Wells Fargo's logo. (flickr/Neubie)

Earlier this week the Izz ad-Din al-Qassam Cyber Fighters announced new distributed denial of service (DDos) attacks on U.S. banks, part of what they've referred to as Phase 2 of their "Operation Ababil." It appears that they have been true to their word.

As of 1:30 p.m. on Friday afternoon, virtually all of the most recent site outage reports on SiteDown.co, one of the largest website outage notification services, were for either Wells Fargo or Bank of America. Comments from Wells Fargo customers ranged from the questioning--"What idiots do you hire to manage to your website?" to the timely: "Did the mayans shut down wells fargo as well no world no monies (sic)."

The al-Qassam Cyber Fighters have repeatedly denied they are working for Iran, even though many security experts say the size of their attacks indicates state sponsorship. In various posts, usually published on Pastebin, the cyber attackers insist their efforts against American banks continue because Google will not remove the anti-Islam video Innocence of Muslims from the Internet in any country where they are not legally required to do so.

The actual impact on banks by the continued denial of service (four days of outages for Wells Fargo this week) is still unclear. A report by Bank Info Security about the first wave of attacks from the al-Qassam Cyber Fighters in October indicated that in addition to inconvenience and customer loss, there is a danger that DDoS outages could be distractions for real hack attacks, in which customer funds are covertly transferred away, possibly to support future cyber espionage.

Whatever is really going on with the Cyber Fighters, it is clear that some banks are still unprepared for their onslaught, and customers are angry. An anonymous user on SiteDown.com likely spoke for many, writing, "Unable to log on to Bill Pay; 4th day and counting; Wells: you need significant help here; do something quick!"

Wells Fargo, hit by al-Qassam Cyber Fighters DDoS attacks.

Denial of service elves Izz ad-Din al-Qassam Cyber Fighters issued a new statement Tuesday and apparently renewed DDoS attacks on American bank websites.

In a brief Pastebin post the hackers--who claim they are mainly motivated by outrage over the anti-Muslim video, Innocence of Muslims--acknowledged the horrific school shootings that took place in Newtown Connecticut on December 14th, but re-committed to their efforts against U.S. financial institutions:

Originally, we sympathize deeply with families of the schoolchildren victimized by the horrible happening of Sandy Hook Elementary school. It’s very clear that a system which its rulers and capitalists are the owners of weaponry big companies never care about occurrence of these events. The past week’s attacks, showed our ability in doing wideness attacks so efficiently and of course this is not all of the Izz ad-Din al-Qassam’s ability. The attacks will be persistent till eliminating injustice and stopping the insults to the prophet of mercy and removing the offensive film, and we are sure that we will reach to our goals.

Based on reports made to Sitedown.co of website outages, the al-Qassam Cyber Fighters have been true to their word. By 5:45 p.m. ET on Tuesday over 400 users had reported an outage at WellsFargo.com since 9:15 a.m. Other banks reporting outages Tuesday included Bank of America and Chase, but Wells Fargo seemed hardest hit.

The cyber-attackers also promised that this week's attacks "will be as wide as previous week" and that customers of the "5 major US banks" should prepare for more "sorrow" and "inaccessibility."

Bank of America, one of the victims of Operation Ababil (Screengrab)

The Izz ad-Din al-Qassam Cyber Fighters published a new message on their Pastebin profile late Monday, warning of a new round of cyber attacks against U.S. financial institutions, beginning this week.

In their lengthy post, titled "Phase 2 Operation Ababil," the Qassam Cyber Fighters announced that they plan to attack websites owned by J.P. Morgan Chase, Bank of America, U.S. Bancorp, PNC Financial Services and SunTrust Banks.

Previous cyber attacks for which the ideologically-motivated group claimed credit took some bank sites down for more than 24 hours and affected website functions for days afterwards. The Cyber Fighters say that in Phase 2, "the wideness and the number of attacks will increase explicitly; and offenders and subsequently their governmental supporters will not be able to imagine and forecast the widespread and greatness of these attacks."

U.S. officials have said they believe the attacks are state-sponsored by Iran, but the cyber attackers still insist they are not working for any government. Though they mention events since their previous attacks such as Israel's efforts against Hamas, the al-Qassam Cyber Fighters still say their main reason for renewed cyber attacks is the presence of Innocence of Muslims on the Internet. Google has refused to removed the anti-Islamic video from the Internet in nations where it is not against the law.

Fox Business notes one of the reasons security researchers and U.S. officials have said they believe the al-Qassam Cyber Fighters are more organized and well-funded than an ad-hoc group of cyber terrorists is because they use such a sophisticated botnet of compromised web servers. The Cyber Fighters' zombie army of bots sidesteps bandwidth limits and focuses more power against their targets than attacks from home computers.

Previous banks affected by al-Qassam's efforts included Wells Fargo, Bank of America and the New York Stock Exchange.

Update: It looks like the Cyber Fighters didn't waste any time. As of 1:45 p.m. ET Tuesday, many Bank of America customers were reporting problems accessing the bank's website.

The IAEA logo.

The International Atomic Energy Agency (IAEA) reported a striking security breach Tuesday, admitting that hackers had stolen information from one of its servers and published it online.

According to Reuters, a group with "an Iranian-sounding name" published the information and requested a probe into Israel's nuclear program.  The IAEA is already wary of Iran's nuclear ambitions.

Reuters reports the theft may not have compromised much in the way of confidential data:

A Western diplomat said the stolen data was not believed to include information related to confidential work carried out by the IAEA. One of the agency's tasks is preventing the spread of nuclear weapons.

The hackers who posted the info call themselves Parastoo (the Persian name for birds known as swallows in English) and naturally enough they used Pastebin.

In the Pastebin post Parastoo wrote that this was their first such message and the public would be "hearing game changing news" from them frequently in the future. After publishing a list of email addresses  lifted from the IAEA's server in Vienna, Parastoo asked the owners of the addresses to sign a petition to request a closer look at nuclear activities in the city of Dimona, which is home to Israel's Negev Nuclear Research Center.

Parastoo seemed to reassure the IAEA that the hack was performed merely to get the agency's attention, writing that the IAEA's "critical information is safe with us(,) as we are brothers."

They closed with an apparent warning to Israel that doubled as a nod to Anonymous: "You are not Anonymous. Expect us."

The Muslim Cyber Fighters who DDoSed several American banks in October have insisted their project, which they called "Operation Ababil," was not sponsored by the government of Iran.

"Ababil" is an Arabic word for the same bird called "parastoo" in Persian--the swallow. There are references to the swallow in the Qu'ran, including "The Story of the Companions of the Elephants," in which a flock of birds carrying stones attack soldiers and elephants, killing them.

So--it's possible that these hacker references to swallows are just coincidence. Unless hackers have also begun to grow wings.

Still from a trailer for Innocence of Muslims

Muslims protested at Google headquarters in London on Sunday, expressing outrage over the search giant's refusal to remove Innocence of Muslims from YouTube.

One of the men behind the event, Masoud Alam, told the Telegraph that there will be more protests "at the offices of Google and YouTube across the world." Muslims wish to ban the film, said Mr. Alam, because it is an "insult of the Prophet."

Some in attendance on Sunday said they want to expand their protests:

Sheikh Siddiqui, a barrister from Nuneaton, said he wanted to form a coalition with the Church of England, Catholics, Jewish groups, Trade Unions and even Conservatives to encourage their ranks to join his "campaign for civility".

"We want everyone in society to recognise these people are wrecking our fragile global society. We want the Church, the Synod, Jewish groups and establishment figures involved," he said.

The Telegraph quoted a YouTube spokesperson, who admitted that the company's efforts to "create a community everyone can enjoy" is challenging, "because what's OK in one country can be offensive elsewhere."

Google and YouTube are holding fast to what they see as a free-speech issue and has clearly stated that they will not remove or block the video in any country where it is considered protected speech.

Muslims have apparently protests online as well. Muslim Cyber Fighters continued a fourth week of well-organized denial of service attacks on American financial institutions last week, taking the websites of Regions, Capital One and SunTrust banks offline for several hours a day.

This guy is everywhere now. (Image Devdsp on Flickr)

Analysis of the DDoS tools used in cyber attacks on American banks by religiously-motivated hackers Izz ad-Din al-Qassam Cyber Fighters indicates a "well-funded" effort, according to security experts.

As reported by CSO Online, analysts at security firm Prolexic Technologies were able to identify the DDoS toolkit "itsoknoproblembro" as the software behind attacks against Bank of America, Chase Bank, Wells Fargo and PNC.

It may have a hilarious name, but "itsoknoproblembro" is serious business:

The "itsoknoproblembro" toolkit is capable of simultaneously attacking components of a website's infrastructure and application layers, flooding the targets with sustained traffic peaking at 70 gigabits per second. In addition, Prolexic found that traffic signatures were unusually complex and therefore difficult to reroute away from the targets.

The vendor, which declined to name the banks whose sites it tracked, said the attackers likely spent months probing the sites for the components most susceptible to a DDoS assault. They also were knowledgeable in the technology used to mitigate such attacks.

The CEO of Prolexic told CSO Online that these were "on the level of a Stuxnet type of attack."

Stuxnet was a remarkable cyberespionage tool, reportedly jointly created by the U.S. and Israel, that struck a major blow to Iran's nuclear program in 2010.

Even though Iran and the Cyber Fighters have denied being behind last week's bank attacks, Prolexic found that "several large networks" of botnets were utilized in the attacks, indicating an operation beyond the resources of most small groups of independent attackers.

Muslim cleric Izz ad-Din al-Qassam (Wikimedia)

The Izz ad-Din al-Qassam Cyber Fighters have returned with a new declaration published on Pastebin and a new set of targets. If you park your money with Wells Fargo and can’t reach the bank’s website, you apparently can blame the hackers and their Operation Ababil.

The group's Pastebin post renewed their call for the anti-Muslim video Innocence of Muslims to be removed from the web. They also refuted allegations their actions have been state-sponsored by Iran, stating that they "strongly reject the American officials' insidious attempts to deceive public opinion."

The Cyber Fighters went on to give a timetable for their attacks and urged others to join the fight:

We shall attack for 8 hours daily, starting at 2:30 PM GMT, every day. We repeat again the attacks will continue for sure till the removal of that sacrilegious movie.

We invite all cyberspace workers to join us in this Proper Act. If America's arrogant government do not submit, the attack will be large and larger and will include other evil countries like Israel, French and U.Kingdom indeed.

Several large financial institutions can expect to go the way of WellsFargo.com, which was timing out for users accessing the page from multiple locations on Tuesday afternoon.

The bank acknowledged the problem and posted the following on its Twitter account around 4 p.m. ET:

We apologize to customers who may be experiencing limited access to @wellsfargo.com & online banking. We are working to quickly…

— Wells Fargo (@WellsFargo) September 25, 2012

resolve this issue. Customers can still access their accounts through our ATMs, stores and by phone at 800-956-4442.

— Wells Fargo (@WellsFargo) September 25, 2012

Muslim Cyber Fighters say they will also target the following:

Wednesday 9/26/2012 : attack to U.S. Bank site, www.usbank.com
Thursday 9/27/2012 : attack to PNC site, www.pnc.com

Past cyber-attacks for which this group claims responsibility struck Bank of America and JP Morgan Chase.

While the problems for the larger banks were intermittent, the Wells Fargo attack seems to have been the most effective so far, indicating the group may be improving their methods.