10-15-12 | Blog Post
Tuesday, October 9th, Capital One Financial Corp. became the latest in the string of attacks on US banks. Their services were disabled temporarily, although in a statement Pam Girardo (a spokeswoman for McLean, Virginia-based Capital One) stated that “At this point, we have no reason to believe that customers and account information is at risk”.
This group of DDoS attacks on financial institutions includes groups like Wells Fargo, PNC, J.P. Morgan, Chase, and Bank of America, among others. These attacks have been happening for about a month now, and a group called Izz ad-Din al-Quassam Cyber Fighters are claiming responsibility for the action. The group posted on pastebin.com, saying the reason for their doing so was in response to a video, “Innocence of Muslims”, that has caused an upset from within the Muslim world.
The attackers were using an encrypted data stream that allowed them to get around the security controls put in place by the bank, including the firewall, and by using botnets (in order to get the sheer volume of traffic they would need they took over commercial servers) they had the opportunity to disable Capital One’s services. While DDoS attacks are fairly commonplace, encrypting the data in order to get past security is something new. Carl Herberger, VP for Radware, Inc. says “It’s an advanced attack, and frankly a lot of the banks are just getting their heads around the architecture to mitigate these attacks”.
This is being called by some an Advanced Evasion Technique (AET), and Phil Lerner, VP of Technology at Stonesoft wrote that “many AET attacks leave no trace…leaving the devices blind and creating an illusion of security.” It was written by the attackers on pastebin.com that other targets would be Regions Bank and SunTrust, who were warned of the potential attack immediately.