PLEASANTON, Calif., and NEW YORK (2/28/13)--Hacktivists responsible for distributed denial of service (DD0S) attacks against U.S. banks and credit unions in January have resumed their attacks against at least a dozen institutions, including credit unions.
Patelco CU, Pleasanton, Calif., told News Now that it experienced its second DDoS attack on Monday.
"Yes, another DDoS attack was initiated against Patelco on Feb. 25," said Patelco Vice President of Information Technology Anthony Vitale. "Our downtime was roughly two hours." The first attack against the $3.8 billion asset credit union occurred in January and disrupted its site for five hours.
Monday's attack was discovered when "our security scanning system caught the attack in its early stages," Vitale said. "The DDoS attack made it difficult for members to access financial information. However, no personal or account information was compromised."
Given the first attack, Patelco had already improved its Web security to mitigate the impact of such attacks. "We implemented additional security after the initial attack in January, and these additional measures significantly reduced the downtime we experience because of the attack," Vitale said.
The credit union used social media to inform members about the website and online banking systems issues, he added.
"We continue to take this seriously," Vitale said. "We are working to mitigate and further reduce downtime if these attacks occur again in the future."
In a Feb. 26 post on Pastebin, an open forum frequented by hacktivists, the Izz ad-Din al-Qassam Cyber Fighters claimed second strikes against Patelco;, University FCU in Austin, Texas; and a number of banks, including Bank of America, PNC Financial Services Group, Capital One, Zions Bank, Fifth Third, Union Bank, Comerica Bank, RBS Citizens Financial Group Inc. (Citizens Bank) and People's United Bank (bankinfosecurity.com Feb. 26).
University FCU's website was down for nearly 2 1/2 hours on Jan. 24 (News Now Jan. 28). It has not been confirmed whether it was attacked again.
The Qassam Cyber Fighters issued an ultimatum to the U.S. government over films offensive to Muslims and said if the films are not removed it will start Operation Ababil again the week of March 5. The attacks against Patelco and the others, the group said, were warnings. The financial institutions have nothing to do with the posting of films on other websites. The first wave of protests from the group in January stemmed from a video on YouTube.
The National Credit Union Administration and the Office of the Comproller of the Currency issued warnings last week about DDoS attacks being used to distract institutions to perpetrate account frauds. So far, there is no evidence linking the Qassam attacks to fraud, said bankinfosecurity.com. DDoS attacks involve flooding a site with incoming e-mail to stall its operations so people can't access the site.