memri
September 18, 2013 Inquiry & Analysis Series No. 1017

The Rise And Fall Of The Qassam Cyber Fighters: Arab Hacking Group or Iranian Cyber Front? A Review Of Its First Year Of Activity – September 2012-September 2013

September 18, 2013 | By Steven Stalinsky, R. Sosnow, and B. Shemaria*
Inquiry & Analysis Series No. 1017

Introduction

On September 18, 2012, the Qassam Cyber Fighters (QCF) posted its first message, in both English and Arabic, on its Pastebin page; the message warned the world that it was now targeting U.S. banks for hacking attacks, and would do so in the future as well.

Since its emergence, the group has vowed to continue to carry out cyber attacks against Western targets until YouTube removes the anti-Muslim video "Innocence of Muslims," stating in its first communiqué: "All the Muslim youths who are active in the Cyber world will attack to American and Zionist bases as much as needed such that they say that they are sorry about that insult."

To date, the group has issued some 20 statements in broken Arabic and English, all of which can be found on its Pastebin page (pastebin.com/u/QassamCyberFighters). These statements include English- and Arabic-language versions of communiqués; each of the communiques is signed "Cyber fighters of Izz ad-din Al qassam" and begins, "Dear Muslim youths, Muslim Nations and are noblemen."

The QCF seems to want the world to believe that it is an Arab group, named either for Hamas's military wing, the 'Izz Al-Din Al-Qassam Brigades, or for the latter group's namesake, the Syrian-born preacher who fought the French, British, and Zionists in the region in the 1920s and 1930s.[1]

Since the September 18, 2012 message, in which it announced that it was planning to attack the Bank of America and New York Stock Exchange on that date, it has been widely speculated that the group's origins are in fact Iranian. Western media sources, as well as analysts who have studied the QCF, have stated that it is actually an Iranian front. Cyber security analyst Dancho Danchev performed the most authoritative open-source intelligence (OSINT) analysis on the issue of the group's links to Iran, aimed at exposing one of the individuals in the group,[2] while former Senator Joseph I. Lieberman told C-Span that he believed that Iran's government was sponsoring the group's attacks on U.S. banks in retaliation for Western economic sanctions.[3] Additionally, The New York Times quoted unnamed U.S. intelligence officials stating that the "group is a convenient cover for Iran."[4]

This year, September 2012-September 2013, will be remembered as the year in which the QCF was one of the most important and successful hacking groups. This is especially true up to early May, when the group announced a "pause" due, it said, to the concurrent #opUSA [which occurred on May 7 and was supposed to be devoted to hacking U.S., Israeli, and Indian websites by joint attack with other hacking groups including Pakistani ZCompany]. It returned to activity on July 26 with another attack; however, in that attack, the only bank confirmed to have been hacked was Regions Bank, and that attack lasted only for a few hours.[5] Additional QCF hack attempts failed largely because banks have increased their defenses, improving methods for sharing information about threats and investing in new technology that helps them detect and mitigate DDoS (distributed denial-of-service) attacks that the QCF is known for carrying out frequently.[6]

The following report reviews the details of the U.S. banks hacked by the QCF; some of the group's main hacking methods; details of interviews the QCF gave to media outlets explaining its activities; and the QCF's communiqués. An Appendix including the QCF's communiqués in full is available upon request.

U.S. Banks Hacked By The QCF

The QCF claims to have attacked Bank of America, the New York Stock Exchange, Capital One Financial Corp, SunTrust Banks Inc., BB&T, HSBC, JPMorgan Chase & CO, PNC Financial Services, U.S. Bancorp, Citigroup Citibank, Wells Fargo & Company, Ally Financial, Fifth Third Bancorp, Zions Bancorporation, Union Bank, Comerica, Citizens Bank, Umpqua Bank, People's United Bank, University Federal Credit Union, Patelco Credit Union, American Express, KeyCorp, Ameriprise Financial, Citizens Financial, BBVA Compass, UMB Financial Corporation, M&T Bank, Bank of the West, Regions Financial Corp, Euronext, and Synovus Financial Corporation.

QCF Hacking Methods

The method used in the hacking attacks that the QCF claims to have carried out on U.S. banks was most often the common DDoS, often described as a "cyber traffic jam." The New York Times describes how the QCF uses the method: "In a denial of service attack, hackers bombard a site with traffic until it collapses under the load.... Typically such attacks are deployed through a Web application, in which hackers recruit volunteers to click on a link that sends signals from their computers to a victim's site, or through botnets, networks of infected computers and devices that do hackers' work for them."[7]

Reporting on one round of attacks on banks in January 2013 for which the QCF claimed responsibility, The New York Times said that these attacks involved data centers located around the world that had been infected with sophisticated malware designed to evade antivirus detection.[8] It was reported in October 2012, following another series of attacks claimed by the QCF on banks, that the group had "compromised at least 3,000 Web servers – forming their own 'botnet' that floods the sites with requests"; the report added that there was no evidence that any customer information had been compromised.[9]

In an October 2012 report, Bloomberg News described attacks claimed by the QCF as involving a unique use of encrypted data to bypass the bank's firewall, adding that they revealed that "some of the nation's most advanced computer defenses are vulnerable to cyber attacks even if the targets know they're coming."[10]

QCF Responds To Secretary Of Defense Panetta's Accusations

On October 11, 2012, a month after the QCF carried out its first hacking attack, then-Secretary of Defense Leon Panetta spoke to business executives in New York about the recent cyber attacks on banks that the QCF claimed to have carried out. While not linking the Iranian government to the attacks, he stated that Iran had "undertaken a concerted effort to use cyberspace to its advantage."[11] The group issued a response on October 16, addressing Panetta and stating: "Instead of concerning and spending several billions that won't be good for you, tell your henchmen on YouTube to run remove command on their computers otherwise try to solve the following equation while your banks are howling under pressure from the attacks."[12]

Timeline Of Attacks QCF Claims To Have Carried Out, As Posted In Pastebin

September 18, 2012: First declared attacks by QCF on Bank of America and New York Stock Exchange

September 19, 2012: Operation Ababil, Attacking Chase.com

October 9, 2012: Operation Ababil, the Fourth Week, Attacks on Capital One, SunTrust, and Regions Financial Corp

October 16, 2012: Operation Ababil, the Fifth Week, Attacks Continue on US Banks

October 23, 2012: Operation Ababil, The Sixth Week, Attacks on Capital One, BB&T, and HSBC

December 10, 2012: Operation Ababil, Phase Two, Attacking U.S. Bancorp, JPMorgan Chase&co, Bank of America, PNC Financial Services Group, SunTrust Banks, Inc.

Details of Interviews:

December 10, 2012: Interview with Undisclosed Reporter from American Banker:

December 10, 2012: New Interview with Rym Momtaz from ABC

December 10, 2012: New Interview with Eduard Kovacs from Softpedia

December 18, 2012: Operation Ababil Phase Two, Week Two

December 25, 2012: Operation Ababil, Phase 2, Week 3

January 1, 2013: Operation Ababil, Phase Two, Week Four

January 15, 2013: Operation Ababil, Phase Two, Week Six

January 22, 2013: Operation Ababil, Phase Two, Week Seven

January 29, 2013: Operation Ababil Suspended Due to Removal of Insulting Movie

February19, 2013: Operation Ababil, Serious Warning

February 26, 2013: Operation Ababil, Al Qassam Ultimatum

March 5, 2013: Operation Ababil, Phase Three

March 12, 2013: Operation Ababil, Phase 3, Week Two

March 19, 2013: Operation Ababil, Phase 3, Week Three

March 26, 2013: Operation Ababil, Phase 3, Week Four

April 2, 2013: Operation Ababil, Phase 3, Week Five

April 9, 2013: Operation Ababil, Phase 3, Week Six

April 16, 2013: Operation Ababil, Phase 3, Week Seven

April 23, 2013: Operation Ababil, Phase 3, Week Eight

April 30, 2013: Operation Ababil, Phase 3, Week Nine

May 6, 2013: Operation Ababil pauses this week, May 7th-9th

July 23, 2013: Operation Ababil, Phase 4

A Review Of The QCF Communiqués

The following are excerpts from each communiqué, in the original (poor) English. They include explanations by the QCF on the reasons it attacks, and excerpts of interviews it gave to media. Each communiqué states the specific banks that the group plans to attack. Some notable text in the communiqués includes: statements that the Zionists were behind 9/11; calls for volunteers and provision of contact email addresses; statements that its main enemy are the "U.S. and Zionist web bases," and calls for capitalism to be attacked via the Internet. Many of the group's responses to questions in the media interviews were vague, especially regarding questions related to its possible ties to other governments or groups, including Hamas and Hizbullah, and its refusal to answer when asked where it is based and who its leaders are, in addition to its claims that it is not collaborating with Anonymous.

September 18, 2012: Attacks on Bank of America and New York Stock Exchange

The communiqué called on all Muslims to join cyber jihad and announced it would attack Bank of America and the New York Stock Exchange "for the first step." It read: "All the Muslim youths who are active in the Cyber world will attack to American and Zionist Web bases as much as needed such that they say that they are sorry about that insult. We, Cyber fighters of Izz ad-din Al qassam will attack the Bank of America and New York Stock Exchange for the first step. These Targets are properties of American-Zionist Capitalists. This attack will be started today at 2 pm. GMT. This attack will continue till the Erasing of that nasy movie. Beware this attack can vary in type."[13]

September 19, 2012: Operation Ababil: Attacking Chase.com

The communiqué announced Operation Ababil and details, claiming it attacked the website of chase.com. It reads, "[T]he second step we attacked the largest bank of the united states, the 'chase' bank. These series of attacks will continue untill the Erasing of that nasty movie from the Internet. The site www.chase.com is down and also Online banking at 'chaseonline.chase.com' is being decided to be Offline."[14]

October 8, 2012: Operation Ababil, the Fourth Week: Attacks on Capital One, SunTrust, and Regions Financial Corp

This communiqué stated what its goals were for the week, and explained why it chose to target financial institutions, saying: "Money is all your respect: Money is all your holiness. Money is all your value. Money is all of your glory. Money is all your humanity. Money is all of your life. Money is all of your honor. Money is all your existence. Money is everything for you. For this reason, attack to your financial centers will be continued. Therefore the timetable for October's second week attack program is announced as comes:

"Tuesday 10/9/2012: attack to Capital One Financial Corp site, capitalone.com

"Wednesday 10/10/2012: attack to SunTrust Banks, Inc, suntrust.com

"Thursday 10/11/2012: attack to Regions Financial Corp site, regions.com

"Weekends: planning for the next week' attacks.

"It is necessary to mention that the Izz ad-Din al-Qassam group has no relation with recent Trojan-based attacks which aims the people's electronic money transfers. Our activities are only against the insulting movie mentioned above. We shall attack for 8 hours daily, starting at 2 PM GMT, every day. Do you want attacks to be stopped? Stop the insults and eliminate their traces!"[15]

October 16, 2012: Operation Ababil, the Fifth Week: Attacks On U.S. Banks Continue

This communiqué was addressed to a statement made by then-CIA director Leon Panetta, and detailed its upcoming plans: "With a little searching, we still found the anti-Islamic offensive film on the Internet. Thus the chain of cyber attacks on U.S. banks will continue this week. These attacks will be done since Tuesday, 16 October until Thursday, 18 October 2012 in midday hours. Also we have a suggestion for Mr. Panetta; Instead of concerning and spending several billions that won't be good for you, tell your henchmen on YouTube to run remove command on their computers otherwise try to solve the following equation while your banks are howling under pressure from the attacks."[16]

October 23, 2012: Operation Ababil, the Sixth Week: Attacks on Capital One, BB&T, and HSBC

In this communiqué, QCF took credit for the previous week's attacks on Capital One, BB&T and HSBC. It also continued its criticism of Panetta's remarks on cyber security: "Mr. Panetta has noted in his remarks to the potential cyber threats such as attacking on Power & Water Infrastructures, running off trains from the tracks & etc. On our opinion, these Panetta's remarks are for distracting the public opinion &in support of the owners of the bank`s capital. He is going to put the existing pressure toward the people. This is capitalism`s usual trick. That they put too many people under pressure and exploitation for benefits of just a few people. It is likely that even Zionists cause damages to US power, water and aviation facilities and then claim that Izz ad-Din al-Qassam Cyber Fighters Group has done it. They had done such action already on 9/11 story. Due to approaching Eid al-Adha and to commemorate this breezy and blessing day, we will stop our attack operations during the next days. Instead, we are going to have an interview with one of the American media and press about our ideas and positions. Every press volunteer to interview us, send its full specifications and offers to us throughout (alqassamcyberfighter@myway.com)."[17]

December 10, 2012: Operation Ababil, Phase Two: Attacking U.S. Bancorp, JPMorgan, Chase&co, Bank of America, PNC Financial Services Group, SunTrust Banks, Inc

QCF announced Phase Two of Operation Ababil, and discussed ongoing and future attack plans: "From the last message we have published regarding to interrupting attacks to American banks due to Eid al-Adha there have happened so many events. Sandy storm, Presidential Election in the United States…During this period, we have carried out also some conversations with American reporters and media which some of them published it completely and others revealed it as summery…Now, we acclaim that the second phase of the Ababil operation is in ahead and from this week according to the announced plan, will be performed. In new phase, the wideness and the number of attacks will increase explicitly; and offenders and subsequently. Continually, the goals under attacks of this week are including: U.S. Bancorp, JPMorgan Chase&co, Bank of America, PNC Financial Fervices Group, SunTrust Banks, Inc."[18]

December 10, 2012: First Interview with Reporter from American Banker

On December 10, 2012, a QCF spokesman gave an interview to an unidentified reporter from American Banker, discussing the group's establishment, its relationships with other hacking organizations, and its future plans. The following are excerpts, which were posted on its Pastebin page.

"Q: Do you realize that in America, the U.S. Bill of Rights protects freedom of speech, and that anyone can post anything on YouTube without interference from the government?

"A: Google removed 640 videos from YouTube in the second half of last year amid fears they promoted terrorism

"A: Google terminated four YouTube accounts responsible for videos that allegedly contained threatening and harassing content after complaints by different US law enforcement agencies. See also Google biannual transparency report about content removal requests per country at http://www.google.com/transparencyreport/removals/government/countries/.

"Q: Did your group also target the Tel Aviv stock Exchange and El Al Airlines in January?

"A: No. This group is established from many volunteers among hackers which share the beliefs about insulting video. No individual in the group has spoken about his probable activities in the past, or in the future which is not related to our operation, and if we ask each other about that, there will be no answer.

"Q: Where are you based?

"A: The Internet and its wide possibilities is our base.

"Q: Who is your leader?

"A: There is no special leader. In fact collective decision making leads us to move.

"Q: Do you have a government sponsor?

"A: No government or organization is sponsoring us and we do not wait for any sponsor as well.

"Q: Do you plan to continue to execute denial of service attacks, or do you have other types of attacks planned?

"A: It depends. If the movie is removed, the attacks will be stopped. Till now majority of our group members do not accept the suggestion for stopping attacks.

"Q: What banks do you plan to attack?

"A: We inform our targets and next steps in our letters posted in the url address http://pastebin.com/u/QassamCyberFighters (in a hope pastebin do not ban us based on an order from US Gov.! ); or other ways if needed.

"Q: What types of malware are you using to generate your attacks?

"A: This question is only answered to those who join us, and you're welcome!

"Q: Are you doing all the programming work yourselves, or are you subcontracting to other parties? If the latter, then to whom are you subcontracting?

"A: This operation is a group work for protesting against the insult which has been happened."[19]

December 10, 2012: Interview with Rym Momtaz from ABC

On December 10, 2012, QCF gave an interview to ABC's Rym Momtaz; in it the group was asked about support from the Iranian government, Hizbullah, and Hamas.

The following are excerpts:

"Q: How can we authenticate what you tell us?

"A: We are not publicly telling anything specific to need to be authenticated (except these questions and answers, which we are signing using our OpenPGP key).

We just tell them (i.e., US Gov.) you remove the film and we stop our Op, and this can be tested easily in act.

"Q: Where did you get the attack code?

"A: "attack code" is not a very clear phrase, but yes, we are cyber citizens, and we know computer programming. We program our needs partially and use work of other programmers in the software world when we need it.

"Q: Were you involved in the attack on Aramco?

A: No. This group is established from many volunteers among hackers which share the beliefs about insulting video. No member in the group has spoken about his probable activities in the past, or in the future, not related to our operation. If we ask each other about that, there will be no answer.

"Q: Do you receive any support from Iran?

"A: No government or organization is supporting us and we do not wait for any support as well.

"Q: Do you receive support from Hezbollah, Hamas or the IRGC?

"A: Do you think the massive protests in the world are done with support? The same manner millions of Muslims in the world protested, hackers also are part of this protest.

"Q: Why have you chosen to speak to the media?

"A: That is because of the widespread lie and sophistry atmosphere, and to discuss truly about the reasons of our operation."[20]

December 10, 2012: Interview with Eduard Kovacs from Softpedia

On December 10, 2012, the QCF gave an interview to Eduard Kovacs from Softpedia, In it, the group was asked how many people belong to its group and why it targets certain banks.

"Q: As you clearly know, US officials are insisting that Mr. Izz ad-Din al-Qassam Cyber Fighters are actually a cover-up for a cyberattack sponsored by Iran. Is Iran of any other state really sponsoring you?

"A: U.S. prefers to merge the insult issue with this case to decrease the insulting burden and change it to a confrontation with its competitors. No country supports us.

"Q: Please share some things about the team's members? How many are you? What countries are you from? Are you veteran hackers?

"A: The number of Al-Qassam's members is not fixed. It has changed since the beginning of the work. The outputs of our works show our skills.

"Q: Have you united your forces just for this particular operation, or have you worked together on previous occasions as well?

"A: The group is firstly established from volunteer hackers which share the beliefs about insulting video and to protest against it.

"Q: Anonymous hackers from Fawkes Security claim that they were the ones to take down the websites of HSBC two weeks ago. You have also taken credit for the attack. Do you have any connection to Fawkes Security or are they taking credit for your work?

"A: Our group doesn't have any connection to Fawkes Security. Our attack's simultaneity with their operation has been completely by chance. Meanwhile, according to our and their works, the existing difference will be obvious to you.

"Q: If you are the ones who attacked HSBC, did you attack all their websites (including Canada, France and UK) or did you focus just on the one from the US?

"A: We chose it as an American bank. We focused on their U.S. website but it had also affected other sites in some degrees.

"Q: On the week in which you attacked Capital One, BT&T and HSBC, the website of Ally Financial also experienced some problems. Did you have any involvement in the attack?

"A: We did not attack Ally institute. Our attacked targets previously have been announced in the corresponding statements.

"Q: In September, a hacker known as The Jester claimed that you have some involvement with Anonymous and that you're using a DDOS service known as Multiboot.me in your attacks. Are his claims true? If you're not using Multiboot.me, then what are you using? Do you have a botnet?

"A: Our group has not had cooperation with Anonymous yet. We are not reliant on any specific utility for our operations, and we particularly didn't use multiboot.me in our attacks."[21]

December 18, 2012: Operation Ababil, Phase Two, Week Two

In this communiqué, the QCF discussed its sympathy for the Sandy Hook tragedy; it also announced that five major U.S. banks would be attacked.

The following are excerpts:

"Originally, we sympathize deeply with families of the schoolchildren victimized by the horrible happening of Sandy Hook Elementary school. It's very clear that a system which its rulers and capitalists are the owners of weaponry big companies never care about occurrence of these events. The attacks of this week will be as wide as previous week. The 5 major US banks will be attacked and we subsequently suggest that from now on they prepare their context of sorrowfulness to the customers of banks because of inaccessibility."[22]

December 25, 2012: Operation Ababil, Phase Two, Week Three

The QCF suggested that the U.S. government and the banks should seek a logical and easy solution.

The following are excerpts:

"By understanding the caused problems for ordinary customers, we frequently do apologize for the disruptions in their financial transactions. We suggest that U.S. government and the banks should seek a logical and easy solution instead of spending big to deal with these attacks. This week also widespread attacks will be carried out on U.S. Banks like previous weeks. You want attacks to be stopped? Banks to breath freely? Christmas to enjoy? REMOVE THAT VIDEO FROM YOUTUBE!"[23]

January 1, 2013: Operation Ababil, Phase Two, Week Four

In this communiqué, the QCF stated that it did not wish banks' financial transactions to be disrupted but that no U.S. bank would be safe from its attacks.

The following are excerpts:

"We congratulate christian new year to all the people. We hope American leaders would not insult religious beliefs and values of different nations of the world in new year. We, like most people in the United States, are banks' customers and we do not desire to disrupt the banks' financial transactions. But the American profiteer rulers' insistence and persistence in disregarding this reasonable demand of all Muslims of the world and not taking an action to remove this offensive film. In the second phase, during the past few weeks, we have been attacked following banks: 'J.P.Morgan Chase & Co, Bank of America Corp, Citigroup Citibank, Wells Fargo & Company, U.S. Bancorp, PNC Financial Services Group, BB&T Corporation, Suntrust Banks, Regions Financial Corporation. Rulers and officials of American banks must expect our massive attacks! From now on, none of the U.S. banks will be safe from our attacks.'"[24]

January 15, 2013: Operation Ababil, Phase Two, Week Six

In this communiqué, the QCF discussed the 10 banks and financial services that it was targeting.

The following are excerpts:

"During last two weeks the below list of 10 banks and financial services were being chosen as target: Citigroup Inc., Wells Fargo, HSBC North America, PNC, Capital One, Ally Financial, BB&T, Suntrust, Fifth Third Bancorp, and Zions Bancorporation."[25]

January 22, 2013: Operation Ababil, Phase Two, Week Seven

In this communiqué, the QCF discussed the targeting of three more banks and financial services.

The following are excerpts:

"During last week the below list of 3 banks and/or financial services were being chosen as target: PNC, Fifth Third Bancorp, and J.M.Chase"[26]

January 29, 2013: Operation Ababil Suspended Due to Removal of Insulting Movie

The QCF explains that it has suspended operations because the "main copy" of the "insulting movie" on YouTube, "Innocence of Muslims," had been removed.

The following are excerpts:

"Well, after a while a little bit of rationalism was seen and the main copy of the insulting movie was removed from YouTube. In fact in the following five-fold list that was mentioned in the al-Qassam group's statements. This is a clear indication of progress and establishment of logic instead of obstinacy. This positive move is a humanitarian effort and in line with paying respect to divine religions which has made billions of people love them; and it's a becoming and proper action. All of us -al-Qassam group, U.S. government, and even YouTube and Google's managers- carrying on such a wise action have contributed to this victory and progress. The al-Qassam cyber fighters lauds this positive measure of YouTube and on this basis suspends his operation and plans to give a time to Google and U.S. government to remove the other copies of film as well. During the suspension of Operation Ababil, no attack to U.S. banks would take place by al-Qassam cyber fighters. Surely it's not over yet and although the main link is removed from YouTube, but there are other copies."[27]

February 19, 2013: "Operation Ababil, Serious Warning"

In this communiqué, the QCF warns that it will continue its attacks.

The following are excerpts:

"We had warned formerly in the event that the offensive films wouldn't remove, we will be forced to resume Operation Ababil. It's reminded that according to the formula that has been confirmed, a bill has been issued indicating that the U.S.A. is still deeply in debt because of the offense. Not removing the film from the Internet is an indication that the U.S.A. has accepted the responsibility for paying the compensation."[28]

February 26, 2013: "Operation Ababil, ALQASSAM ULTIMATUM"

In this communiqué, the QCF gives a "final ultimatum."

The following are excerpts:

"This is the last al-qassam's ultimatum to U.S. government, and, we announce that if the insulting films are not removed in the following days the Operation Ababil will be started again next week, March 5, 2013. On this basis and to warn and to show our seriousness for this, an attack string was carried out against some U.S. banks on Monday February 25, 2013 such as Bank of America, PNC, CapitalOne, Zions bank, 5/3, Unionbank, Comerica, Citizenbank, Peoples, UFCU, Patelco, and others."[29]

March 5, 2013: Operation Ababil, Phase Three

In this communiqué, the QCF announces that it is suspending its operations for one month.

The following are excerpts:

"While running the phase 2 of Operation, a main copy of the insulting film was removed from YouTube and that caused the phase 2 to be suspended. al-Qassam cyber fighters measured this act positively and a bit sign of rationalism in the U.S. government and for this reason suspended the operation for one month."[30]

March 12, 2013: Operation Ababil, Phase Three, Week Two

In this communiqué, the QCF issued another warning:

"We have already stated that "removal of the offensive video, INNOCENCE OF MUSLIMS, from YouTube is the simplest solution to stop the cyber-attacks. During last week the below list of banks and/or financial services were being chosen as target: PNC, Fifth Third Bancorp, J.M.Chase, U.S.Bank, UnionBank, Bank of America, Citibank, BB&T and Capital One. Based on the formula which is approved for paying, the United States must still pay because of the insult."[31]

March 19, 2013: Operation Ababil, Week Two, Phase Three

In this communiqué, the QCF discusses future targets:

"During last week the below list of banks and/or financial services were being chosen as target: J.M.Chase, BB&T, PNC, UnionBank, Capitalone and a few others."[32]

March 26, 2013: Operation Ababil, Phase Three, Week Four

In this communiqué, the QCF also discusses future targets:

"During last week the below list of banks and/or financial services were being chosen as target: BB&T, PNC, Chase, citibank, U.S. Bancorp, Suntrust, Fifth Third Bancor, Wells Fargo, and some others."[33]

April 2, 2013: Operation Ababil, Phase Three, Week Five

The QCF again discusses future targets:

"During last week the below list of banks and/or financial services were being chosen as target: American Express, Citizens Financial, Ameriprise Financial, KeyCorp, BB&T and Bank of America."[34]

April 9, 2013: Operation Ababil, Phase Three, Week Six

The QCF discusses its next targets:

"During last week the below list of banks and/or financial services were being chosen as target: Regions, BB&T, Wellsfargo, American Express, KeyCorp, and Suntrust."[35]

April 16, 2013: Operation Ababil, Phase Three, Week Seven

Here too the QCF discusses its next targets:

"During last week the below list of banks and/or financial services were being chosen as target: Regions, American Express, KeyCorp, Ameriprise, and US.HSBC"[36]

April 23, 2013: Operation Ababil, Phase Three, Week Eight

Also on April 23, the QCF discussed its next targets:

"During last week the below list of banks and/or financial services were being chosen as target: Regions, M&T Bank, Unionbank, Principal Financial, Ameriprise, State Street, Citizens Financial, Wells Fargo and a few others"[37]

April 30, 2013: Operation Ababil, Phase 3, Week Nine

And again:

"During last week the below list of banks and/or financial services were being chosen as target: Capital One, BB&T, Regions, Charles Schwab, Principal Financial, State Street, BancWest corp."[38]

May 6, 2013: Operation Ababil Pauses This Week, May 7-9

In this communiqué, the QCF stated the aim of its DDoS attacks on U.S. banks.

The following are excerpts:

"As was specified in the previous statements, Al-Qassam Cyber Fighters's purpose of DDoS attacks to American banks is to convey the voice of objection of Muslims towards religious and Islamic sacrilege, to the politicians, statesmen and people of America and the world. Our will is to remove the links which entails illegitimate attributions to prophet of Islam(pbuh) from the Internet. Whilst respecting nations, we ask all to preserve the limits of religious sanctities and divine religions. Due to the simultaneity of OpUSA with Operation Ababil, and to abstain from ambiguity in the intentions of our operation, this week we will not run any attack and so Operation Ababil will be paused during May 7-9th.

"Mrt. Izz ad-Din al-Qassam Cyber Fighters"[39]

July 23, 2013: Operation Ababil

The QCF states that the hiatus is over.

The following are excerpts: "Well, misters! The break's over and it's now time to pay off. After a chance given to banks to rest awhile, now the Cyber Fighters of Izz ad-Din al-Qassam will once again take hold of their destiny. As we have said earlier, the Operation Ababil is performed because of widespread and organized offends to Islamic spirituals and holy issues, especially the great prophet of Islam(PBUH) and if the offended film is eliminated from the Internet, the related attacks also will be stopped. while the films exist, no one should expect this operation be fully stopped.

planing the new phase will be a bit different and you'll feel this in the coming days.

"Mrt. Izz ad-Din al-Qassam Cyber Fighters"[40]

*Steven Stalinsky is Executive Director of MEMRI; R. Sosnow is Head Editor at MEMRI; B. Shemaria is a Research Intern at MEMRI.


Endnotes:

[1] Globalpost.com, March 7, 2013.

[2] Ddanchev.blogspot.com/2012/09/dissecting-operation-ababil-osint.html, September 28, 2012.

[3] The New York Times, September 30, 2012.

[4] The New York Times, March 28, 2013.

[5] Americanbanker.com, July 29, 2013.

[6] Amricanbanker.com, August 2, 2013.

[7] The New York Times, January 4, 2013.

[8] The New York Times, January 4, 2013.

[9] Foxbusiness.com, October 11, 2012.

[10] Businessweek.com, October 9, 2012.

[11]Businessweek.com, October 18, 2012.

[12] pastebin.com/Ys5SRp3T.

[13] pastebin.com/mCHia4W5.

[14] pastebin.com/izrLhERu.

[15] pastebin.com/AuczEb1D.

[16] pastebin.com/Ys5SRp3T.

[17] pastebin.com/QWXkfPhG.

[18] pastebin.com/E4f7fmB5.

[19] pastebin.com/E4f7fmB5.

[20] pastebin.com/E4f7fmB5.

[21] pastebin.com/E4f7fmB5.

[22] pastebin.com/0TLDQQQS.

[23] pastebin.com/v9pRqmQJ.

[24] pastebin.com/dwu47giH.

[25] pastebin.com/iz0cAGkB.

[26] pastebin.com/i2Htt3qk.

[27] pastebin.com/kUtqNaKi.

[28] pastebin.com/r4k1u8kQ.

[29] pastebin.com/EEWQhA0j.

[30] pastebin.com/kXSsVScS.

[31] pastebin.com/YVhsSdLN.

[32] pastebin.com/K98NaXWr.

[33] pastebin.com/sumX4X8E.

[34] pastebin.com/ahW1VLGp.

[35] pastebin.com/qEbqcT09.

[36] pastebin.com/vvGSAGCv.

[37] pastebin.com/C8u4jSTR.

[38] pastebin.com/8mzxpvnA.

[39] pastebin.com/vpP9KZ6P.

[40] pastebin.com/22WJ6m9U.

Share this Report: