A hacker group that has resumed its denial-of-service attacks on bank websites says it will continue until more copies of an anti-Muslim video are pulled from YouTube.
The group claiming responsibility for the attacks, Izz ad-Din al-Qassam Cyber Fighters, posted a new message Tuesday on the Internet message board Pastebin.com saying it targeted nine financial companies, mostly major banks, last week because the United States "must still pay because of the insult." The targets included Minneapolis-based U.S. Bancorp, the nation's fifth-largest bank by assets.
U.S. Bank said that while it was briefly hit once last week, its website was performing normally Tuesday.
JPMorgan Chase & Co., however, suffered serious problems for several hours. The country's largest bank confirmed Tuesday evening that it suffered a denial-of-service attack that started midafternoon and that its website was inaccessible. At one point, chase.com displayed a message that it was "currently updating our website to maintain the best online experience."
The group suspended its campaign of cyberattacks in January after a key copy of the video Innocence of Muslims, which it said received more than 17 million views, was removed from YouTube. But it started back up a few weeks ago because there are other copies of the video, which ridicules the Prophet Mohammed, on YouTube. It's running what it calls a third phase of Operation Ababil to get those removed, too.
On March 5, members posted a message identifying themselves as "Muslim youths," saying they will hit a number of American banks "three days a week, on Tuesday, Wednesday and Thursday during working hours."
Denial-of-service attacks disrupt websites by flooding them with connection requests or too much bandwidth, according to Arbor Networks, a company in Burlington, Mass., that helps companies cope with such attacks.
There are different types of denial-of-service attacks, and "these folks are using all of them," said Dan Holden, Arbor Network's director of security research.
The FBI has been investigating the attacks, which surfaced last September. It's still not clear who is behind the campaign, although some U.S. government officials have pointed the finger at Iran.
U.S. Bank said it was hit once last week.
"Last Thursday [the 7th] we saw some unusual and coordinated high traffic volume designed to slow down the system — similar to what other banks have experienced over the past few months," U.S. Bank spokesman Tom Joyce said in an e-mail. "Our website was slower than usual for a very brief period that day, but then returned to normal performance."
Capital One Financial Corp., in McLean Va., was also hit last week.
"We have defenses in place and online account access was available for the vast majority of our customers throughout the attack," Capital One spokeswoman Pam Girardo said. "We continue to work with federal law enforcement and other authorities to investigate these attacks and further enhance defenses against these types of events."
Fifth Third Bancorp in Cincinnati said it suffered a limited attack March 6, its third since the start of the year. The attacks typically start mid- to late morning and last for about three to four hours, said bank spokeswoman Debra DeCourcy. She said the attacks make it hard for customers to access the site quickly but haven't compromised any customer information.
Some banks said Tuesday that they hadn't experienced any recent attacks.
Looking for defenses
The country's financial institutions are still aggressively pursuing defenses, said Carl Herberger, vice president of security solutions at New Jersey-based Radware Ltd., which has been investigating the attacks for bank customers.
Herberger said the group almost always strikes within 24 hours of a public posting. He said he began getting reports of new attacks around noon Tuesday.
Banks have improved their ability to defend against the attacks, he said. "However, do they have complete solutions in place? The answer would be no."
Herberger said the group has used different techniques to make the denial-of-service attacks more damaging. He said he's seen a bank with a 40 gigabits per second of Internet capacity get gummed up with an attack of just 30 megabits per second in size.
"They've demonstrated that the commercial financial sector has had some universal vulnerabilities," he said. "Now they're just continuing to exploit these vulnerabilities. It's now going on six months in various waves."
Jennifer Bjorhus • 612-673-4683
