Information Security News mailing list archives

Previous By Date Next
Previous By Thread Next

Serious Attackers Paired With Online Mob In Bank Attacks

From: InfoSec News <alerts () infosecnews org>
Date: Fri, 5 Oct 2012 02:14:10 -0500 (CDT)
http://www.darkreading.com/advanced-threats/167901091/security/perimeter-security/240008534/serious-attackers-paired-with-online-mob-in-bank-attacks.html

By Robert Lemos
Contributing Writer
Dark Reading
Oct 04, 2012
At first blush, the recent attacks against major U.S. financial institutions appear to be a text-book case of hacktivism: Under the name "Operation Ababil," a group of alleged Iranian protestors called for supporters to attack banks and Google's YouTube, citing the Internet giant's refusal to take down a movie that offended some Muslims.
Yet, the resulting distributed denial-of-service attacks that caused disruptions at major banks -- including Bank of America, JPMorgan, Citigroup and Wells Fargo -- did not emanate from the widespread home computers of hacktivists but from hundreds -- or at most, thousands -- of servers running vulnerable content management software, say security experts familiar with the attacks. Using the servers and customized malware, the attackers leveled between 70 Gbps and 100 Gbps of peak traffic at the targeted sites and tailored the campaign to get around defenses specifically designed to stop floods of data.
The overall picture emerging from investigations into the attack is that of, not just a successful campaign by hacktivists, but of something more, says Rodney Joffe, chief technology officer at Internet infrastructure provider Neustar.
"This was a very well done attack and the key thing is that this was not an attack that was easily survivable," he says. "They effectively took down or disrupted major financial organizations." 

[...]


--
Certified Ethical Hacker and CISSP with ExpandingSecurity.com gives the best
training and support. Last 2012 CISSP and CEH starts Oct. 1! Take action now
and be done before 2012 ends. Best program, best price.
CISSP info signup
http://www.expandingsecurity.com/product/cissp-live-online-10-week-course/
CEH info signup
http://www.expandingsecurity.com/product/ceh-certified-ethical-hacker-online/
Our Live Online classes will not wreck your schedule.
Previous By Date Next
Previous By Thread Next

Current thread: