CIP Cyber

Log In
Menu
Log In
  • Opinion
  • Product Reviews
  • Industrial Cybersecurity
  • Videos

‘itsoknoproblembro’ Toolkit – The Beast that Beat Banks

Table of Contents

Large scale, sophisticated distributed denial of service attacks – which have plagued the banking industry for months now – are finally subsiding. These attacks, which for the most part have been politically and socially motivated, have been cause for concern for security experts, government officials, and banks.





How It Started

Beginning in September 2012, large banking institutions; including Wells Fargo, Bank of America, PNC and JPMorgan Chase were at the receiving end of high level DDoS attacks – at times peaking between 60Gbps – 100Gbps. Comparatively speaking, most attacks are below 1Gbps. Thus, the cause for concern. Why were banks attacked? For some, the reason seems to be a little flimsy. Rumors circled that it was an Iran sponsored attack due to its sophistication and size, but an Iran hacker collective quelled these rumors by claiming full responsibility for the DDoS attacks and citing the Innocence of Muslims video as their motivation.

If you didn’t catch the headlines, the Innocence of Muslims video incensed the Muslim world because of its negative depiction of the Prophet Mohammad. Soon after clips of the video were released on YouTube, the hacker group Izz ad-din Al Qassam Cyber Fighters posted on Pastebin:

We, Cyber fighters of Izz ad-din Al qassam will attack the Bank of America and New York Stock Exchange for the first step. These Targets are properties of American-Zionist Capitalists. This attack will be started today at 2 pm. GMT. This attack will continue till the Erasing of that nasty movie. Beware this attack can vary in type.


And then the attacks started. The attacks lasted for months and are still a potential threat to banks. Here’s an infographic timeline of the series of DDoS attacks that took place.

How the ‘itsoknoproblembro’ Toolkit Works


The ‘itsoknoproblembro’ toolkit was the weapon of choice for the hackers that launched repeated attacks against banks. The tool is a hybrid DDoS attack tool that operates as a PHP-based suite. “itsoknoproblembro can launch multi-layered attack vectors by leveraging already compromised commercial machines, while at the same time, injecting malicious PHP scripts into popular content management systems – like WordPress and Joomla. This gives attackers the ability to scale up the size of an attack by converting machines into brobots,” says Todd Reagor, Chief Executive Officer of Rivalhost. Once compromised machines are under control of the attackers, it’s simply a matter of launching the attack.

Here’s how the itsoknoproblembro toolkit works:

  • The toolkit attacks infrastructure and application layers simultaneously
  • SYN floods are used to attack multiple network entry points on the target machine
  • ICMP, UDP, and SSL encrypted attacks are implemented as well
  • UDP packet floods are used to overwhelm the target DNS infrastructure
  • Legitimate IP addresses are used that make detection difficult


How DDoS Protection Stops Attacks


DDoS protection is a combination of sophisticated anti-ddos tools, human knowledge, and experience in mitigation. At its simplest level, it can be divided into three distinct steps:
  • Monitor: Flow data from edge routers is pulled and analyzed. Potential attack patterns trigger an alert that notifies the team monitoring your server.
  • Detection: Attacks are detected from dynamic profiling by comparing traffic deviations against an organizations normal patterns. Signature analysis
    is also used to compare known attack triggers with the traffic on your
    site.
  • Mitigation: Typically, malicious traffic is rerouted away from the victim and “scrubbed” by the mitigation company. Then, legitimate traffic is forwarded back to its original destination.

About Bio
Rob Lons is the Director of Digital at Rivalhost, a DDoS Protection company specializing in mitigation and protected web hosting. Follow on Twitter @rivalhost


Note: If you want to learn more about Linux and Windows based Penetration testing, you might want to subscribe our RSS feed and Email Subscription  or become our Facebook fan! You will get all the latest updates at both the places.
CIP Cyber Staff

CIP Cyber Staff

CIP Cyber Staff comprises CIP cybersecurity experts committed to delivering comprehensive information on critical infrastructure protection. The content covers diverse topics, equipping professionals to defend organizations and communities in an ever-evolving cyber landscape.

Most popular

Opinion

Password Cyberattack: Everything You Need to Know

November 7, 2023

Industrial Cybersecurity

Cybersecurity Awareness Month: Spotlight on ICS/OT Security

September 28, 2023

Opinion

How to Protect IoT Devices in Critical Infrastructure Networks

September 15, 2023

Want always be up to date?

Don't miss the latest news

By subscribing to our mailing list, you will be enrolled to receive our new trainings, latest blog posts, product news, and more.

CIP Training & Certifications

Transform your cybersecurity skills with CIP Cyber’s comprehensive training & course offerings

Choose Training

Related Articles

Learn Man in the Middle Attack From Scratch

To continue its commitment to providing quality cybersecurity training at an affordable price, EH Academy launches the training program for Man in the Middle attack.

February 20, 2018

UFONet – DDoS Botnet via Web Abuse

UFONet – is a free software tool designed to test DDoS attacks against a target using ‘Open Redirect’ vectors on third party web applications like

August 19, 2016

Want always be up to date?

Don't miss the latest news

By subscribing to our mailing list, you will be enrolled to receive our new trainings, latest blog posts, product news, and more.

CIP Training & Certifications

Transform your cybersecurity skills with CIP Cyber’s comprehensive training & course offerings

Choose Training