wells fargo Wells Fargo web site troubles persist, U.S. OCC issues DDoS Cyber Alert

Wells Fargo has been having intermittent interruptions with their on-line banking fearing another DDoS cyber attack.  The U.S. Federal Office of Comptroller Currency has been investigating the issue.

Wells Fargo, which is the fourth largest banking institution in the U.S., recently told customers they may have intermittent or no access to their online banking due to what is believed to be another DDoS attack.  While the flood of traffic has let up, the bank said customers might still encounter interruptions during the next few days.  The U.S. Office of the Comptroller Currency (OCC) has been called in by Wells Fargo to investigate the matter.

Wells Fargo spokeswoman Bridget Braxton stated that the bank’s IT personnel were working hard to isolate the problem.  Braxton further iterated that they would be working with federal authorities to see if the attacks can be thwarted.

A hacking operation calling itself the “Izz ad-Din al-Qassam Cyber Fighters” has been targeting many of the larger international banks using denial of service (DDoS) attacks.  DDoS works by inundating a website with thousands of hits per second thereby slowing down or even shutting down the site entirely.  The group has been on a campaign against many U.S. banks of late and this latest attack on Wells Fargo may be from this same group.

"A DDoS attack seeks to deny Internet access to bank services by directing waves of Internet-based traffic from compromised computers to the bank. In some instances, sophisticated groups shift their tactics during attacks and target Internet service providers (ISP),” reads a December 21, 2012 OCC memo on the attacks. The memo goes on to say that the fraudsters also use DDoS to distract the banking personnel so they can gain access to user accounts.  Additionally, the memo states, “In this scenario, the DDoS can occur immediately before, during, or after the attack.  DDoS attacks also have been used to deny bank customers the opportunity to report suspected fraud and to block the banks’ customer-alert communications.”

On December 10, 2012, the Izz ad-Din al-Qassam Cyber Fighters announced via a Pastebin posting that they would start on their "second phase" of their attacks on five major U.S. banks by DDoS.  So far U.S. Bank, Bank of America, PNC Financial Services Group, JPMorgan Chase and SunTrust have all been targets. 

A more recent December 18th, 2012 Pastebin post from al-Qasam states that their attacks would continue and that they had a bit more up their sleeve, so to speak. “The past week’s attacks, showed our ability in doing wideness attacks so efficiently and of course this is not all of the Izz ad-Din al-Qassam’s ability.”

According to al-Qassam, they have committed their attacks because of “widespread and organized offends (sic) to Islamic spirituals and holy issues”.  They further stated that a film widely available on the Internet had insulted the Holy Prophet Mohammad.  While the group did not mention the film by name, it is presumably the same film that appeared on YouTube earlier this year that caused so much controversy in the Middle East.

Phase one of the DDoS attacks began in the middle of September and ran through most of October. Al-Qassam claimed they effectively attacked 10 major banks but each bank was warned ahead of time concerning the attacks.  While some banks were able to hold back the DDoS to some extent, no bank was able to prevent any of the attacks from happening.  

Al-Qassam has not stated what their plans are for 2013, but until more banks switch to more cloud-based servers, DDoS will continue to be a major nuisance for on-line banking systems and websites.