When I sat down to watch the evening news and saw that ABC News started its broadcast by talking about the DDoS attacks on the nation’s largest banks, I was shocked.
DDoS attacks aren’t unusual, and the past month has seen its share of newsworthy attacks. Wasn’t it just a few days ago that Germany was asking its citizens to stop using Internet Explorer because of a major exploit that left users vulnerable to a DDoS attack? I don’t remember seeing that on the news or discussed much in the mainstream media. And banks get hit with cyber attacks all the time. Why the fuss this time?
The attention may have less to do with the attacks themselves but instead with whom is doing the attacking. Islamic hacktivists have taken credit for the attacks. According to InformationWeek:
[A] hacktivist group calling itself the "Cyber fighters of Izz ad-din Al qassam" announced Tuesday via a now-deleted Pastebin post that it would be attacking the two websites, as part of its ongoing "Operation Ababil," which began last week with attacks against both the Bank of America and JPMorgan Chase websites, both of which experienced periodic outages. According to the hacktivist group, the attacks are in retaliation for the release of the Innocence of Muslims film that mocks the founder of Islam, and which has triggered numerous riots across the Middle East.
This isn’t a run-of-the-mill DDoS attack, either. According to PC Advisor:
Rather than launch the attack from a network of compromised machines, called a botnet, the attackers are apparently using volunteers. Participants go to either one of two file-sharing sites and download a program written in a scripting language. Once the program is running, a person only has to click on a "start attack" button to send continuous requests to the target's website.
My own feeling is that, along with the alleged attackers, the target is also the reason for the unusual attention. When Bank of America was hit last week, it was barely a blip on the radar, even in security circles. Now it is virtually every nationally recognized bank in the country that is affected. That’s too hard to ignore.
I’m not complaining. Cybersecurity should be part of the evening news and covered by newspapers and popular news websites. This bank attack isn’t going to be the last DDoS attack, and we now see that extremist groups have moved well beyond Anonymous.