Mideast hackers disrupt websites of U.S. banks over anti-Islam film, says more shutdowns to come

A hacker group based in the Middle East has flaunted its online muscle against several of America’s largest financial firms, temporarily keeping customers from accessing their information on banking websites and promising similar shut downs again next week.

But while cyberattacks are routinely done to glean private account information, this threat appears different — it’s political.

The group — identifying itself as the Izz ad-Din al-Qassam Cyber Fighters — claimed responsibility in a post on Pastebin, a site used by hackers, according to The New York Times.

The group said the attacks are linked to the anti-Islam film that sparked deadly protests this month across the Muslim world.
“Insult to a prophet is not acceptable especially when it is the Last prophet Muhammad,” the post said. “So as we promised before, the attack will be continued until the removal of that sacrilegious movie from the Internet.”

Websites of JPMorgan Chase, Citigroup and Bank of America were affected last week, while Wells Fargo’s website was hit Tuesday, U.S. Bank was affected Wednesday and PNC Financial Services was disrupted Thursday.

A PNC spokesman told The Times it was taking “appropriate measures.”
But ABC News said it was shut out of the PNC site for about three hours Thursday, leaving some customers to gripe on social media.
“Hopefully it can be up soon,” posted Facebook user Stacy Briggs-Gerlach. “Never realized how dependent I am on it!!! ”

The hackers in their post even wrote a timetable for their attacks and implored other “cyberspace workers to join us.”
Security experts told the Daily News that the group’s boasting beforehand indicates just how certain they are of being able to shake up the banks’ business.
But these hackers haven’t exactly brought the firms to their knees, said Rob Rachwald, director of security strategy for Imperva, a data security company.

“[Officials] know that if the bank is breached and that suddenly everyone’s account number is publicized, that will really kill their business, whereas going offline for a little while is just embarrassing,” Rachwald said. “In this case, this shows data security practice at the banks is still really solid.”
It’s unclear the exact origin of the attacks, although Connecticut Sen. Joseph Lieberman told C-Span last week they appear to be coming out of Iran. Some observers speculate the Iranian government at least knew of the attacks, if not actually orchestrated them.

The fact that the hackers are trying to recruit more people to join them — and want to hit banks in other countries — is alarming, said Atif Mushtaq, a senior staff scientist for online security company FireEye.
“You can’t really prevent this type of attack [on your website]. You can mitigate it a little,” he said. “But the real question is, when is this going to end?