Did Islamist hackers attack Bank of America's website yesterday? Or was it just another software glitch?
Around 10 a.m. ET yesterday (Sept. 18), the website of the second-largest American bank began to experience slowdowns, with many users having trouble accessing the site, according to news reports.
At about the same time, two manifestos were uploaded to the code-sharing site Pastebin by a user calling himself "QassamCyberfighters," one in English, the other in Arabic.
"We, Cyber fighters of Izz ad-din Al qassam will attack the Bank of America and New York Stock Exchange for the first step. These Targets are properties of American-Zionist Capitalists," read the English-language version. "This attack will be started today at 2 pm. GMT [10 a.m. Eastern]. This attack will continue till the Erasing of that nasty movie."
The Arabic version, translated by Google, was similar and also referred to the anti-Islamic online video clip "Innocence of Muslims," which has sparked riots across the Muslim world.
The writer appeared to be borrowing the name of the Izzedine al-Qassam Brigades, the military wing of the Palestinian Islamist party Hamas.
A Bank of America spokesman, contacted by SecurityNewsDaily, dodged the question of whether the company's website had been attacked.
"I can assure you that our customer and client information, our online banking platform and the related systems remain safe and secure," said global technology and operations media contact Mark Pipitone. "Our online banking services have been, and are, up and running. The vast majority of our customers did not experience any issues yesterday."
The Fox Business website yesterday posted a story in which a source told it that the Bank of America site had been hit by a "technical attack" that "was focused on BofA's domain name system (DNS) architecture."
"It appears that the Radical Islamists have found the Group Anonymous playbook," Fox Business quoted its anonymous source.
The New York Stock Exchange site did not appear to be affected by any problems.
Internet connection problems are not a clear indication of a cyberattack, as the outage affecting the GoDaddy hosting service on Sept. 10 showed.
In that instance, a Brazilian Twitter user calling himself "AnonymousOwn3r" claimed to have knocked out GoDaddy's DNS servers, which translate URLs such as "securitynewsdaily.com" into the numerical sequences computers use to route Internet traffic.
AnonymousOwn3r's claims were posted after GoDaddy itself alerted users to its problems, and his explanations of his methods were vague. GoDaddy later blamed the outage on a faulty router-table update.
Similarly, it's not clear whether QassamCyberfighters' Pastebin posting went up before or after the Bank of America website began to sputter.
An attack on the DNS servers sounds unlikely, because such an attack would probably affect other sites besides Bank of America's. But a regular distributed denial-of-service (DDoS) attack, which would have flooded Bank of America's Web servers, could have been the culprit.
In October 2011, Bank of America had nearly a week of website trouble, which the bank blamed on software upgrades and heavy traffic.
The Bank of America site was responding normally as of 9 a.m. ET today (Sept. 19).