Bank of America Hit By Anonymous DDoS Attack

Monday, December 27, 2010

Headlines

69dafe8b58066478aea48f3d0f384820

Reports that the Banks of America's website has been experiencing some downtime due to distributed denial of service (DDoS) attacks by the pro-WikiLeaks and pro-piracy group Anonymous have been confirmed.

Bank of America recently ceased processing donations to the whistleblower group WikiLeaks after the organization revealed that Bank of America may be the subject of the next set of confidential documents to be released.

image

UPDATED: Sources familiar with the details of the attack have provided Infosec Island with the following information:

"B of A has been targeted for over 5 hours. The hive is not very strong so the total volume is relatively small, not really impacting anything at the moment, it’s more just an annoyance. The attackers are rotating targets, first targeting www.bankofamerica on one port (HTTP), then on another (HTTPS), then they switched the target to Bank of America’s nameservers. Lot’s of different vectors as well – UDP and SYN Floods as well as ICMP flooding."

"The attack was largely ineffective because the IRC channel used for the command and control of the LOIC tool was not functioning properly. Without the organized command and control structure (what is called the “hive-mind”), manual attacks are cumbersome."

"Anonymous leaders were recommending that their followers use the manual method, which makes a concerted effort much more difficult as users have to set up the tool with the correct target, protocol, and number of threads to use.  Monitoring Anonymous communications on IRC channels revealed that there was much disarray and overall the effort appeared to be very disorganized."

/uploads/remoteimg/35d04545a2ae71effd9a3d1de3f79815.jpg

Anonymous had previously targeted the websites of PayPal, Visa, MasterCard, PostFinance Bank and others who had halted business relations with WikiLeaks, spoke against the data release, or had similarly refused to process donations to the group.

The rash of DDoS attacks by Anonymous had fizzled out for some time due to lack of leadership and coordination amongst the loosely associated international "gathering" of script-kiddies, and a campaign of mass faxing was attempted with little or no effect on business operations reported.

In an article explaining DDoS attacks, Dan Dieterle states:

"Simply put, in a denial of service attack, the attacker sends repeated messages to a target website with such frequency, that the website can not keep up and slows to a crawl, in effect taking it offline... Attackers will usually use zombie machines that they have infected with a virus (also called ‘bots’) to work together to attack a single site. Sometimes hundreds and even thousands of systems are used in this matter."

Defenses against DDoS attacks are few, but there are several commercial solutions available, as outlined in a comparison study by Alicia Smith:

"In order to effectively determine the best solution you must know some key things about DDoS and your own network. There are many different types of DDoS attacks and they can affect your network in various ways - all of which are negative."
Possibly Related Articles:
16927
Network->General
Denial of Service DoS DDoS Headlines WikiLeaks Anonymous LOIC Bank of America Operation BofA
Post Rating I Like this!
Default-avatar
Randy Mueller ok. well interesting. our company was hit by IP's associated with B and A via "whois" for 5 hrs yesterday also. Had to have ATT at the backbone to our router block all ICMP/UDP

>>>>>???????
1293553489
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.