The agency believes the hackers are modifying scripts to evade mitigation efforts

May 1, 2013 09:34 GMT  ·  By

On Tuesday, Izz ad-Din al-Qassam Cyber Fighters announced the start of week nine of the third phase of Operation Ababil, and unless all the copies of the Innocence of Muslims movie are removed from YouTube, the distributed denial-of-service (DDOS) attacks against US financial institutions will not stop any time soon.

The US Federal Bureau of Investigation (FBI) has been closely monitoring the hacker group’s activities.

In a recent flash report on Brobot, the botnet utilized by the Cyber Fighters, the FBI reveals that the hackers have been modifying the attack scripts to ensure they can evade their targets’ mitigation efforts, BankInfo Security informs.

“The FBI Cyber Division assesses that these scripts have been modified by the actors in an attempt to increase the effectiveness with which the scripts evade detection. Because the attacks have been ongoing for seven months, the actors are changing their attack methodology to circumvent mitigation efforts of the financial institutions,” the report reads.

“The latest version of the ‘Brobot’ attack scripts that have been utilized to attack the login capabilities of a financial institution’s website spoofs a fraudulent access cookie, user-agent string and referrer. The login script includes several random strings, but does contain one hard-coded string, ‘63.83.61.17-1365521883478351’, in the script,” it continues.

“The hard-coded string does not affect the new attack scripts; however it can be used as an IDS/IPS signature to detect and block attacks from the ‘Brobot’ botnet.”

According to the latest statement published by Izz ad-Din al-Qassam Cyber Fighters, last week, they targeted the public-facing websites of Capital One, BB&T, Regions, Charles Schwab, Principal Financial, State Street and BancWest.

In a short interview we had with the hackers last week, they explained their role in the upcoming OpUSA, a campaign that will be launched on May 7.

They claim that they will still focus on attacking US financial institutions, but they urge other groups that participate in OpUSA to join them.