On late Monday, December 10, 2012, the Izz ad-Din al-Qassam Cyber Fighters, a group claiming allegiance to Islamic terrorism, posted on a popular message board a credible threat against major U.S. banks, inclusive of Chase, Bank of America, U.S. Bancorp, and others:
“In new phase, the wideness and the number of attacks will increase explicitly; and offenders and subsequently their governmental supporters will not be able to imagine and forecast the widespread and greatness of these attacks,” the posting from al-Qassam said. [source: FoxBusiness.com]
On Tuesday, 12.11.12, customers of the Bank of America, the fifth largest company in the United States and third biggest company in the world (per Forbes), were unable to access their accounts online throughout the entire day. The Bank of America website was down.
While this writer and others were unable to access the BofA site at any time throughout the day, FoxBusiness.com claimed they found the outage at Bank of America to be factual but intermittent, with Chase, Bancorp and other threatened banks declining to comment on their own status:
At least 50 users reported on Sitedown.co, a website for tracking website outages, that they could not access BankofAmerica.com in the late-morning and early afternoon hours. Tests by FOX Business on multiple computer networks showed the website as inaccessible at times and very slow to load at others. By 4:00 p.m. ET, the website appeared to load properly.
“We’re aware of the reports of possible cyberattacks and we’re monitoring our systems, which are fully operational,” a BofA spokesperson told FOX Business. “We’ve reached out individually to a small number of customers who reported issues to us earlier in the day.”
The cyberattack is said to stem from the infamous anti-Muslim video, “The Innocence of Muslims,” originally posted on Google in September and erroneously blamed for the violent attack on the American embassy in Benghazi, which resulted in the deaths of four Americans, including Ambassador Chris Stevens. In another report on the cyber attack, FoxBusiness offered some background on the threat and subsequent shutdown:
In September and October, al-Qassam launched widespread denial-of-service attacks against a slew of banks, including the ones listed this week. DDoS attacks function by slamming Web servers will a flood of requests, with the goal of rendering them completely inaccessible or slowing access down to a crawl. Security experts and the banks said at the time customer data were not at risk. The specific methodology al-Qassam plans on using this time around remains unclear.
In the last round of attacks, security experts told FOX Business the perpetrators created a so-called “botnet” of compromised Web servers that it used to carry out the attack. The Web servers, the experts said, provided more horsepower than the personal computers because of their higher-level access to Internet infrastructure and less limiting bandwidth restrictions.
The group, Izz ad-Din al-Qassam Cyber Fighters, fashion themselves as a sort of Islamic Anonymous, according to BetaBeat.com; claiming ties to Islam but asserting they are not affiliated to any specific government.
The reality of a terrorist affiliated cyber group having the ability to shut down the online workings of one of the biggest banks in the world, disabling access for an entire business day, makes chillingly clear the vulnerabilities of even large, purportedly protected, companies against cyber enemies with the will, and the means, to affect very real, and very destructive, business shut-downs.
UPDATE: As of 5:00 pm PST, 12.11.12, the Bank of America site is still down.
UPDATE: As of 11:00 pm PST, 12.12.12, the site was restored.