The hacktivist group Anonymous, which brought down the Greek central bank’s website through a distributed denial of service attack on Tuesday, claims it will be targeting financial organizations around the globe over the next 30 days.
In a video about the attack, the group claims it will target PayPal, MasterCard, Visa, Nasdaq, the Bank for International Settlements, all central banks, the IMF, London Stock Exchange "and every major banking system." However, a pastebin post that purports to be Anonymous' master target list does not mention PayPal, MasterCard, Visa or Nasdaq. The lengthy list of targets in that post includes the websites of the Federal Reserve and nine of its 12 regional banks; the World Bank; and the central banks of countries including the United Kingdom, Albania, Aruba, Malta, Canada, France, Greece, Japan and Italy.
The group did not say what cyberattack tools it plans to use. In the past, Anonymous has launched distributed denial of service attacks – heavy waves of malicious traffic that can slow a website or shut it down entirely.
Avivah Litan, vice president at Gartner, recommended that banks take the threat seriously. This type of attack "can be very disruptive," she said.
Anonymous began targeting banks with distributed denial of service attacks in 2010, in an initiative called Operation Payback. Visa, MasterCard and Bank of America were among the victims in that wave of cybercrime. MasterCard was targeted on and off for a year. Much of the motivation behind these attacks was a protest against payment providers that stopped processing payments to WikiLeaks in the wake of that organization’s posting of classified government information.
This time around, the group says it wants to punish the financial system for a broad range of actions, including high fees and interest rates, foreclosures and bailouts.
"Banks have been getting away with legally stealing [from] and ripping of [sic] citizens for far too long," Anonymous says in the video.
The Bank of Greece said the attack it suffered this week had minimal impact. "The attack lasted for a few minutes and was successfully tackled by the bank's security systems," a bank official told Reuters. "The only thing that was affected by the denial-of-service attack was our website."