Threat of New Cyberattacks Against Banks Met with Shrug

They're back. The Izz ad-Din al-Qassam Cyber Fighters are threatening banks with a new wave of distributed denial-of-service attacks.

Since last September, al-Qassam has taken responsibility for a series of cyber assaults that have plagued some of the nation's largest banks — shuttering the online banking operations of Wells Fargo, PNC and dozens of others.

However, al-Qassam has so far laid low this summer. In May, the group said it was going to take a break in order to avoid confusing its operations with attacks threatened by the hacktivist group Anonymous.

This new phase, al-Qassam says, will be different.

"You'll feel this in the coming days," the group says in a confusing missive on Pastebin, an anonymous forum mainly used by programmers to post code.

al-Qassam — which is demanding an anti-Muslim video be taken down from YouTube — did not provide further details of the upcoming attacks in its most recent posting.

An FBI spokeswoman declined to comment on the potential attacks.

al-Qassam's latest threats come less than a week after Quantum Dawn 2, a staged assault conducted to test some of Wall Street's biggest banks' responses to cyber threats. The trial was run by the Securities Industry and Financial Markets Association; more than 500 people from 50 different financial services companies and government agencies participated.

DDoS attacks like the one the al-Qassam group has conducted have little impact on a bank's business, says Robert E. Lee, a business analyst at Intuit.

"The intelligent attackers, the ones we actually care about, are the ones that use DDoS as a distraction technique," he says, referring to criminals that use denial of service attacks as a means of focusing bank employees' attention on restoring the website, away from big ACH transfers or other virtual crimes.

"The ones that are simply trying to knock sites off-line might put a sour taste in the mouths of users but have less of an impact," Lee says.

That's exactly the stated purpose of al-Qassam.

In the past, it's been successful at disabling banks' websites for several hours, with the potential motive of undermining the American public's faith in the financial system.

"I think what they are hoping is someone will not understand and say, 'My core banking is offline for 10 minutes,'" says Ken Baylor, a research vice president at the information security research and advisory company NSS Labs. "What was kind of a bad joke has just kept on running."

The cost to banks is negligible aside from inconvenience for customers, Baylor says.

He adds, "And even if they do succeed now" in disrupting banks' consumer-facing websites, "it really is a 'So what.' "

For reprint and licensing requests for this article, click here.
Bank technology
MORE FROM AMERICAN BANKER