WASHINGTON (1/30/13)--A group of hacktivists allegedly responsible for distributed denial of service (DDoS) attacks against 22 large U.S. banks and at least two credit unions announced Tuesday it is calling off the attacks. However, that doesn't mean all such attacks will stop.
The Credit Union National Association has reached out to and is working with the U.S. Treasury's Financial Services Sector Coordinating Council for Critical Infrastructure Protection and Homeland Security to ensure credit unions' interests are represented in the federal government's efforts to help deal with any future attacks.
DDoS attacks typically are conducted for political or ideological reasons, according to Mike Saylor, vice president of technology at the Texas Credit Union League. "There are other reasons for conducting DDoS attacks, but these are the most prevalent, and this type of attack will continue into the foreseeable future," he said in the league's newsletter (LoneStar Leaguer
The al Qassam Cyber Fighters' message on Pastebin, an Internet message board, said its attacks are suspended because YouTube removed a trailer advertising of an anti-Muslim film, "The Innocence of Muslims."
It said the group "lauds this positive measure of You Tube and on this basis suspends this operation and plans to give a time to Google and U.S. government to remove the other copies of film as well. During the suspension of Operation Ababil, no attack to U.S. banks would take place by al-Qassam cyber fighters" (Bank Info Security
The DDoS campaign--the group's second campaign within six months--began its eighth week of attacks Monday. Tuesday's message said the victims of its attacks included the $3.8 billion asset Patelco CU, Pleasanton, Calif., whose website was down five hours, and $1.6 billion asset University CU, Austin Texas, whose site was down two hours. The Pastebin post also named a who's who list of 22 big banks, including Bank of America, Wells Fargo & Co., Capital One, Citibank and JPMorgan Chase. The credit unions emphasized that no member data was compromised during the attacks.
Denial of service attacks have been around a while, said Saylor. "The first DDoS was in the 1880s when teenagers brought down our first phone system." DDoS attacks a target, such as a website or a network, by flooding the targeted systems with large volumes of data until the systems are overwhelmed and cannot process the data fast enough, Saylor said. The system typically shuts down or freezes.
He advised credit unions to "be diligent. If you start to see degradation in your systems, then you must be timely in your response and communication." Here are four steps to take:
Preparation. Establish contacts, define procedures, and gather tools to save time during the attack.
Analysis: Detect the incident, determine its scope and involve the appropriate parties.
Mitigation: Mitigate the attack's effects on the targeted environment; and
Wrap-up: Document the incident's details, discuss lessons learned and adjust plans and defenses.