Reverse engineering the recent cyber-attacks on US banks

Researchers uncovered the root cause of a wave of DDoS attacks that recently hit several major U.S. banks. The hacker group that claimed responsibility for these attacks declared them to be in retaliation to an anti-Islam video that mocked the Prophet Muhammad and a part of the ongoing “Operation Ababil.” One of the lesser-known foot-soldiers behind this was a compromised general-interest UK-based website that was trying to hurl large chunks of junk traffic at three of the world’s largest financial institutions—PNC, HSBC and Fifth Third Bank. The cause of UK website’s security breach was an administrative password of admin/admin. The security research team identified that the DDoS attack commands originated from a Turkish web design company’s website, which was used as a remote Botnet C&C. The Turkish website was also compromised and used as an additional buffer between the real hacker and its U.S.-based targets. The list of targets went beyond American banks, and also included e-commerce and commercial websites from several other countries.

Takeaway: Web security is important and the administrative staff needs to do more to change default passwords, but it’s also crucial to understand how security on the Internet is always determined by the weakest link.