Hackers May Have Had Help With Attacks on U.S. Banks, Researchers Say

The hackers claiming responsibility for cyberattacks on American banks over the past week must have had substantial help to disrupt and take down major banking sites, security researchers say.

Bank of America, JPMorgan Chase, Citigroup, U.S. Bancorp, Wells Fargo and PNC all experienced disruptions and delays on their banking sites over the past week because of denial of service or DDoS attacks, in which hackers clog a Web site with data requests until it slows or collapses under the load.

A hacker group, which calls itself the Izz ad-Din al-Qassam Cyber Fighters, took credit for the attacks in online posts. They enlisted volunteers for the attacks with messages on various sites. On one blog, they called on volunteers to visit two Web addresses that would cause their computers to instantly start flooding targets — including the New York Stock Exchange, Nasdaq and Bank of America — with hundreds of data requests each second. This week, hackers asked volunteers to attack banks according to a defined timetable: Wells Fargo on Tuesday, U.S. Bancorp on Wednesday and PNC on Thursday.

Representatives for Wells Fargo, U.S. Bank and PNC all confirmed Wednesday that their Web sites had experienced disruptions because of unexpected volumes of traffic. Both the New York Stock Exchange and Nasdaq saw a slowdown, but no serious disruption, on their Web sites.

Security researchers say the attack methods being peddled by hackers — the custom-built Web sites — were too basic to have generated the disruptions.

“The number of users you need to break those targets is very high,” said Jaime Blasco, a security researcher at AlienVault who has been investigating the attacks. “They must have had help from other sources.”

Those additional sources, Mr. Blasco said, would have to be a well-resourced group, like a nation state, or botnets — networks of infected zombie computers that do the bidding of cybercriminals. Botnets can be rented via black market schemes that are common in the Internet underground, or loaned out by cybercriminals or governments.

Last week, Senator Joseph I. Lieberman, chairman of the Senate Homeland Security Committee, said in an interview  that he believed the attacks on the banks were being sponsored by Iran’s government.

Mr. Blasco said security researchers had noticed an increase in the use of botnets out of Iran recently. But he said he had not been able to track the origin of the attack to Iran. Attacks can be routed through various I.P. addresses to mask their true origin, making attribution “nearly impossible,” Mr. Blasco said.

In the hackers’ post, they said their attacks were not sponsored by Iran, and said they “strongly reject the American officials’ insidious attempts to deceive public opinion.”

They said they conducted the attacks in retaliation for a video, made by amateur filmmakers in the United States, that mocks the Prophet Muhammad.

“Insult to the prophet is not acceptable, especially when it is the last prophet Muhammad,” the hackers said in their post.

They pledged to continue to attack American banking sites and targets in other countries, including France, Israel and the United Kingdom, until the video was pulled offline.