Introduction
On September 18, 2012, the Qassam Cyber Fighters (QCF) posted its first message, in both English and Arabic, on its Pastebin page; the message warned the world that it was now targeting U.S. banks for hacking attacks, and would do so in the future as well. Since its emergence, the group has vowed to continue to carry out cyber attacks against Western targets until YouTube removes the anti-Muslim video "Innocence of Muslims," stating in its first communiqué: "All the Muslim youths who are active in the Cyber world will attack to American and Zionist bases as much as needed such that they say that they are sorry about that insult." To date, the group has issued some 20 statements in broken Arabic and English, all of which can be found on its Pastebin page (pastebin.com/u/QassamCyberFighters). These statements include English- and Arabic-language versions of communiqués; each of the communiques is signed "Cyber fighters of Izz ad-din Al qassam" and begins, "Dear Muslim youths, Muslim Nations and are noblemen." The QCF seems to want the world to believe that it is an Arab group, named either for Hamas's military wing, the 'Izz Al-Din Al-Qassam Brigades, or for the latter group's namesake, the Syrian-born preacher who fought the French, British, and Zionists in the region in the 1920s and 1930s.[1] Since the September 18, 2012 message, in which it announced that it was planning to attack the Bank of America and New York Stock Exchange on that date, it has been widely speculated that the group's origins are in fact Iranian. Western media sources, as well as analysts who have studied the QCF, have stated that it is actually an Iranian front. Cyber security analyst Dancho Danchev performed the most authoritative open-source intelligence (OSINT) analysis on the issue of the group's links to Iran, aimed at exposing one of the individuals in the group,[2] while former Senator Joseph I. Lieberman told C-Span that he believed that Iran's government was sponsoring the group's attacks on U.S. banks in retaliation for Western economic sanctions.[3] Additionally, The New York Times quoted unnamed U.S. intelligence officials stating that the "group is a convenient cover for Iran."[4] This year, September 2012-September 2013, will be remembered as the year in which the QCF was one of the most important and successful hacking groups. This is especially true up to early May, when the group announced a "pause" due, it said, to the concurrent #opUSA [which occurred on May 7 and was supposed to be devoted to hacking U.S., Israeli, and Indian websites by joint attack with other hacking groups including Pakistani ZCompany]. It returned to activity on July 26 with another attack; however, in that attack, the only bank confirmed to have been hacked was Regions Bank, and that attack lasted only for a few hours.[5] Additional QCF hack attempts failed largely because banks have increased their defenses, improving methods for sharing information about threats and investing in new technology that helps them detect and mitigate DDoS (distributed denial-of-service) attacks that the QCF is known for carrying out frequently.[6] The following report reviews the details of the U.S. banks hacked by the QCF; some of the group's main hacking methods; details of interviews the QCF gave to media outlets explaining its activities; and the QCF's communiqués. An Appendix including the QCF's communiqués in full is available upon request. U.S. Banks Hacked By The QCF The QCF claims to have attacked Bank of America, the New York Stock Exchange, Capital One Financial Corp, SunTrust Banks Inc., BB&T, HSBC, JPMorgan Chase & CO, PNC Financial Services, U.S. Bancorp, Citigroup Citibank, Wells Fargo & Company, Ally Financial, Fifth Third Bancorp, Zions Bancorporation, Union Bank, Comerica, Citizens Bank, Umpqua Bank, People's United Bank, University Federal Credit Union, Patelco Credit Union, American Express, KeyCorp, Ameriprise Financial, Citizens Financial, BBVA Compass, UMB Financial Corporation, M&T Bank, Bank of the West, Regions Financial Corp, Euronext, and Synovus Financial Corporation. QCF Hacking Methods The method used in the hacking attacks that the QCF claims to have carried out on U.S. banks was most often the common DDoS, often described as a "cyber traffic jam." The New York Times describes how the QCF uses the method: "In a denial of service attack, hackers bombard a site with traffic until it collapses under the load.... Typically such attacks are deployed through a Web application, in which hackers recruit volunteers to click on a link that sends signals from their computers to a victim's site, or through botnets, networks of infected computers and devices that do hackers' work for them."[7] Reporting on one round of attacks on banks in January 2013 for which the QCF claimed responsibility, The New York Times said that these attacks involved data centers located around the world that had been infected with sophisticated malware designed to evade antivirus detection.[8] It was reported in October 2012, following another series of attacks claimed by the QCF on banks, that the group had "compromised at least 3,000 Web servers – forming their own 'botnet' that floods the sites with requests"; the report added that there was no evidence that any customer information had been compromised.[9] In an October 2012 report, Bloomberg News described attacks claimed by the QCF as involving a unique use of encrypted data to bypass the bank's firewall, adding that they revealed that "some of the nation's most advanced computer defenses are vulnerable to cyber attacks even if the targets know they're coming."[10] QCF Responds To Secretary Of Defense Panetta's Accusations On October 11, 2012, a month after the QCF carried out its first hacking attack, then-Secretary of Defense Leon Panetta spoke to business executives in New York about the recent cyber attacks on banks that the QCF claimed to have carried out. While not linking the Iranian government to the attacks, he stated that Iran had "undertaken a concerted effort to use cyberspace to its advantage."[11] The group issued a response on October 16, addressing Panetta and stating: "Instead of concerning and spending several billions that won't be good for you, tell your henchmen on YouTube to run remove command on their computers otherwise try to solve the following equation while your banks are howling under pressure from the attacks."[12] Timeline Of Attacks QCF Claims To Have Carried Out, As Posted In Pastebin September 18, 2012: First declared attacks by QCF on Bank of America and New York Stock Exchange September 19, 2012: Operation Ababil, Attacking Chase.com October 9, 2012: Operation Ababil, the Fourth Week, Attacks on Capital One, SunTrust, and Regions Financial Corp October 16, 2012: Operation Ababil, the Fifth Week, Attacks Continue on US Banks October 23, 2012: Operation Ababil, The Sixth Week, Attacks on Capital One, BB&T, and HSBC December 10, 2012: Operation Ababil, Phase Two, Attacking U.S. Bancorp, JPMorgan Chase&co, Bank of America, PNC Financial Services Group, SunTrust Banks, Inc. Details of Interviews: December 10, 2012: Interview with Undisclosed Reporter from American Banker: December 10, 2012: New Interview with Rym Momtaz from ABC December 10, 2012: New Interview with Eduard Kovacs from Softpedia December 18, 2012: Operation Ababil Phase Two, Week Two December 25, 2012: Operation Ababil, Phase 2, Week 3 January 1, 2013: Operation Ababil, Phase Two, Week Four January 15, 2013: Operation Ababil, Phase Two, Week Six January 22, 2013: Operation Ababil, Phase Two, Week Seven January 29, 2013: Operation Ababil Suspended Due to Removal of Insulting Movie February19, 2013: Operation Ababil, Serious Warning February 26, 2013: Operation Ababil, Al Qassam Ultimatum March 5, 2013: Operation Ababil, Phase Three March 12, 2013: Operation Ababil, Phase 3, Week Two March 19, 2013: Operation Ababil, Phase 3, Week Three March 26, 2013: Operation Ababil, Phase 3, Week Four April 2, 2013: Operation Ababil, Phase 3, Week Five April 9, 2013: Operation Ababil, Phase 3, Week Six April 16, 2013: Operation Ababil, Phase 3, Week Seven April 23, 2013: Operation Ababil, Phase 3, Week Eight April 30, 2013: Operation Ababil, Phase 3, Week Nine May 6, 2013: Operation Ababil pauses this week, May 7th-9th July 23, 2013: Operation Ababil, Phase 4 A Review Of The QCF Communiqués The following are excerpts from each communiqué, in the original (poor) English. They include explanations by the QCF on the reasons it attacks, and excerpts of interviews it gave to media. Each communiqué states the specific banks that the group plans to attack. Some notable text in the communiqués includes: statements that the Zionists were behind 9/11; calls for volunteers and provision of contact email addresses; statements that its main enemy are the "U.S. and Zionist web bases," and calls for capitalism to be attacked via the Internet. Many of the group's responses to questions in the media interviews were vague, especially regarding questions related to its possible ties to other governments or groups, including Hamas and Hizbullah, and its refusal to answer when asked where it is based and who its leaders are, in addition to its claims that it is not collaborating with Anonymous. September 18, 2012: Attacks on Bank of America and New York Stock Exchange The communiqué called on all Muslims to join cyber jihad and announced it would attack Bank of America and the New York Stock Exchange "for the first step." It read: "All the Muslim youths who are active in the Cyber world will attack to American and Zionist Web bases as much as needed such that they say that they are sorry about that insult. We, Cyber fighters of Izz ad-din Al qassam will attack the Bank of America and New York Stock Exchange for the first step. These Targets are properties of American-Zionist Capitalists. This attack will be started today at 2 pm. GMT. This attack will continue till the Erasing of that nasy movie. Beware this attack can vary in type."[13] September 19, 2012: Operation Ababil: Attacking Chase.com The communiqué announced Operation Ababil and details, claiming it attacked the website of chase.com. It reads, "[T]he second step we attacked the largest bank of the united states, the 'chase' bank. These series of attacks will continue untill the Erasing of that nasty movie from the Internet. The site www.chase.com is down and also Online banking at 'chaseonline.chase.com' is being decided to be Offline."[14] October 8, 2012: Operation Ababil, the Fourth Week: Attacks on Capital One, SunTrust, and Regions Financial Corp This communiqué stated what its goals were for the week, and explained why it chose to target financial institutions, saying: "Money is all your respect: Money is all your holiness. Money is all your value. Money is all of your glory. Money is all your humanity. Money is all of your life. Money is all of your honor. Money is all your existence. Money is everything for you. For this reason, attack to your financial centers will be continued. Therefore the timetable for October's second week attack program is announced as comes: "Tuesday 10/9/2012: attack to Capital One Financial Corp site, capitalone.com "Wednesday 10/10/2012: attack to SunTrust Banks, Inc, suntrust.com "Thursday 10/11/2012: attack to Regions Financial Corp site, regions.com "Weekends: planning for the next week' attacks. "It is necessary to mention that the Izz ad-Din al-Qassam group has no relation with recent Trojan-based attacks which aims the people's electronic money transfers. Our activities are only against the insulting movie mentioned above. We shall attack for 8 hours daily, starting at 2 PM GMT, every day. Do you want attacks to be stopped? Stop the insults and eliminate their traces!"[15] October 16, 2012: Operation Ababil, the Fifth Week: Attacks On U.S. Banks Continue This communiqué was addressed to a statement made by then-CIA director Leon Panetta, and detailed its upcoming plans: "With a little searching, we still found the anti-Islamic offensive film on the Internet. Thus the chain of cyber attacks on U.S. banks will continue this week. These attacks will be done since Tuesday, 16 October until Thursday, 18 October 2012 in midday hours. Also we have a suggestion for Mr. Panetta; Instead of concerning and spending several billions that won't be good for you, tell your henchmen on YouTube to run remove command on their computers otherwise try to solve the following equation while your banks are howling under pressure from the attacks."[16] October 23, 2012: Operation Ababil, the Sixth Week: Attacks on Capital One, BB&T, and HSBC In this communiqué, QCF took credit for the previous week's attacks on Capital One, BB&T and HSBC. It also continued its criticism of Panetta's remarks on cyber security: "Mr. Panetta has noted in his remarks to the potential cyber threats such as attacking on Power & Water Infrastructures, running off trains from the tracks & etc. On our opinion, these Panetta's remarks are for distracting the public opinion &in support of the owners of the bank`s capital. He is going to put the existing pressure toward the people. This is capitalism`s usual trick. That they put too many people under pressure and exploitation for benefits of just a few people. It is likely that even Zionists cause damages to US power, water and aviation facilities and then claim that Izz ad-Din al-Qassam Cyber Fighters Group has done it. They had done such action already on 9/11 story. Due to approaching Eid al-Adha and to commemorate this breezy and blessing day, we will stop our attack operations during the next days. Instead, we are going to have an interview with one of the American media and press about our ideas and positions. Every press volunteer to interview us, send its full specifications and offers to us throughout (alqassamcyberfighter@myway.com)."[17] December 10, 2012: Operation Ababil, Phase Two: Attacking U.S. Bancorp, JPMorgan, Chase&co, Bank of America, PNC Financial Services Group, SunTrust Banks, Inc QCF announced Phase Two of Operation Ababil, and discussed ongoing and future attack plans: "From the last message we have published regarding to interrupting attacks to American banks due to Eid al-Adha there have happened so many events. Sandy storm, Presidential Election in the United States…During this period, we have carried out also some conversations with American reporters and media which some of them published it completely and others revealed it as summery…Now, we acclaim that the second phase of the Ababil operation is in ahead and from this week according to the announced plan, will be performed. In new phase, the wideness and the number of attacks will increase explicitly; and offenders and subsequently. Continually, the goals under attacks of this week are including: U.S. Bancorp, JPMorgan Chase&co, Bank of America, PNC Financial Fervices Group, SunTrust Banks, Inc."[18] December 10, 2012: First Interview with Reporter from American Banker On December 10, 2012, a QCF spokesman gave an interview to an unidentified reporter from American Banker, discussing the group's establishment, its relationships with other hacking organizations, and its future plans. The following are excerpts, which were posted on its Pastebin page. "Q: Do you realize that in America, the U.S. Bill of Rights protects freedom of speech, and that anyone can post anything on YouTube without interference from the government? "A: Google removed 640 videos from YouTube in the second half of last year amid fears they promoted terrorism "A: Google terminated four YouTube accounts responsible for videos that allegedly contained threatening and harassing content after complaints by different US law enforcement agencies. See also Google biannual transparency report about content removal requests per country at http://www.google.com/transparencyreport/removals/government/countries/. "Q: Did your group also target the Tel Aviv stock Exchange and El Al Airlines in January? "A: No. This group is established from many volunteers among hackers which share the beliefs about insulting video. No individual in the group has spoken about his probable activities in the past, or in the future which is not related to our operation, and if we ask each other about that, there will be no answer. "Q: Where are you based? "A: The Internet and its wide possibilities is our base. "Q: Who is your leader? "A: There is no special leader. In fact collective decision making leads us to move. "Q: Do you have a government sponsor? "A: No government or organization is sponsoring us and we do not wait for any sponsor as well. "Q: Do you plan to continue to execute denial of service attacks, or do you have other types of attacks planned? "A: It depends. If the movie is removed, the attacks will be stopped. Till now majority of our group members do not accept the suggestion for stopping attacks. "Q: What banks do you plan to attack? "A: We inform our targets and next steps in our letters posted in the url address http://pastebin.com/u/QassamCyberFighters (in a hope pastebin do not ban us based on an order from US Gov.! ); or other ways if needed. "Q: What types of malware are you using to generate your attacks? "A: This question is only answered to those who join us, and you're welcome! "Q: Are you doing all the programming work yourselves, or are you subcontracting to other parties? If the latter, then to whom are you subcontracting? "A: This operation is a group work for protesting against the insult which has been happened."[19] |
Click here to continue reading
No comments:
Post a Comment