims and called the fighter groups' activities terrorist attacks.

You are insulting the prophet of Islam, what do you expect from Muslims? Do they have the right to confront or retaliate? Do you have a respectable thing that can be insulted in retaliation?

The Cyber Fighters concluded that "respectable thing" was banks. So they listed their targets and a timeline for the attacks:

Tuesday 10/9/2012 : attack to Capital One Financial Corp site, capitalone.com
Wednesday 10/10/2012 : attack to SunTrust Banks, Inc, suntrust.com
Thursday 10/11/2012 : attack to Regions Financial Corp site, regions.com
Weekends: planning for the next week' attacks.

The Cyber Fighters were careful to note that they weren't hacking everything. They referred to "recent Trojan-based attacks" that targeted "electronic money transfers" and stated that their activities were "only against the insulting movie mentioned above."

Operation Ababil has been documented in both Arabic and English. English posts often appear to be translations from the Arabic, but the most recent Arabic post seemed to reveal a sentence the attackers chose to leave out of the English version:

Sorry of the customers of these banks because the attacks caused interruption of banking operations, and we invite them to join the rest of the world in these activities [...]

Capital One, attacked on Tuesday, was still having problems Thursday. Sun Trust Banks was also knocked offline Wednesday, as promised.

As has been this group's practice, these cyber attacks will occur for eight hours each day, beginning at 10 a.m. EDT.

Screenshot from http://zone-h.org/archive

In response to a right wing website's allegation they sustained a cyber attack from Chinese hackers, the White House has admitted to Politico that the attack occurred. However, the Obama Administration insists no data was stolen and classified systems were not compromised.

An unnamed official told Politico that the attempted hack was essentially an isolated incident in which a staffer received an email carrying a malware attachment. To be clear, everything is cool now and rogue Chinese hackers won't be taking control of the suitcase containing nuclear launch codes any time soon:

None of the White House’s secure, classified computer systems were affected, said the official, who reached out to POLITICO after the Free Beacon story appeared — without having been asked for comment. Nor had there been any attempted breach of a classified system, according to the official.

As Politico notes, the Washington Free Beacon, which broke the news of the attack, has a clear right wing agenda and has worked to portray the current administration as weak on foreign policy. The same site has also alleged that Russian nuclear subs were patrolling in U.S. territory, a charge denied by the Department of Defense.

There's no doubt there are teams of possibly Chinese government-sponsored hackers at work attempting to dig into all sorts of Western systems--Telvent Canada, an energy industry giant, was hacked sometime around Sept. 11.

HoneyMap (screengrab)

The Honeynet Project has made monitoring the war in cyber space weirdly fascinating with its HoneyMap, which displays malicious attacks as they happen. The result is reminiscent of old animated maps from newsreels reporting on battles during World War II.

The Atlantic Wire explains how to read the HoneyMap:

Each red dot that pops up when you go to the map represents an attack on a computer. Yellow dots represent honeypots, or systems set up to record incoming attacks. The black box on the bottom says where each attack is coming from as they come in.

The Honeynet Project is a worldwide chain of honeypots that track these attacks. As The Atlantic reports, some members of the network aren't pushing their data to the map, so it currently tends to display more attacks across Europe.

Betabeat observed several attacks occurring across Brazil and fewer in the United States, though it appears computers in Google's home city of Mountain View, California and Microsoft's area of Washington State are under sustained attack throughout the day. A large number of the attacks come from various locations in Russia, however we spotted a few actually coming from servers in Mountain View.

Try to not lose a few minutes gazing at the HoneyMap making exploding sounds with your mouth as each red dot bursts on the screen.

Muslim cleric Izz ad-Din al-Qassam (Wikimedia)

The Izz ad-Din al-Qassam Cyber Fighters have returned with a new declaration published on Pastebin and a new set of targets. If you park your money with Wells Fargo and can’t reach the bank’s website, you apparently can blame the hackers and their Operation Ababil.

The group's Pastebin post renewed their call for the anti-Muslim video Innocence of Muslims to be removed from the web. They also refuted allegations their actions have been state-sponsored by Iran, stating that they "strongly reject the American officials' insidious attempts to deceive public opinion."

The Cyber Fighters went on to give a timetable for their attacks and urged others to join the fight:

We shall attack for 8 hours daily, starting at 2:30 PM GMT, every day. We repeat again the attacks will continue for sure till the removal of that sacrilegious movie.

We invite all cyberspace workers to join us in this Proper Act. If America's arrogant government do not submit, the attack will be large and larger and will include other evil countries like Israel, French and U.Kingdom indeed.

Several large financial institutions can expect to go the way of WellsFargo.com, which was timing out for users accessing the page from multiple locations on Tuesday afternoon.

The bank acknowledged the problem and posted the following on its Twitter account around 4 p.m. ET:

We apologize to customers who may be experiencing limited access to @wellsfargo.com & online banking. We are working to quickly…

— Wells Fargo (@WellsFargo) September 25, 2012

resolve this issue. Customers can still access their accounts through our ATMs, stores and by phone at 800-956-4442.

— Wells Fargo (@WellsFargo) September 25, 2012

Muslim Cyber Fighters say they will also target the following:

Wednesday 9/26/2012 : attack to U.S. Bank site, www.usbank.com
Thursday 9/27/2012 : attack to PNC site, www.pnc.com

Past cyber-attacks for which this group claims responsibility struck Bank of America and JP Morgan Chase.

While the problems for the larger banks were intermittent, the Wells Fargo attack seems to have been the most effective so far, indicating the group may be improving their methods.

Stuxnet, the first shot across the bow. (Krebs On Security)

Cyber attackers who went after Chase and Bank of America with Directed Denial of Service (DDoS) attacks on the banks' websites may have been working for Iran.

A report from the Washington Post cites several officials who have made this claim, including Senator Joseph Lieberman, the chair of the Homeland Security and Governmental Affairs Committee.

The Post reports that in an interview with C-SPAN, Sen. Lieberman disputed the idea the attackers were independent hacktivists outraged by a controversial anti-Muslim film:

"I don’t believe these were just hackers who were skilled enough to cause disruption of the Web sites," said Lieberman in an interview taped for C-SPAN's "Newsmakers" program. "I think this was done by Iran and the Quds Force, which has its own developing cyberattack capability." The Quds Force is a special unit of Iran's Revolutionary Guard Corps, a branch of the military.

Lieberman said he believed the efforts were in response to "the increasingly strong economic sanctions that the United States and our European allies have put on Iranian financial institutions."

The Post also reported that there have been similar attacks against American telecoms such as AT&T and Level 3.

What wasn't clear from Sen. Lieberman's remarks or the Post's report was whether the "Cyber fighters of Izz ad-din Al qassam," who claimed credit for the attacks and dubbed them "Operation Ababil" were opportunistic trolls or misdirection by Iranian cyber forces.

If officials and cyber-security experts quoted by the Post are correct, it is likely Iran intended the bank attacks as a response to U.S. actions such as the infiltration of the Stuxnet worm, which disrupted Iranian nuclear operations in 2010. Stuxnet targeted uranium enrichment centrifuges and caused them to spin wildly out of control.

The most recent Pastebin post from the Cyber fighters of Izz ad-din Al qassam claimed the attack on Chase's web properties was step two. They seemed to imply there were several more steps to go.

Izz ad-Din al-Qassam (Wikimedia)

The Cyber fighters of Izz ad-din Al qassam, a group of cyber-attackers who have targeted Bank of America and the New York Stock Exchange, allegedly struck J.P. Morgan Chase today. Fox Business reported on the site outage at Chase.com and consulted with Flashpoint Partners about the problems. Flashpoint told Fox that Chase's problems were probably due to a "sustained denial of service attack."

The religiously-motivated hackers, who claim they are responding to the anti-Muslim video, Innocence of Muslims, have published a new Pastebin page claiming credit for the Chase attack:

In the name of Allah the companionate the merciful

My soul is devoted to you Dear Prophet of Allah

"Operation Ababil" started over BoA :

http://pastebin.com/mCHia4W5
http://pastebin.com/wMma9zyG

In the second step we attacked the largest bank of the united states, the "chase" bank. These series of attacks will continue untill the Erasing of that nasty movie from the Internet.

The site "www.chase.com" is down and also Online banking at "chaseonline.chase.com" is being decided to be Offline !

Down with modern infidels.

### Cyber fighters of Izz ad-din Al qassam ###

"Operation Ababil" was also the name of a failed Pakistani military operation that occurred in April, 1984.

Pakistan planned the maneuver (sometimes spelled "Operation Ababeel") as an effort to capture a glacier in the long-disputed region of Kashmir. India learned of the plan and managed to seize the area two days before Pakistan pulled the trigger on the mission.

Are the Cyber fighters of Izz ad-din Al qassam hinting that they might be based in Pakistan? Not necessarily--the name of the operation could be a red herring.

The group's moniker may mean more than whatever they call their efforts against financial institutions; Izz ad-din Al qassam, according to Wikipedia, was the name of a Syrian-born "Muslim preacher who was a leader in the fight against British, French, and Zionist organizations in the Levant in the 1920s and 1930s."

Innocence of Muslims has been blocked in Pakistan and several other heavily Muslim countries but Google has refused to completely remove the film from the web.

Screengrab

Bank of America customers have had a hard time accessing the bank's website today--and a claim posted by a Muslim hacker group on Pastebin.com may have something to do with that. Reuters has reported that the "scope of the problem could not immediately be learned" but BoA customers across the country were having similar problems.

In a Pastebin post made sometime Tuesday, a group claiming to speak "In the name of Allah the companionate (sic) the merciful" wrote the following:

My soul is devoted to you Dear Prophet of Allah
Dear Muslim youths, Muslims Nations and are noblemen
When Arab nations rose against their corrupt regimes (those who support Zionist regime) at the other hand when, Crucify infidels are terrified and they are no more supporting human rights. United States of America with the help of Zionist Regime made a Sacrilegious movie insulting all the religions not only Islam.

All the Muslims worldwide must unify and Stand against the action, Muslims must do whatever is necessary to stop spreading this movie. We will attack them for this insult with all we have.

All the Muslim youths who are active in the Cyber world will attack to American and Zionist Web bases as much as needed such that they say that they are sorry about that insult.

We, Cyber fighters of Izz ad-din Al qassam will attack the Bank of America and New York Stock Exchange for the first step. These Targets are properties of American-Zionist Capitalists. This attack will be started today at 2 pm. GMT. This attack will continue till the Erasing of that nasty movie. Beware this attack can vary in type.

Down with modern infidels.
Allah is the Greatest. Allah is the Greatest.

The movie referred to in the message is likely the infamous Innocence of Muslims, a garish amateur propaganda piece that has been roiling Muslim communities around the world for more than a week now.

There aren't any reports yet of similar problems with the New York Stock Exchange's site or systems, but two out of four attempts to reach Bank of America's website were unsuccessful as of 4 p.m. Eastern Time on Tuesday.