[ISN] Serious Attackers Paired With Online Mob In Bank Attacks

From: InfoSec News <alerts_at_private>
Date: Fri, 5 Oct 2012 02:14:10 -0500 (CDT)
http://www.darkreading.com/advanced-threats/167901091/security/perimeter-security/240008534/serious-attackers-paired-with-online-mob-in-bank-attacks.html

By Robert Lemos
Contributing Writer
Dark Reading
Oct 04, 2012

At first blush, the recent attacks against major U.S. financial 
institutions appear to be a text-book case of hacktivism: Under the name 
"Operation Ababil," a group of alleged Iranian protestors called for 
supporters to attack banks and Google's YouTube, citing the Internet 
giant's refusal to take down a movie that offended some Muslims.

Yet, the resulting distributed denial-of-service attacks that caused 
disruptions at major banks -- including Bank of America, JPMorgan, 
Citigroup and Wells Fargo -- did not emanate from the widespread home 
computers of hacktivists but from hundreds -- or at most, thousands -- 
of servers running vulnerable content management software, say security 
experts familiar with the attacks. Using the servers and customized 
malware, the attackers leveled between 70 Gbps and 100 Gbps of peak 
traffic at the targeted sites and tailored the campaign to get around 
defenses specifically designed to stop floods of data.

The overall picture emerging from investigations into the attack is that 
of, not just a successful campaign by hacktivists, but of something 
more, says Rodney Joffe, chief technology officer at Internet 
infrastructure provider Neustar.

"This was a very well done attack and the key thing is that this was not 
an attack that was easily survivable," he says. "They effectively took 
down or disrupted major financial organizations."

[...]


--
Certified Ethical Hacker and CISSP with ExpandingSecurity.com gives the best
training and support. Last 2012 CISSP and CEH starts Oct. 1! Take action now
and be done before 2012 ends. Best program, best price.
CISSP info signup
http://www.expandingsecurity.com/product/cissp-live-online-10-week-course/
CEH info signup
http://www.expandingsecurity.com/product/ceh-certified-ethical-hacker-online/
Our Live Online classes will not wreck your schedule.
Received on Fri Oct 05 2012 - 00:14:10 PDT

This archive was generated by hypermail 2.2.0 : Fri Oct 05 2012 - 00:14:24 PDT