In the ever-deepening computer hack problems for U.S. banks, a new link has been found and in a place few analysts had even considered. Saudi Arabia could be the heart of where these denial of service attacks are coming from. Not only that, it now appears the methods and tools the group is using to serve those denial of service attacks are more advanced than previously thought.
At least one security group, Radware, says this is why they’ve been so difficult to stop – and it may be why finding a solution is still evasive. Because security officials had been looking in the wrong places and because they’ve assumed different methods are used, in many ways, those officials are back at square one. The group is calling this attack campaign “Operation Ababil”.
A variant, or modified version, of the malware has been found in labs in Saudi Arabia. A spokesperson for Radware said this is “slightly different than what’s being used in the wild”. There are still many unanswered questions, including where the malware actually originated from. The variant has been found, but it’s not clear if this is where it was developed.
Worse, this complicates things in a different manner: it could be that more servers around the world are infected than what official originally thought. Not only that, but the attacks aren’t over and worse, the malware was developed to live on a server versus the usual desktop “victims”. This means the attacks can kick in at any time and until and less it’s found and stopped. This is significantly different from previous malware definitions. One analyst even suggested that it’s not the actual bank servers that are being targeted, but rather, third party companies that have developed trusted relationships with the big banks. This certainly widens the scope of investigation in terms of where federal law enforcement and security analysts are looking. The now-believed 70 bandwidth capabilities are adding to the misery of those involved as they work around the clock to find the root of the problem.
Threats and Targets
In the meantime, the threats are hitting each and every one of their targets. Earlier this week, the group Izz ad-Din al-Qassam Cyber Fighters said it intended to penetrate both Regions Financial and Capital One. Those threats hit their targets and both banks reported the attacks, which resulted in outages for millions of bank customers. Those customers found the ability to check their balances, pay their bills and request new debit and credit cards impossible at different times throughout the day. On Wednesday, Capital One reiterated to its customers that its sister companies, including HSBC and ING Direct were not hit and that HSBC credit card customers, as well as Capital One credit card customers, should experience no problems. The latest bank, Regions Financial, was hit on Thursday, making it the third major bank in the U.S. to be hit this week. And, like the rest of the attacks, the efforts were spot on – just as promised.
All of the banks, on whatever days they were hit, all posted similar messages and apologies to their customers. All of the banks also assured their customers they were working to overcome the attacks. A Regions customer in Pensacola told us,
I tried to get online yesterday so that I could move money from my savings to checking account because of a bill that automatically is deducted on the 12th of the month. I wasn’t able to do it but I called customer support and they manually moved the money over from. So it was really just a headache for me, but with no real damage.
Most other customers from all of the banks report similar stories.
So far, it doesn’t look as though the group is looping back around and targeting banks it’s already hit. Banks like Bank of America and JPMorgan Chase and U.S. Bank have reported no further problems. Earlier this week, Capital One found itself on the receiving end of these denial of service attacks and last week, it was Wells Fargo.
In another interesting twist, it would appear there are more lawmakers coming on board siding with Senator Joe Lieberman’s belief that Iran is at the heart of the attacks. This is especially surprising since most had dismissed that possibility in late September. Iran denied those accusations and now says even its infrastructures are being targeted now.
If there’s any silver lining in this brouhaha, it’s that customer accounts haven’t been accessed or even targeted. It’s less about consumers, it would appear, and more about the U.S. as a whole.
The question now is what happens next? Interestingly enough, it would appear the group has gone silent on Friday morning. There’s been no word on what – or if – the group plans any attacks next week. All banks, however, are on alert.