CIOZone.com - Professional Network for CIOs and IT Professionals

Reports that the Banks of America's website has been experiencing some downtime due to distributed denial of service (DDoS) attacks by the pro-WikiLeaks and pro-piracy group Anonymous have been confirmed.

Bank of America recently ceased processing donations to the whistleblower group WikiLeaks after the organization revealed that Bank of America may be the subject of the next set of confidential documents to be released.

UPDATED: Sources familiar with the details of the attack have provided Infosec Island with the following information:

"B of A has been targeted for over 5 hours. The hive is not very strong so the total volume is relatively small, not really impacting anything at the moment, it’s more just an annoyance. The attackers are rotating targets, first targeting www.bankofamerica on one port (HTTP), then on another (HTTPS), then they switched the target to Bank of America’s nameservers. Lot’s of different vectors as well – UDP and SYN Floods as well as ICMP flooding."

"The attack was largely ineffective because the IRC channel used for the command and control of the LOIC tool was not functioning properly. Without the organized command and control structure (what is called the “hive-mind”), manual attacks are cumbersome."

"Anonymous leaders were recommending that their followers use the manual method, which makes a concerted effort much more difficult as users have to set up the tool with the correct target, protocol, and number of threads to use.  Monitoring Anonymous communications on IRC channels revealed that there was much disarray and overall the effort appeared to be very disorganized."

Anonymous had previously targeted the websites of PayPal, Visa, MasterCard, PostFinance Bank and others who had halted business relations with WikiLeaks, spoke against the data release, or had similarly refused to process donations to the group.

The rash of DDoS attacks by Anonymous had fizzled out for some time due to lack of leadership and coordination amongst the loosely associated international "gathering" of script-kiddies, and a campaign of mass faxing was attempted with little or no effect on business operations reported.

In an article explaining DDoS attacks, Dan Dieterle states:

"Simply put, in a denial of service attack, the attacker sends repeated messages to a target website with such frequency, that the website can not keep up and slows to a crawl, in effect taking it offline... Attackers will usually use zombie machines that they have infected with a virus (also called ‘bots’) to work together to attack a single site. Sometimes hundreds and even thousands of systems are used in this matter."

Defenses against DDoS attacks are few, but there are several commercial solutions available, as outlined in a comparison study by Alicia Smith:

"In order to effectively determine the best solution you must know some key things about DDoS and your own network. There are many different types of DDoS attacks and they can affect your network in various ways - all of which are negative."